FBI Director Still Won't Say Which Encryption Experts Are Advising Him On His Bizarre Approach To Encryption
from the perhaps-there's-a-reason-he-won't-say... dept
For the past few months, we've talked about how FBI Director Chris Wray has more or less picked up where his predecessor, James Comey, left off when it came to the question of encryption and backdoors. Using a contextless, meaningless count of encrypted seized phones, Wray insists that not being able to get into any phone the FBI wants to get into is an "urgent public safety issue."
Of course, as basically every security expert has noted, the reverse is true. Weakening encryption in the manner that Wray is suggesting would create a much, much, much bigger safety issue in making us all less safe. Hell, even the FBI used to recommend strong encryption as a method to protect public safety.
Last month, we wrote about a letter sent by Senator Ron Wyden to Wray, simply asking him to list out the names of encryption experts that he had spoken to in coming to his conclusion that it was possible to create backdoors to encryption without putting everyone at risk.
I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.
Technically, Wray still has a week or so to answer, but earlier this week during an open Senate hearing involving the heads of various law enforcement and intelligence agencies, Wyden asked Wray when he might get that list and Wray sidestepped the question entirely, other than saying he'd discuss it later (in a closed session):
If you can't see that, here's my quick transcript (though I do recommend watching the video just to see the smartass smirk on Wray's face through much of it).
Wyden: On encryption. Director Wray, as you know, this isn't a surprise because I indicated, I would ask you about this. You have essentially indicated that companies should be making their products with backdoors in order to allow you all to do your job. And we all want you to protect Americans and at the same time, sometimes there are these policies that make us less safe and give up our liberties. And that's what I think we get with what you all are advocating which is weak encryption. Now this is a pretty technical area, as you and I have talked about it. And there's a field known as cryptography. I don't pretend to be an expert on it. But I think there is a clear consensus among experts in the field against your position to weaken strong encryption. So I have asked you for a list of the experts that you have consulted. I haven't been able to get it. Can you give me a date this afternoon when you will give me... this morning, a sense of when we will be told who are these people who are advising you to pursue this route. Because I don't know of anybody who is respected in this field who is advising that it is a good idea to adopt your position to weaken strong encryption. So can I get that list?
Wray: I would be happy to talk more about this topic this afternoon. My position is not that we should weaken encryption. My position is that we should be working together -- the government and the private sector -- to try to find a solution that balances both concerns.
Wyden: I'm on the program for working together. I just think we need to be driven by objective facts, and the position you all are taking is out of sync with what all the experts in the field are saying and I'd just like to know who you all have been consulting, and we'll talk more about it this afternoon.
So, a few points on this. First, Wray doesn't answer the actual question of when he'll be giving Wyden a list, but rather suggests he'll discuss this topic in the closed session. But the question of when he'll be delivering his list of experts he's consulted shouldn't be a classified piece of information. It's just a date. Second, Wray immediately misrepresents the issue, by saying he's not asking to weaken encryption. Because he has to realize by now that that's exactly what he's asking to do. If he doesn't recognize that then it's clear he doesn't understand the first thing about how encryption actually works. Third, he's incorrectly talking about "balancing both concerns." But there's no balancing question here. It is not a "balance" between "security" and "civil liberties" as some keep trying to make it out to be. This is a concern between good security and bad security that makes everyone less safe (oh, and also has the potential to violate civil liberties).
It does not inspire confidence to have Wray have trouble answering such a basic question and then totally misrepresent how this all works, even in his two sentence answer.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, chris wray, cryptographers, encryption, experts, fbi, ron wyden
Reader Comments
The First Word
“Once Wray is done balancing encryption concerns…
he can then tackle balancing the lascivious proclivities of pedophiles against the desire for children to not be raped.Subscribe: RSS
View by: Time | Thread
Do the Hand Jive
[ link to this | view in chronology ]
Re: Do the Hand Jive
Anyone even close to an "expert" would know that being named on that list means your career in cryptography is done.
[ link to this | view in chronology ]
Re: Re: Do the Hand Jive
More likely he wants to protects his sources. Imagine someone kidnapping his pet rock.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
A refusal to believe in reality does not a new reality make.
So, fuck math and science, I guess.
[ link to this | view in chronology ]
Re:
But .. but - both sides man, both sides!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Wyden: Who?
Wray: Top. Men.
[ link to this | view in chronology ]
For those that may not know..
But to update, modems, its required of the ISP to send the data to your modem.
This requires little of you, and is done when major updates are needed. It does not give access to your systems. ANd should not.
CHANGE the hardware abit, and you would have a PERFECT backdoor..except passwords, and Bypass ARE NOT GOOD THINGS.
NOW, with the right equipment ANYONE can change the programming in the modem, and not access your computer..They can even TURN IT OFF..
NOT saying that they CANT get into your computer, but that requires a few other things..VIRUS/SCRIPTING, MALWARE..and you allowing it to happen.
KNOW your system..HOW its SUPPOSED to work, how fast it works, and how it ACTS...IF that changes, SCAN EVERYTHING until you find the problem..
USE your own scanner, and MALWAREBYTES has a lazy scanner that does not work, until you ASK IT TO...Then a few other programs to clean up windows(I wont name them, as that would be MY CHOICES..)
You are running SOFTWARE that you didnt not create, and ANY OF IT, can do ANYTHING they want...IF you allow it. If you get a warning, LEARN what the problem is..and WHY its happening..
BROWSERS are not safe..LERN HOW to restrict them..
[ link to this | view in chronology ]
Re: For those that may not know..
[ link to this | view in chronology ]
Is this the same FBI that doesn't want us to buy Chinese phones?
https://www.theverge.com/2018/2/14/17011246/huawei-phones-safe-us-intelligence-chief-fears
So, we're not supposed to buy phones from Huawei or ZTE, but instead buy them from trusted American manufacturers who the FBI has backdoored?
From my viewpoint as an American, I have a lot more to fear from the FBI than I do from the Chinese government.
[ link to this | view in chronology ]
Re: Is this the same FBI that doesn't want us to buy Chinese phones?
...hey, maybe the reason we're not supposed to buy Chinese phones is because the Chinese haven't backdoored them.
At any rate, I'm not worried about getting SWATted by the People's Liberation Army.
[ link to this | view in chronology ]
It's time to stop mincing words. The FBI has already done it. The talking point is desperate effort to justify what they've already done before it comes to public light.
Our existing options are swiss cheese blend of vulnerabilities from different intelligence/law-enforcement entities across the globe.
[ link to this | view in chronology ]
FBI Director Wrong Wray on Encryption
So I have asked you for a list of the experts that you have consulted. I haven't been able to get it. Can you give me a date this afternoon when you will give me... this morning, a sense of when we will be told who are these people who are advising you to pursue this route. Because I don't know of anybody who is respected in this field who is advising that it is a good idea to adopt your position to weaken strong encryption. So can I get that list?
Rather than answer Senator Wyden's question in public during open session FBI director Wrong Wray has decided to hide his answer behind the pitch-dark veil of national security.
[ link to this | view in chronology ]
I'm not interested in weakening the Dam
[ link to this | view in chronology ]
Nostalgia 2 - The remake!
So if the secure-backdoor-by-law is active, who is to say the same thing won't happen again? Giving full access to the first person in but cutting everyone else out? You can't advertise and run an honest DDoS botnet if someone/500 other ppl access the same systems.
[ link to this | view in chronology ]
Weak vs Strong crypto
[ link to this | view in chronology ]
Lies, damn lies, and statements by the FBI director
It does not inspire confidence to have Wray have trouble answering such a basic question and then totally misrepresent how this all works, even in his two sentence answer.
He's not having trouble answering it, he's refusing to because he knows he doesn't have anything to answer with.
His 'experts' are figments of his imagination and I imagine both he and Wray know it, with his attempt at answering in a 'closed session' likely a mix of stalling for time and/or setting the stage to later claim that he did answer it, but since it was in a closed session of course he can't repeat it, and why is the senator continuing to bother him over it?
[ link to this | view in chronology ]
Re: Lies, damn lies, and statements by the FBI director
"I read on the internet so it must be true"
[ link to this | view in chronology ]
Quirks and trickery in technical categorical nomenclature.
Cryptographers cannot secure hardware or networks they have no access too, therefore is is unreasonable to say the encryption is 'broken', even though in a real world sense- it is. **it's not the encryption security that's broken, it's the device security** Think of it like this- a barred window on a house with a weak front door- when someone smashes down the door, you can't blame the window bars.
The fbi know this- they're not stupid- these topics are presumably mired in NS issues... They literally CANNOT make their arguments in an completely honest way, because it would inform adversaries, and reveal capabilities and methodologies that are limited to the upper echelon's of intelligence agencies.
The arguments they present further the agenda of gaining 'legitimate' access to such techniques (to reduce the need for parallel construction) and engaging in useful propaganda, while avoiding conflict with intelligence agencies.
I implore anyone reading this to learn about ring -3 hardware, and read Ken Tompson's 'reflections on trusting trust' to begin to gain an understand on how complex and deep running the 'backdoor' problem really is.
[ link to this | view in chronology ]
Once Wray is done balancing encryption concerns…
[ link to this | view in chronology ]
Re: Once Wray is done balancing encryption concerns…
[ link to this | view in chronology ]
Re: Re: Once Wray is done balancing encryption concerns…
Ran and improved, as if the first half wasn't insane enough already.
[ link to this | view in chronology ]
Experts are generally correct.
[ link to this | view in chronology ]
"If you REALLY tried I'm sure you could make 2+2=5"
Admitting that they've been calling for something that would be a disaster for security, and would put millions at risk is something they'd rather avoid. Much better to double-down and continue to insist that those experts are just lazy and focused on money, and don't really care about protecting the american public unlike the paragons and patriots who know full well that it can be done if the security hacks just nerd harder.
[ link to this | view in chronology ]
FBI Director Still Won't Say Which Encryption Experts Are Advising Him On His Bizarre Approach To Encryption
I'm gonna go with MyNameHere and out_of_the_blue...
[ link to this | view in chronology ]
I Can Give You A Likely Name
How about Dorothy Denning. Way back in the (Bill) Clinton era, she defended the Skipjack algorithm, saying “The 5 of us who reviewed the algorithm unanimously agreed that it was very strong”.
Only when it was later declassified (and the Clipper chip abandoned), it turned not not to be so strong.
[ link to this | view in chronology ]
[ link to this | view in chronology ]