The FBI's War On Encryption Is Personal, According To Comey's New Book
from the fight-for-the-future dept
A recently-released Inspector General's report shows the FBI didn't try as hard as it could to find a way into the San Bernardino shooter's locked iPhone. It appears FBI officials were more interested in obtaining a favorable court ruling than seeking technical assistance from anyone other than Apple, despite the DOJ's courtroom claims about time being of the essence.
This had a lot to do with the current FBI leadership. James Comey made fighting encryption his personal crusade -- one that has been carried forward by both the DOJ and the FBI's new director, Christopher Wray. Comey's new book about his government career -- one that came to an unceremonious end when President Trump fired him -- provides a few more details about his crusade against math and personal security.
A passage in Comey's new book briefly discusses his initial reaction to the news smartphone manufacturers would be moving to default encryption. Comey claims the Snowden leaks prompted a worldwide shift to encrypted communications before moving on to Apple and Google.
In September 2014, after a year of watching our legal capabilities diminish, I saw Apple and Google announce that they would be moving their mobile devices to default encryption. They announced it in such a way as to suggest -- at least to my ears -- that making devices immune to judicial orders was an important social value. This drove me crazy. I just couldn't understand how smart people could not see the social costs to stopping judges, in appropriate cases, from ordering access to electronic devices.
There's more to it than this, but this is from Comey's perspective. Part of the move to device encryption was due to pressure from legislators that phone companies "do more" to protect customers whose devices had been stolen. And some of it was probably backlash to the flow of Snowden leaks, showing the government had assembled a massive surveillance apparatus following the 9/11 attacks, turning tech companies into unwitting accomplices of the surveillance state.
As Comey sees it, the tech sector fails to comprehend the consequences of encrypted communications and devices because it only deals with the positive side of human connections.
The leaders of tech companies don't see the darkness the FBI sees. Our days are dominated by the hunt for people planning terrorist attacks, hurting children, and engaging in organized crime. We see humankind at its most depraved, day in and day out…
I found it appalling that the tech types couldn't see this. I would frequently joke with the FBI "Going Dark" team assigned to seek solutions, "Of course the Silicon Valley types don't see the darkness -- they live where it's sunny all the time and everybody is rich and smart." Theirs was a world where technology made human connections and relationships stronger.
Conversely, the FBI views any communications it can't see as suspect. It ignored solutions to engage in a courtroom battle over a phone that ultimately held nothing of interest. The FBI continues to push for a government solution to the problem -- a mandate it can wield in every situation. Under Comey's command, the FBI has shown it is unable to honestly hold an "adult" conversation about the issues. If officials like Comey feel tech companies are being deliberately obtuse, they cannot honestly argue the FBI isn't acting the same way.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, fbi, going dark, james comey
Reader Comments
Subscribe: RSS
View by: Time | Thread
And I find that the desire to spy on everyone and anyone even more appalling. The risk of becoming involved in terrorist violence is small, but the risks of governments abusing spying capacities to protect their own interests, rather than societies interests is extremely high.
[ link to this | view in chronology ]
Re: risks of governments
--- not just "abusing spying capacities", but abusing all powers entrusted to them.
Such is the fundamental nature of government. Government is not an inherently benign social construct, but an inherently risky system of some people arbitrarily ruling the lives of many other people. Current FBI abusive outlook and conduct is highly consistent & predictable from its long documented history.
Why would educated Americans be surprised that: "FBI views any communications it can't see as suspect."
[ link to this | view in chronology ]
Re: Re: risks of governments
Again with this!!
Okay, what would you replace "government" with?
[ link to this | view in chronology ]
Re: Re: risks of governments
Historically it is most people. Dictatorial or tyrannical systems seem to be the norm. We have to fight those who push for Stasi levels of surveillance. They are a clear and present danger to all of our rights.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Funnily enough, it's not as if the data was out of the FBI's hands. The same tech types Comey thinks are in the darkness are also responsible for retaining all that information the FBI can use to shake down anyone. And it's not like the methods to get that data don't exist either; they do - but as we later found out the FBI was pissed as all hell that the solution was known to exist before they could get a judge to give them a universal "go fuck yourself" order to have any phone unlocked without proving a need to.
There's darkness, all right, and it's not in the tech world. I fear the darkness in the FBI where they choose when to fight darkness as they define it, and only when doing so happens to be most convenient for them.
[ link to this | view in chronology ]
I think I see your problem right here...
No they thought that making devices immune to warrantless searches (and difficult for criminal types to hack) was an important social value. In this, they are (and were) in line with established constitutional law.
[ link to this | view in chronology ]
At least he has that much self-awareness. The FBI's values no longer align with the citizens they serve.
[ link to this | view in chronology ]
Re:
Have they ever? I mean, the FBI tried to goad Martin Luther King, Jr. into committing suicide.
[ link to this | view in chronology ]
Re: Re:
Only because they judged it to be an "appropriate case" to do so, I'm sure. /s
[ link to this | view in chronology ]
It's very simple. Smart people weigh the costs of them having too ready access to data, and the other risks that leaving backdoors, etc. entail, and have found that the public's interest is greater than the judge's/FBI's/etc. Smart people have looked at all the data and decided against your wishes. You have never had ready access to all available data and every piece of personal information at any point in law enforcement, you don't need it now.
If you have a problem with this, the trick is to work with them to get realistic solutions. Not tell them that they have to violate the rights of their customers or come up with magical solutions like a "secure backdoor", you have done so far. Demanding miracles and then whining when they don't sell out the population of the country/world to you is clearly not working.
"The leaders of tech companies don't see the darkness the FBI sees"
Or, they do, and realise that the darkness that may be created by the things you demand is greater than the realistic threat faced by most of them in regards to terrorism.
"We see humankind at its most depraved, day in and day out…"
Which is perhaps why your viewpoint is rather skewed. Step back and look at the bigger picture - where, for example, the average person is far, far more at risk from criminals exploiting an FBI-demanded back door in encryption than they are from a terrorist attack.
"Of course the Silicon Valley types don't see the darkness -- they live where it's sunny all the time and everybody is rich and smart."
If you think the damn weather has anything to do with it and not, say, Silicon Valley types knowing a lot more about the tech than you do, might I suggest booking a holiday somewhere you can clear your head? You clearly need one.
[ link to this | view in chronology ]
This is personal! It's offending my sense of The Order of Things! This must end because anyone that asserts a right to privacy automatically has something criminal to hide! And those that resist our reasonable requests for intrusion in their daily lives are unpatriotic at best, and likely treasonous!
You must ignore that many of the drafters of the Constitution and their constituents viewed that same argument with the utmost suspicion or contempt. They never should have enacted that problematic and poorly conceived Bill of Rights preventing Proper Order!
[ link to this | view in chronology ]
Re: Just ignore that Snowden revealed
[ link to this | view in chronology ]
The FBI and the darkness
Comey has it backwards.
The leaders of the tech companies, and their customers, look at the FBI and see the darkness. As only one example I will point out Aaron Swartz.
And it has gone on a long time. And not just the FBI. Go back to the early 1990s, look on Wikipedia for: "Steve Jackson Games, Inc. v. United States Secret Service". This was partly responsible for the founding of the EFF (Electronic Frontier Foundation).
Even in the early 1990s there was an ongoing War On Encryption. Encryption was classified as a munition and could not be exported. People wondered if you bought a book at Borders Bookstore on Encryption, and carried such a book with you out of the country, if it would be seen as a munition. It was pointed out that this was perhaps the best way to "export" crypographic technology. Also, if the US was to mandate weakened encryption, or the famous "Clipper chip" (government escrow decryption keys) that the rest of the world would move on to secure encryption, and US companies would be at a competitive disadvantage. Eventually, the government came partly to its senses and simply limited exported encryption to use short weak keys.
But here we are again. It is the same issues. And for the same reasons. The government wants to be able to abuse power, snoop on anything, anywhere, without a warrant, or any kind of supervision. Comey's talk about judicial warrants is disingenuous at best.
[ link to this | view in chronology ]
Re: The FBI and the darkness
In fact you are a couple of thousand years late.
For a history US of per-internet censorship look a a history of the US Postal System and censorship.
https://en.wikipedia.org/wiki/Postal_censorship
[ link to this | view in chronology ]
Re: Re: The FBI and the darkness
However, I wasn't talking about censorship. Rather, about snooping, and other abuses that lead to distrust of government TLAs.
[ link to this | view in chronology ]
"making devices immune to judicial orders was an important social value"
The man is twisted. That's the problem with a self absorbed organization. Everything is about THEM. It wasn't apple making it's users safer it was an assault on them.
in 2014 it wasn't returning to the normal order of things and adhering to Constitutional values from the 9/11 power grab it was: "In September 2014, after a year of watching our legal capabilities diminish"
The guy is so full of lies in his own words:
"I just couldn't understand how smart people could not see the social costs to stopping judges, in appropriate cases, from ordering access to electronic devices."
How did Apple enabling encryption prevent judges from from ordering access? They can still order the search but if its encrypted then they need alternative means, which apparently are readily available.
Comey is full of shit. Always.
"Our days are dominated by the hunt for people planning terrorist attacks, hurting children, and engaging in organized crime."
Always.
[ link to this | view in chronology ]
Re:
Shouldn't that be dominated by the creations of terrorist attacks for us to stop?
[ link to this | view in chronology ]
Re:
All people are suspect, all humans are flawed, so they can't believe that humans can be trusted. You can see it in their eyes: because of the things they've done to "protect" people they don't even trust themselves anymore.
It's the most cynical and brutal kind of observation of human nature. If we don't believe in the capacity for humans to civilize themselves, and maybe even to come back from the dark, why should we trust anybody?
I feel sorry for them, but not enough to put up with how those beliefs will make laws that make even more people paranoid and afraid.
[ link to this | view in chronology ]
Trust ... I aint got none
[ link to this | view in chronology ]
Comey shortened up the FBI daily to-do list
What he really meant to say:
"What we typically tell the media is that our days are dominated by the hunt for people planning terrorist attacks, hurting children, and engaging in organized crime. Yadda, yadda, yadda.
And when we cannot find a legit terrorist we coerce US citizens into terrorism using mentally unstable people. They are usually quick wins for the FBI. Umm, what else .. asset forfeiture. We are really big into that. HUGE cash cow for us and really all of law enforcement because citizens are at a complete disadvantage in the courts.
But it is not all work. Parallel reconstruction is an enjoyable past time at the FBI that we enjoy. What we did is we put a giant "Price Is Right" (I love that show .. Bob Barker is the best) wheel in and each square has a mostly legal probable cause that we use to start with. An agent spins the wheel and we work backwards from there. What we have seen is that it helps take the burden of finding probable cause off of the agents and as a result moral has improved.
Fun fact. We used asset forfeiture to pay for the wheel. So its a win-win."
*sigh*
[ link to this | view in chronology ]
With apologies to Aaron Sorkin and Jack Nicholson...
[ link to this | view in chronology ]
I think that he, and alot of people, misunderstand...
Frankly it is so incredible that it takes more than 20 years to incorporate any kind of minor standard in security...
One example - HTTPS: Invented in 1994 for NETSCAPE! Made to use TLS in 2000 and we still see too many sites without it.
That was a single example, but it is like that throughout our technology. We see it often here whenever someone is hacked.
I know that part of the blame is surely on the people who owns the services that hasn't got proper security, but frankly I don't see enough of a push to force progress in this area.
But - as I wrote in the beginning - it is not okay to make the little progression we have made into an excuse and I don't care if they HAD access to every detail in my life at one point... those who want our data are getting more sophisticated in their methods and we need to keep going instead of moving backwards.
[ link to this | view in chronology ]
He's wrong. NSA's and others' illegal spying, including industrial espionage, is to blame.
"The leaders of tech companies don't see the darkness the FBI sees. Our days are dominated by the hunt for people planning terrorist attacks, hurting children, and engaging in organized crime."
1) Claim that FBI is the victim of technological companies.
2) Use terrorism, "helpless" children, and organized crime as an excuse to attack tech companies.
3) Repeat the "going dark" bullshit and keep whining.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Idiot or grandstanding
[ link to this | view in chronology ]
Punctuation Matters
Period should go after, "I just couldn't understand," and the rest of the sentence can be dropped.
[ link to this | view in chronology ]
What people don't seem to see is the FBI is using this singe case as an argument so they would be able to eavesdrop on almost everyone's iPhone in the future, which is if they find anyone suspicious or is a politically targeted individual , or assumed to be a threat to national security because they know to much even when they are not a terrorist. Sometimes it makes you wonder that sometimes the terrorist hunters are also terrorists themselves. I hope Apple wins , the FBI can gather data from other sources , since they they should know where to look other than hound Apple for a backdoor... they just want to make their job easier basically, by using this individual case as an excuse to get in everyone's iPhone.
[ link to this | view in chronology ]
i.e. he doesn't see any problem with the government's misconduct, only with the fact that they got caught.
[ link to this | view in chronology ]
The resulting message should actually be encrypted, but any warrant for the keys is... pointless.
So without further ado:
3Kj6i+e8iCxfB1o981Aif1/xZjlKSU5AYYaABx7WqFJHtd5AL9xUCmqyhX+ZXxbslWRhORiS6dElS8YUOuDVB9I2W7IpjQ5G xBoTfwpkD8ySk+T1ZlUDBGdi3kSDgeV7YFSlZF72c6Yctc2Khi4Tjg==
#!/bin/bash
if [ "$(whoami)" = "root" ] ; then
echo "just... no please don't"
exit 1
fi
KEY=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null| xxd -c 32 -ps)
IV=$(dd if=/dev/urandom bs=16 count=1 2>/dev/null| xxd -c 32 -ps)
MSG="$(dd if=/dev/urandom bs=96 count=1 2>/dev/null |base64)"
PAYLOAD=$(echo -n "$MSG" | base64 -d |openssl aes-256-cbc -K $KEY -iv $IV -base64 | tr '\n' ' '|sed -e 's/ \+//g')
echo $PAYLOAD
[ link to this | view in chronology ]
War on Encryption by Darren Chaker
[ link to this | view in chronology ]