FBI Director Complains About Encryption, Offers To Sacrifice Public Safety In The Interest Of Public Safety
from the an-argument-divided-against-itself dept
FBI Director Christopher Wray offered testimony to the House Judiciary Committee at a hearing entitled "Oversight of Federal Bureau of Investigation." Not much in terms of oversight was discussed. Instead, Wray took time to ask for a reauthorization of Section 702 before using several paragraphs of his prepared comments to discuss the "going dark" problem.
It picks up where Wray left off in October: offering up meaningless statistics about device encryption. Through the first eleven months of the fiscal year, the FBI apparently had 6,900 locked phones in its possession. Wray claims this number represents "roughly half" of the devices in the FBI's possession. The number is meaningless, but it serves a purpose: to make it appear device encryption is resulting in thousands of unsolved crimes.
That number has been updated in Wray's latest comments [PDF]:
In fiscal year 2017, the FBI was unable to access the content of approximately 7800 mobile devices using appropriate and available technical tools, even though there was legal authority to do so. This figure represents slightly over half of all the mobile devices the FBI attempted to access in that timeframe.
This number will always grow. And it will always be meaningless. There's no context provided by the FBI, nor will there ever be. The FBI needs us to believe every locked cell phone contains evidence crucial to investigations and prosecutions. It needs us -- and our Congressional representatives -- to believe thousands of criminals are roaming the streets thanks to device encryption. But it should make people wonder how the FBI ever managed to complete investigations successfully before the advent of cell phones.
Wray goes on to make familiar complaints. Metadata isn't enough to generate evidence needed for convictions. (But Wray still believes every uncracked phone is loaded with just such evidence. Nothing provided by the FBI shows how many times accessing phones fails to produce prosecution-worthy evidence.) Hacking into phones isn't a solution that scales. (This is dubious as well. If hacking into phones can't scale, then the ongoing existence of companies like Cellebrite is a mystery. The solution must work often enough, across several models of phones, to justify the millions being spent by US law enforcement agencies.)
Finally, Wray again presents a intellectually dishonest equation.
Some observers have conceived of this challenge as a trade-off between privacy and security. In our view, the demanding requirements to obtain legal authority to access data—such as by applying to a court for a warrant or a wiretap—necessarily already account for both privacy and security.
"Some" observers may say this, but they're not the sort of observers worth observing. The real tradeoff is personal security versus government access. The FBI is willing to trade away citizens' personal security for easier access -- something only the FBI benefits from. (And as to how often access is truly a benefit, we're deliberately left in the dark. The FBI is unwilling to divulge how many accessed phones are dead ends and how many cases it closes despite the presence of a locked device.)
This willingness to make personal device use less safe for millions of phone owners is inserted directly into heartwarming statements about public safety. According to Wray, the existence of devices the FBI can't access is a public safety issue. This is said despite no evidence being provided there's been a correlating rise in criminal activity. We continue to live in an era of unprecedented safety -- even with the threat of worldwide terrorists organizations being supposedly omnipresent. The spikes in homicide rates experienced in a few cities do not indicate a new era of lawlessness being ushered in, led by criminals emboldened by device encryption.
If Wray gets his way, the public will be less safe. Encryption will either be backdoored or no longer an option. For years law enforcement asked cell phone providers to give their users more protection against device thieves. Encryption prevents thieves from doing much more than stealing a phone. They can't harvest personal info or directly access sensitive services accessible from a stolen phone. Now that companies are offering this, the FBI is complaining about its lack of access.
The numerous leaks of hacking tools from the CIA and NSA show the government can't be trusted with encryption backdoors. If the FBI truly values public safety, it would drop the anti-encryption arguments and continue working with companies to make cell phone use safer. Instead, it takes its misguided complaints directly to Congress, dropping hints that it would like a legislative "solution" -- mandated backdoors or an encryption ban -- rather than the tools it already has.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, christopher wray, encryption, fbi, going dark
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Decrypt unto Caesar what is his (but don't use his cipher; despite his claims, not everything is his).
[ link to this | view in chronology ]
What if WWII London had used such 'logic?'
[ link to this | view in chronology ]
Dishonest comparisons
When clamoring about the number of crimes that could additionally be solved given weakened encryption, law enforcement conveniently forgets to mention the number of crimes that could additionally be committed given weakened encryption.
And that's quite relevant even without looking at crimes committed by law enforcement (for which laws and the constitution, its own convictions notwithstanding, are not optional).
[ link to this | view in chronology ]
Re: Dishonest comparisons
LOL - like any crimes have been solved due to the ridiculous number of cameras everywhere, why would enc back doors be any different ... these people are blowing smoke
[ link to this | view in chronology ]
Re: Re: Dishonest comparisons
The problem is the price and the non-existent evidence of it's effectiveness. Oh and the potential for and history of abuse.
[ link to this | view in chronology ]
fantasy conversation
"Can you tell us more about this legal authority?
"Uh... no."
"Were these devices in your custody?"
"I'd... rather not say."
"Was encrypted data on all of these devices?"
"I cannot comment on that."
"Did you, in fact, gain access to any of these devices?"
"I cannot comment."
"You do understand that strong encryption cannot be broken after the fact, right? It must be broken before it's installed."
"I'm not sure that we-- I think we should not jump to--"
"Let's say that some of these devices are in your possession and are encrypted in such a way that you cannot read them, can we suppose that?"
"Yes, we can suppose that, that is a--"
"Then why are you holding onto them?"
"That's all the time we have."
[ link to this | view in chronology ]
Re: fantasy conversation
They seem to be imagining James Bond scenarios where they need to crack a phone in order to stop a bomb from going off in the next five minutes.
[ link to this | view in chronology ]
Re: Re: fantasy conversation
Not surprising. A lot of people defended torture not so long ago by apparently confusing reality with an episode of 24, so why not Bond as well?
[ link to this | view in chronology ]
Re: Re: Re: fantasy conversation
[ link to this | view in chronology ]
Re: Re: Re: Re: fantasy conversation
Snuff film? Not really, but when politicians are literally using its plotlines as justification for real-life torture, and don't seem to understand that it's highly unrealistic fiction? That is very concerning.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: fantasy conversation
No more Jedi, then a new one comes around. The Empire builds a big ass weapon and the alliance blow it up.
Isn't that the plot line for about 4 of the movies?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: fantasy conversation
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: fantasy conversation
I guess snuff does not include torture, same idea though.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: fantasy conversation
I think the second nuclear bomb explosion was a shark jumping moment.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: fantasy conversation
They are, like, really bad for the neighborhood.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: fantasy conversation
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: fantasy conversation
[ link to this | view in chronology ]
If the police can bust into my phone through a back door, then so can anyone else. The Fourth Amendment is not just a bunch of words.
[ link to this | view in chronology ]
Re:
Until it becomes illegal to talk in code, I can't see how they will ever prevent encryption - just make it harder to obtain by the people who will be more at risk.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
They can't. They can make it more difficult for non-criminals to use effective encryption, and they can make it impossible for people to offer legal off-the-shelf solutions. Encryption itself will be alive and well.
Hence, the concerns about the skewed effects on the general population. You can't force a dedicated terrorist to use a government-approved encryption system, but you can certainly introduce a way for criminals to be able to access everybody else's sensitive data more easily.
[ link to this | view in chronology ]
Re: Re:
Although device encryption can be weakened by their manufacturers, 3rd party encryption can always be added on top of it.
Simply adding a strong password on an application to encrypt it's data is enough to foil these ham-fisted attempts to peer into general public's private data.
The question here is that most people is unaware and as long as they have their iPhones, Alexas and Starbucks they don't actually give two flying flocks about it.
And governments all over the world are taking advantage.
Personally, I don't mind that the government look into my porn folders nor anything else, I do tend to overshare my life nonetheless. But for key individuals, like company CEOs, engineers etc, it may open a hole for Government Sponsored corporate espionage.
We've all heard this before, about systems like Prims and Echelon being used to steal proprietary information from EU companies and feed them to US companies.
Anyway, if you want unrestricted access, if we are nothing more than sheep, at least tell us so, and don't hide behind excuses as "Public Safety" or "Crime Fighting".
[ link to this | view in chronology ]
Re: Re: Re:
One does not need to write an algorithm inb order to encrypt something. In addition, writing the code is not as easy as one may think - just look at all the bugs and associated exploits.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
We see them being non-responsive here, they stonewall or just plain refuse to give congress information (who has oversight.)
There are reports of the FBI having an internal culture of sexual harassment and actually use information of agents having affairs as blackmail.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
one order of the usual please.
"Public Safety" has always been the altar where liberty is sacrificed.
[ link to this | view in chronology ]
Re: one order of the usual please.
Certainly not the general public.
[ link to this | view in chronology ]
1984
"It's just like 1984, well,
Even the late Georgey Orwell
Would surely think he was hearing a fiction
If you tried to describe how far this shit's gone
Would presume you were taking the piss
Being happy with technology like this
Where you can sit n watch Jimmy on the Big Fat Quiz
Whilst peering into the letterbox of that swanky flat of his."
[ link to this | view in chronology ]
You go first, Mr. Wray
If they are confident that this can be done, then there is nothing stopping them from leading the way and showing everyone else how safe it can be.
I wonder what the Vegas odds would be if the FBI or any part of the U.S. government did exactly that. I just guessing that the odds would be infinity:1.
[ link to this | view in chronology ]
Re: You go first, Mr. Wray
[ link to this | view in chronology ]
Shhh. The adults are having a conversation about security.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Not hardly
The FBI is willing to trade away citizens' personal security for easier access -- something only the FBI benefits from.
Nonsense, far more than the FBI benefits from crippled encryption, think of all those hackers, identity thieves, stalkers, terrorists and various other criminals who would massively benefit from such an action.
Take them into account and the FBI is actually only a small slice of the total that would benefit from crippled security measures.
[ link to this | view in chronology ]
And they cant count the rest?? They are all sitting in piles with no TAGS..
https://www.kanda.com/blog/programming/copying-serial-eeproms/
This is a basic link, of tings WE DID YEARS AGO, and what should be able to be DONE NOW..
But I dont think our INTELLIGENCE AGENCY is very smart..
Get a Dummy phone, with a removable ram...COPY the original CHIP DATA(not the OS) AND DUMP it onto a CHIP and plug it in..
And even if it cant be read.. The OS programing has been on the net for years..and they could PAY someone to RE-DO/OVERWRITE/create another OS that would read any data ON THAT CHIP.. At least REMOVE the part that Encrypts the data..
An Encrypted chip, MUST have the DECRYPTION in the RAM..so that it can be changed/passworded..
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Unles syou want it hard coded and use an internal encryption, based on hardware serial numbers..Or you want a rotating one(which would kill your battery in a week, and 2/3 of the people would forget it..)
Finger encryption,, Dont make me laugh..Face ID...not really, unless you know a few tricks..KEY/FLASH CARD..maybe(but you need to remember to REMOVE IT)..
If you want a few more tricks I could give you a few you may not know..BIO-METRICS SUCK..because you CANT CHANGE YOURS..(can be augmented, IF you know how)
But they all must be stored in RAM..And it can be found..
[ link to this | view in chronology ]
Re: Re: Re:
"That's not how The Force works!" (But change The Force with Encryption".
You can encrypt data and keep the key off memory. That the purpose of both symmetric and assymetric encryption.
And you don't actually keep a copy of your Key in your locks at home, do you? That would basically render the "Lock" concept useless.
Basically if you encrypt data with a passphrase or pin, it will generate a hash based on that PIN and use that Hash as an encryption key. This using Symmetric encryption will allow you to use the same PIN or Passphrase to re-hash the key and decrypt the data.
So, no, you do not store the Key. Not in RAM, not in ROM, not in Disk, not in paper. That would defeat the whole purpose.
[ link to this | view in chronology ]
Re: Re: Re: Re:
tHE ENCRYPTION IS in THE LOCK..and can be bypassed very easily..in MOST cases..I can show you the videos..
But, without the hash, the system crashes,..,and there is no recovery.
the LOCK is the program..and you insert the KEY..and its decrypted AS NEEDED using only the key. There is no pattern except the KEY. Which requires no HASH.
BUT if you know HOW Algorithm WORKS, you can look for the Password in the DATA...unless someone SPREADS the KEY across the WHOLE of the DATA, its very easy to find..
Like the key to a LOCK, if you take the Tumblers and spread them ALL OVER THE HOUSE, you wont get the lock OPEN, its in parts..
ANd there is a difference in OPENING a door, and encryption.. Just using a password to OPEN the device/door is little or nothing..Encryption requires that the Key be used to READ the data..and this can Slow a machine down to a CRAWL. And does NOT tell you that OTHER encryption is NOT used for other programs..
A Keyt to open the door lets you in, but Even individual encryption on EACh protected file could cause ALLOT of havoc..
[ link to this | view in chronology ]
But it is enough to be worth killing people over (see various Snowden leaks regarding the NSA targeting drone strikes based on presence of particular phones at the site, rather than obtaining definitive evidence confirming that the intended target is present).
Alternately, if it isn't generating conviction-worthy evidence, why does the government have such a problem with increasing the barrier to obtaining metadata (see the extensive efforts to use Stringrays without accountability and proper informed authorization)? According to this, they aren't usefully using the metadata anyway, so they should surrender it freely.
[ link to this | view in chronology ]
Imagine If You Had A Constitutional Amendment Enshrining Your Right To Bear Encryption ...
“Encryption doesn’t kill people! People kill people!”
[ link to this | view in chronology ]
Legal authority!
Maybe if they keep repeating this phrase enough times it will make everyone forget that encryption is partly a response to all the illegal access carried out by law enforcement agencies.
[ link to this | view in chronology ]
Gesture of goodwill ...
You know, just to show that the new FBI accepts the constitution as paramount and respects the authority of the courts.
[ link to this | view in chronology ]
Re: "If hacking into phones can't scale, "
[ link to this | view in chronology ]
Creative numbers?
Nothing here mentions encryption. A phone that was lost or destroyed would count as being unable to access content. What - if any - creativity was employed in this number?
[ link to this | view in chronology ]
Nuts!
FBI Director Complains About Encryption, Offers To Sacrifice Public Safety In The Interest Of Public Safety
Isn't this special after FBI is finished destroying people's lives "playing" the 302 perjury trap game FBI director Christopher Wray would like to give his tax-feeders the ability to peruse every American's personal data at leisure by having the worthless fractions of American turd stains in congress legislate an end to data encryption.
There is only one reply to such an authoritarian power grab on behalf of the US government, quoting Brig. Gen. Anthony C. McAuliffe's reply to the Nazi's at the Battle of Bastogne 22Dec1944:
Nuts
Gen McAuliffe's reply in full:
"December 22, 1944
To the German Commander,
N U T S !
The American Commander"
Every American citizens reply to such an egregious/unconstitutional power grab by the US government and it's various pliably supine lickspittles should be as follows:
"December 11, 2017
To the US government,
N U T S !
The American Citizens"
https://www.army.mil/article/92856/the_story_of_the_nuts_reply
Nuts! In using our sons/daughters as poverty draft cannon fodder in your elective wars based wholly upon lies.
Nuts! In creating the total surveillance state.
Nuts! In hiding your many crimes behind bogus national security exemptions.
Nuts! In creating a fraudulent health insurance scheme (ie America Cares Act) that aptly named would be titled: No Health Insurer Left Behind.
Nuts! In stealing trillions of dollars in bailing out you banker buddy criminals.
Nuts! In allowing lobbyists and corporations to write their own legislation.
Nuts! In bankrupting an entire continent in you vain glorious quixotic quest for world domination.
Nuts! In your tax and deficit spend schemes.
Nuts! In completely abdicating your oaths of office.
Nuts! In allowing the use of torture.
Nuts! In allowing torturers and those that ordered torture to walk free and retire comfortably and collect pensions.
Nuts!
Cast off the repressive yoke of a criminal US government.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Metadata
It is, however, enough to kill according to Michael Hayden.
[ link to this | view in chronology ]