Why Did Congress Let Law Enforcement Officials Lie About Encryption?
from the you-can't-be-serious dept
When you testify before Congress, it helps to actually have some knowledge of what you're talking about. On Tuesday, the House Energy & Commerce Committee held the latest congressional hearing on the whole silly encryption fight, entitled Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives. And, indeed, they did have witnesses presenting "industry" and "law enforcement" views, but for unclear reasons decided to separate them. First up were three "law enforcement" panelists, who were free to say whatever the hell they wanted with no one pointing out that they were spewing pure bullshit. You can watch the whole thing below (while it says it's 4 hours, it doesn't actually start until about 45 minutes in):Right now Google and Apple act as the gatekeepers for most of those encrypted apps, meaning if the app is not available on the App Store for an iOS device, if the app is not available on Google Play for an Android device, a customer of the United States cannot install it. So while some of the encrypted apps, like Telegram, are based outside the United States, US companies act as gatekeepers as to whether those apps are accessible here in the United States to be used.This is just wrong. It's ignorant and clueless and for a law enforcement official -- let alone one who is apparently the "commander of the office of intelligence" -- to not know that this is wrong is just astounding. Yes, on Apple phones it's more difficult to get apps onto a phone, but it's not impossible. On Android, however, it's easy. There are tons of alternative app stores, and part of the promise of the Android ecosystem is that you're not locked into Google's own app store. And, really, is Cohen literally saying that Apple and Google should be told they cannot allow Telegram -- one of the most popular apps in the world -- in their app stores? Really?
Galati then agreed with him and piled on with more ignorance:
I agree with what the Captain said. Certain apps are not available on all devices. So if the companies that are outside the United States can't comply with same rules and regulations of the ones that are in the United States, then they shouldn't be available on the app stores. For example, you can't get every app on a Blackberry that you can on an Android or a Google.Leaving aside the fact he said "Android or a Google" (and just assuming he meant iPhone for one of those)... what?!? The reason you can't get every app on a BlackBerry that's on other devices has nothing to do with any of this at all. It's because the market for BlackBerry devices is tiny, so developers don't develop for the BlackBerry ecosystem (and, of course, some BlackBerries now use Android anyway, so...). That comment by Galati makes no sense at all. Using the fact that fewer developers develop for BlackBerry says nothing about blocking foreign encryption apps from Android or iOS ecosystems. It makes no sense.
Why are these people testifying before Congress when they don't appear to know what they're talking about?
Later in the hearing, when questioned by Rep. Paul Tonko about how other countries (especially authoritarian regimes) might view a US law demanding backdoors as an opportunity to demand the same levels of access, Cohen speculated ridiculously, wildly and falsely that he'd heard that Apple gave China its source code:
In preparing for the testimony, I saw several news stories that said that Apple provided the source code for iOS to China, as an example. I don't know whether those stories are true or not.Yeah, because they're not. He then goes on to say that Apple has never said under oath whether or not that's true -- except, just a little while later, on the second panel, Apple's General Counsel Bruce Sewell made it quite clear that they have never given China its source code. Either way, Cohen follows it up by saying that Apple won't give US law enforcement its source code, as if to imply that Apple is somehow more willing to help the Chinese government hack into phones than the US government. Again, this is just blatant false propaganda. And yet here is someone testifying before Congress and claiming that it might be true.
Thankfully, at the end of the hearing, Rep. Anna Eshoo -- who isn't even a member of the subcommittee holding the hearing (though she is a top member of the larger committee) joined in and quizzed Cohen about his bizarre claims:
Elsewhere in the hearing, Cohen also insists that a dual key solution would work. He says this with 100% confidence -- that if Apple and law enforcement had a shared key it would be "just like a safety deposit box." Of course, this is also just wrong. As has been shown for decades, when you set up a two key solution, you're introducing vulnerabilities into the system that almost certainly let in others as well.
And then, after that, Rep. Jerry McNerney raises the point -- highlighted by many others in the past -- that rather than "going dark," law enforcement is in the golden age of surveillance and investigation thanks to more and new information, including that provided by mobile phones (such as location data, metadata on contacts and more). Cohen, somewhat astoundingly, claims he can't think of any new information that's now available thanks to mobile phones:
Sir, I'm having problems thinking of an example of information that's available now that was not before. From my perspective, thinking through investigations that we previously had information for, when you combine the encryption issue along with shorter and shorter retention periods, in a service provider, meaning they're keeping their records, for both data and metadata, for a shorter period of time, available to legal process. I'm having difficulty finding an example of an avenue that was not available before.Huh?!? He can't think of things like location info from mobile phones? He can't think of things like metadata and data around unencrypted texts? He can't think of things like unencrypted and available information from apps? Then why is he on this panel? And the issue of data retention? Was he just told before the hearing to make a point to push for mandatory data retention and decided to throw in a nod to it here?
At least Galati, who went after him, was willing to admit that tech has provided a lot more information than in the past -- but then claimed that encryption was "eliminating those gains."
Cohen is really the clown at the show here. He also claims that Apple somehow decided to throw away its key and that it was "solving a problem that doesn't exist" in adding encryption:
The solution that we had in place previously, in which Apple did hold a key. And as Chief Galati mentioned, that was never compromised. So they could comply with a proper service of legal process. Essentially, what happened is that Apple solved a problem that does not exist.Again, this is astoundingly ignorant. The problem before was that there was no key. It wasn't that Apple had the key, it's that the data was readily available to anyone who had access to the phone. That put everyone's information at risk. It's why there was so much concern about stolen phones and why stolen phones were so valuable. For a law enforcement official to not realize that and not think it was a real problem is... astounding. And, again, raises the question of why this guy is testifying before Congress.
It also raises the question of why Congress put him on a panel with no experts around to correct his many, many errors. At the very least, towards the beginning of the second panel, Apple GC Sewell explained how Cohen was just flat out wrong on these points:
That's where I was going to conclude my comments. But I think I owe it to this committee to add one additional thought. And I want to be very clear on this: We have not provided source code to the Chinese government. We did not have a key 19 months ago that we threw away. We have not announced that we are going to apply passcode encryption to the next generation iCloud. I just want to be very clear on that because we heard three allegations. Those allegations have no merit.A few minutes later, he's asked directly about this and whether or not the Chinese had asked for the source code, and Sewell says that, yes, the Chinese have asked, and Apple has refused to give it to them:
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anna eshoo, app stores, charles cohen, encryption, going dark, house energy and commerce committee, thomas galati
Companies: apple, google
Reader Comments
Subscribe: RSS
View by: Time | Thread
Crystal clear actually
They had the two groups separated, with the people who actually knew what they were talking about going second so that the 'law enforcement' side could make up any claims they wanted with minimal ability for the tech side to point out how they were wrong.
It's one thing to be able to offer corrections on the spot, right after an incorrect statement has been made, much more difficult to remember all the wrong claims that were made and address them later on when it's your turn.
[ link to this | view in chronology ]
Re: Crystal clear actually
Their oversight was in having the bullshit go first. If they had done it the other way around, the industry people wouldn't have had any opportunity to correct the lies (errors?).
[ link to this | view in chronology ]
The Mentor wrote this, on January 8, 1986.
[ link to this | view in chronology ]
During our national conversation a simple solution proposed!
Outlaw all mobile phones other than Blackberry in the US.
Since Canada was/is able to access both (all two or three that were recently sent)"encrypted" messages sent on Blackberry devices, just mandate that the use of a non-Blackberry mobile device in the US or while communicating with a US person is now a capital crime.
When We outlaw the Sale, Importation, Transfer, and Possession of non-Blackberry mobile communication device in the US or by US persons world-wide, including the moon or anywhere else in Sol orbit the "encryption" problem will be solved, 'cause Canada will be able to access all of the messages, calls, texts, emails, photos (and we all know those are mostly 2AM dick-pics anyway), and forward them directly to the appropriate government agency, likely at least a trio of: NSA, FBI, & NYPD, we'll all be safer.
THINK OF THE CHILDREN!!!!
and save RIM/Blackberry & Canada
[ link to this | view in chronology ]
Re: During our national conversation a simple solution proposed!
Next, we need government mandated PCs.
Then government "smart TV" with built in cameras that watch into your home.
[ link to this | view in chronology ]
Re: Re: During our national conversation a simple solution proposed!
[ link to this | view in chronology ]
Re: Re: Re: During our national conversation a simple solution proposed!
[ link to this | view in chronology ]
Re: Re: Re: During our national conversation a simple solution proposed!
[ link to this | view in chronology ]
Re: Re: During our national conversation a simple solution proposed!
Odd that those smart TVs with cameras haven't solved any crimes...
[ link to this | view in chronology ]
Re: Re: During our national conversation a simple solution proposed!
FTFY :) The TVs will also have the ability to turn on by themselves to display content pushed by the Ministry of Truth.
[ link to this | view in chronology ]
Re: Re: Re: During our national conversation a simple solution proposed!
[ link to this | view in chronology ]
Re: Re: During our national conversation a simple solution proposed!
These pretty much already exist... unless you want to put your trust into the security of a "smart" TV.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
You know hoe you can tell this Cohen guy is an un-educated Douche-Nozzle?
Because it is a SAFE DEPOSIT BOX!
It is a little box, in a SAFE, a bank vault more specifically, that can be opened by a high school dropout, that has completed a correspondence course in "locksmithing" with a crappy battery powered drill motor, and a court order.
The only "safety" involved in the whole thing is the goggles the guy with the drill motor is hopefully wearing when he opens your box.
[ link to this | view in chronology ]
Re: You know hoe you can tell this Cohen guy is an un-educated Douche-Nozzle?
So this might be a good comparison if safety boxes were stored out in the street with no cameras or any of the other security features other than 2 keys.
[ link to this | view in chronology ]
Re: Re: You know hoe you can tell this Cohen guy is an un-educated Douche-Nozzle?
he/she/they insist on calling Safe Deposit Boxes, wait for it....
"safety boxes"
[ link to this | view in chronology ]
Re: Re: Re: You know hoe you can tell this Cohen guy is an un-educated Douche-Nozzle?
"safety boxes"
And yet you managed to understand what he was talking about. So maybe calm down about it and address what was actually said rather than attacking him over typos.
[ link to this | view in chronology ]
Law Enforcement Officials Lie About Encryption
[ link to this | view in chronology ]
It makes sense
They knew that they would be presented with a load of pure hogwash.
They separated the two groups to prevent the obvious embarrassment of the committee if the 'experts' were called out for their stupidity immediately.
Same old circus, just new clowns.
[ link to this | view in chronology ]
Re: It makes sense
[ link to this | view in chronology ]
A question that answers itself
The reason those people are testifying before Congress IS BECAUSE they don't know what they are talking about.
The answers Congress wants are already pre-determined by their intelligence agency masters.
[ link to this | view in chronology ]
Re: A question that answers itself
FTFY
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Disappointment
Overall, my immediate feeling afterwards was one of deep disappointment. Then, not too much later, I went to bed.
This morning, after sleeping on it, I wish I had something more profound to say. It really wasn't a great hearing. But so it goes, I guess… What do you really expect from a Congressional hearing?
One thing that stood out for me, was the question put to all the witnesses as to whether law enforcement and the tech industry had fallen into an adversarial relationship on this issue. Whether it had become an ‘us versus them’ situation. All of the witnesses, on both the law enforcement panel, and on the technology panel, answered that no, there wasn't an adversarial relationship. It was kind of a yes or no question, as put to them, and the basic answer was just “no” from everyone.
I think I personally would have answered that question differently. Cut down to just a yes or no type response, I think I probably would have answered “yes”.
Someone like Lavabit's Ladar Levinson probably would have answered that question with a “yes” as well, I think. Of course, he can indeed answer for himself. Maybe someone should actually ask him about whether he feels there's an adversarial relationship on the issue. Yes or no?
[ link to this | view in chronology ]
So much for free speech.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
So they're arguing for Chinese-style censorship now? Because that's what's going to be required.
[ link to this | view in chronology ]
Why Does Congress Let Law Enforcement Officials Lie?
[ link to this | view in chronology ]
Prep work
On the surface, that does sound kinda refreshing. It sounds like maybe a good thing.
Looking deeper, though, that perhaps indicates insufficient preparation for the hearing by the committee staff, the individual representatives' staff, and the representatives themselves.
Sometimes I wonder whether it's a good idea to have so many lawyers in Congress. Montesquieu's theory of democracy would hold that the attorneys' profession should only be as numerous in a representative parliament as in proportion to their numerousity in society-at-large. But Montesquieu, of course, was a Frenchman, and in the Anglo-American tradition, the profession of a lawyer is one of representation.
The reason lawyers so often in hearings ask witnesses questions where they already know the answer is 'cause the lawyers have done their homework ahead of time. They've started the process out with research, and interogatories, and depositions. By the time you get to the hearing, using up an audience's valuable time, you're supposed to already the answers to the questions you ask.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Corruption!!!
The people in power want to stay in power because they hate the American People and will do whatever they can to look good doing it, including breaking every law they want during the process.
This has been and will always be our fault. No one is talking about the corruption and never force the elected officials to deal with it.
Americans want this and until the landscape of politicians running for office changes nothing will change. And as long as you keep voting for your fucking ass parties the landscape will never change!
The parties must be broken before we can proceed. Right now the Republicans might be able to be broken but we need to break the Democrats too!
[ link to this | view in chronology ]
"This has been and will always be our fault."
And you cannot direct the public at large to behave a different way. They're going to be the same bigoted, lazy, tech-sophomoric sheeple that composes the population of every other nation.
We have to make that work for the people despite themselves.
Twelve score years ago, our constitutional framers put together the best set of rules they could think of at the time, but they presumed that people would keep educated as to their best interests and vote accordingly.
They do neither, and now the system is full of corrupted officials who've hacked their way into a lock in.
Blaming that on anyone isn't going to solve anything.
[ link to this | view in chronology ]
Congress, et al love them some stupids.
[ link to this | view in chronology ]
This is a bad sign...
NSA et al. had the entire planet's crypto defenses already defeated and in the bag.
Now that everyone and their mother is putting some counter measures in place, all of a sudden they go apeshit.
Now the Crypto Apocalypse is upon us, now they go the routes the always have gone:
Outlaw its use everywhere, lobby non-contained by US law players to do like-wise, demonize everyone who uses it nonetheless, and keep fear mongering (think of kidnapped children!). Rinse and repeat ad infinitum.
THIS IS NOT JUST BECAUSE THE ENCRYPTION DEBATE WENT MAINSTREAM THANKS TO SNOWDEN. THEIR FIGHT AGAINST THE WIDE SPREAD ADOPTION AND USE OF ENCRYPTION HAS 1% TO DO WITH THAT, AND 99% TO DO WITH THE FACT THAT THEY HAD THIS IN THE BAG, FULLY COMPROMISED. THAT'S WHAT ALL OF THIS REALLY SHOWS. At least for anyone that's been paying attention before, during and after Snowden.
Of course, were it not for him and what he did, none of this would be known with proof and facts, and no one could do a thing about it. But now we know, and we can do something about it. And we are. And we only will be doing more and more to fight back against government intrusion and reclaim our inalienable human right to Privacy.
[ link to this | view in chronology ]
Re: This is a bad sign...
The problem is, the NSA doesn't share all their toys with just anyone and everyone. Those that it doesn't share everything with are jealous, and want Big Daddy Gov't to do something about it.
[ link to this | view in chronology ]
I have to appologize on behalf of all Hoosiers...
again, I am VERY VERY sorry for our leader's remarks.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
no hyphen in coincidence
no hyphen in predetermined
countermeasures is one (compound) word
no hyphen in likewise
widespread is (almost always) one word
thickheaded is a compound word?! Thanks for that. Didn't know that one.
[ link to this | view in chronology ]
The answer is really pretty simple, because most of Congress is completely clueless to the issues(even more so than the person(s) testifying) and if they do happen to have some understanding most don't have the balls to actually call them out on the bullshit being presented to them. Also no one ever really gets in trouble for lying cough Clapper cough so the people testifying know they can get away with spewing complete bullshit and not get in trouble for it.
[ link to this | view in chronology ]
I tried... I really tried...
I was able to watch another twenty-five or so more minutes of it before I realized that it was time I was never going to get back. They're a pack / bunch / conflation etc. pack of lying dogs / taints / gooches / scrots / tards. I just couldn't watch anymore. That saying comes off as kinda true...
"Men go crazy in congregation."
It's like watching paint dry...
[ link to this | view in chronology ]
Congress can't tell anymore
I submit the answer is that they've spent so much time creating and listening to lies that they've long ago lost the ability to tell what's a lie and what isn't.
[ link to this | view in chronology ]