FBI Director Uses January 6 Insurrection To, Once Again, Ask For Encryption Backdoors
from the FBI-really-needs-to-write-some-new-material dept
FBI Director Chris Wray needs to shut the fuck up about encryption.
Let me explain sum up:
For years, consecutive FBI Directors have claimed encryption is preventing law enforcement from doing law enforcement. And for years, public records, efforts by researchers, and court documents have shown encryption isn't much of an impediment to investigations.
Most importantly -- in the FBI's case -- the agency overstated the amount of locked devices in its possession for years while agitating for encryption backdoors. It turns out the FBI's "locked device" spreadsheet performed some faulty math, greatly misstating the number of locked devices in its possession. While the FBI said it has over 8,000 impregnable electronics allegedly preventing law enforcement from investigating crimes, the correct amount is expected to be less than a quarter of that.
That discovery was made in May 2018. The FBI has yet to provide an accurate count of these devices.
So. Shut. The fuck. Up.
Wray is shameless and incapable of shutting the fuck up, even after the agency admitted to Congressional oversight it really didn't know how many locked devices it had or how often encryption actually prevented investigators from investigating.
And yet, here's Chris Wray, leveraging the January 6th insurrection to complain about encryption yet again.
There doesn't appear to be any lack of open source data capable of aiding the FBI in its investigation of this event. Hundreds have already been charged for their participation in the raid on the US Capitol building.
This event has forced US law enforcement to admit domestic terrorism is an actual threat -- a threat propelled mainly by white extremists and others aligned with the pathetic ideal that white makes right. This threat includes far too many law enforcement officers, who have also aligned themselves with the same ideals. That's why it's been ignored for so long and that's why it's a much bigger problem now than it should be.
But here's what Chris Wray has chosen to focus on with his allotted testimonial time before the Senate: encryption. Wray says it's a "lawful access" problem. And he begins with what can only be considered an overstatement of the threat, considering the FBI has done nothing but overstate the problem for years.
The problems caused by law enforcement agencies’ inability to access electronic evidence continue to grow. Increasingly, commercial device manufacturers have employed encryption in such a manner that only the device users can access the content of the devices. This is commonly referred to as “user-only-access” device encryption. Similarly, more and more communications service providers are designing their platforms and apps such that only the parties to the communication can access the content. This is generally known as “end-to-end” encryption. The proliferation of end-to-end and user-only-access encryption is a serious issue that increasingly limits law enforcement’s ability, even after obtaining a lawful warrant or court order, to access critical evidence and information needed to disrupt threats, protect the public, and bring perpetrators to justice.
Yes, encryption can prevent "easy" investigative efforts. But it doesn't prevent investigations. Lots of data and communications can be obtained from service providers and cloud services that store copies of their own. There are at least a couple of vendors providing law enforcement with forensic tools that appear capable of pulling vast amounts of data from "locked" devices. And while it may be accurate to say the "problem" continues to "grow" given the increased deployment of encryption, the FBI has yet to honestly depict the problem it's already facing, so there's no way of quantifying this "growth" to judge its impact on investigations.
And Wray continues to be dishonest about what he wants. He wants encryption backdoors. But when asked directly, he'll claim he doesn't want backdoors. Instead, he wants a mythical form of encryption that is capable of protecting users from malicious threats but not government entities armed with a warrant.
The FBI remains a strong advocate for the wide and consistent use of responsibly managed encryption, encryption that providers can decrypt and provide to law enforcement when served with a legal order.
This sure sounds like a backdoor, but Chris Wray is in permanent denial.
We are not asking for, and do not want, any “backdoor,” that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else.
It's the everyone else who is wrong.
Unfortunately, too much of the debate over lawful access has revolved around discussions of this “backdoor” straw man instead of what we really want and need.
LOL. Get fucked, Chris. The reason no serious security professional agrees this is possible is because it isn't. A hole for law enforcement is a hole for anyone. Once providers start storing encryption keys for law enforcement, those encryption keys are a target for malicious hackers. Criminals who find the keys will do the same thing Wray is asking companies to do, bypassing encryption to obtain communications and personal data.
The only person trotting out straw men is the FBI Director, who appears to believe any counterargument is made in bad faith. His straw men may be uncaptured terrorists or dead kids or whatever, but they're still straw men, especially considering the FBI still has yet to provide an accurate count of encrypted devices in its possession.
And those are his straw men. Wray cites both terrorist attacks and child sexual exploitation as reasons to eliminate actually secure encryption. This ignores the FBI's willingness to radicalize people solely for the purpose of arresting them on terrorist charges. And it ignores the fact the FBI has -- on more than one occasion -- seized and operated servers distributing child porn in order to catch other child porn distributors. Whether or not we agree with the FBI's actions in these cases, it illustrates breaking encryption isn't the only way to address these problems.
Wray also claims the rest of the law enforcement community is suffering from the proliferation of end-to-end encryption.
Our state and local law enforcement partners have been consistently advising the FBI that they, too, are experiencing similar end-to-end and user-only-access encryption challenges, which are now being felt across the full range of state and local crime. Many report that even relatively unsophisticated criminal groups, like street gangs, are frequently using user-only-access encrypted smartphones and end-to-end encrypted communications apps to shield their activities from detection or disruption.
But this really hasn't been observed by anyone else but Wray. (And we know Wray can't be trusted.) The FBI has made constant noise about encryption. Local agencies -- despite having far fewer resources -- haven't said much publicly about encryption or its challenges, outside of the outsized racket whipped up by Manhattan DA Cy Vance. And Vance is no more trustworthy or credible than Chris Wray.
Chris Wray will take any chance given to complain about encryption and a lack of "lawful access." But he doesn't have facts or history on his side.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, chris wray, encryption, fbi, going dark, january 6
Reader Comments
Subscribe: RSS
View by: Time | Thread
Finding out about the January 6th insurrection mainly involved listening to president Trumps public proclamations. Admittedly they were sometimes difficult to understand, but that was not an encryption problem.
[ link to this | view in chronology ]
Re:
It also involved looking at publicly-posted Facebook and Twitter videos and photos. January 6th should be an example of how you don't necessarily need to break encryption. The dumbass insurrectionists proudly posted and boasted their crimes.
[ link to this | view in chronology ]
Re: Re:
This. While you could make a (bad) argument that breaking encryption might somehow be necessary to prevent the attack by monitoring communications, there's no possible way that breaking it after the fact will give you more evidence about who was involved than the insurrectionists already proudly shared with the world on the day. Add to that the fact that most of the "planning" before the day was being done in full public view as well, and the whole argument would be a non-starter, even if they weren't lying about the fact that they're asking for a backdoor.
[ link to this | view in chronology ]
Re: Re: Re:
I wonder .. was their arrogance due to ignorance or because they thought it would not matter after they take over the world.
[ link to this | view in chronology ]
Re: Re: Re: Re:
It's a combination. There's certainly a lot of idiocy involved, but some seemed to believe that they would either find no resistance (the hilarious video of a woman shocked that she was pepper sprayed during the attack) or that it wouldn't matter because they would be pardoned after they "won", or would be let off by supporters in the new order (the "Q shaman" has voiced great shock that Trump didn't pardon him, I believe).
More details keep coming out as these people are rounded up and having to face consequences for their actions, but they did seem to believe that they would not face any consequences.
[ link to this | view in chronology ]
Re: Re: Re:
It's the standard gaping hole in the anti-encryption argument in that the same people who failed to do their jobs even with piles of data in front of them(whether because there was too much to wade through in time or in this case because others didn't care) really want you to believe that if they had even more data that would magically change, despite the fact that that would just magnify the problem that caused the original failure on top of handing the public to criminals worldwide by crippling the security that protects the public.
[ link to this | view in chronology ]
What's particularly pathetic here
is that there has been plenty of leadup. Because it was organised in the open. And the FBI, to its credit, put out pretty pinpointed warnings. It's just that nobody wanted to believe or hear them. And significant parts of the Trump administration were bending over backwards to ignore or play down the warnings.
So what would have been gained if the FBI had focused on decrypting devices rather than spelling out what was in the open? It would just have detracted from the scope of what was about to happen, because it would have made it appear like an isolated effort. Zoe Lundgren just put together 2000 pages of public social media postings from congresspeople actively helping with structuring the insurrection. This will go exactly nowhere because nobody wants it to go anywhere.
[ link to this | view in chronology ]
Re: What's particularly pathetic here
Zoe Lofgren. Sorry for my faulty memory. Have a consolation link.
[ link to this | view in chronology ]
Except for that way. And that. Oh, and that...
Curse that encryption, with it in place there was just absolutely no way at all to predict that a bunch of people who had already shown themselves to be deranged and easily manipulated, and who had been fed a lie for months about how the country was going to be stolen from them if they didn't Do Something could be whipped up into a mob and try to stop the election from being finalized.
Nope, no way at all, clearly this was all encryption's fault and the only reasonable response should be to hand the entirely of the US public to criminals worldwide by crippling encryption because surely then the government will be able to spot and stop deranged lunatics before they do something like that again.
[ link to this | view in chronology ]
On the other hand
Is there any way to actually punish this guy for being a traitor to his oath and the citizenry in general?
[ link to this | view in chronology ]
Re: On the other hand
The oath is on the Constitution, and the Constitution does not have a lot to say about the details of privacy and encryption because those were not nearly anywhere an issue of that scale at the time the Constitution was written.
You'd have to consult the spirit of the Constitution, and nobody swears an oath on that.
In other words, those are pompous words, and while it is perfectly legitimate to feel betrayed by those in the government pressing for things to move in that direction, they are not moving outside of the scope of their oath.
If the feeling of betrayal is universal enough, it might get condensed into the large majorities necessary to make it into constitutional amendments. However, given the current divisive character of society and its representatives in Congress, such majorities seem quite more out of reach than they might have been at one time.
So get your message out to your representatives. Anything else is mainly venting.
[ link to this | view in chronology ]
Re: On the other hand
No. Stop asking.
[ link to this | view in chronology ]
insurrection lol
An 'insurrection' where they had more American flags than weapons.
[ link to this | view in chronology ]
Pretending it's not an insurrection. LOL. Not.
And used them to beat up cops and wanted to hang the Vice President of the United States.
I note that the word insurrection is in single quotes. Perhaps that is sarcasm, or maybe it's just a lack of understanding of what an insurrection is. It's a violent uprising against authority or government, which is exactly what the trespassing hooligan mob did on January 6th.
No two ways about it.
E
[ link to this | view in chronology ]
They also had Trump flags, as evidenced by the security video that showed the first group of rioters who broke into the Capitol. Which flag do you think they worship more?
[ link to this | view in chronology ]
Re:
They also carried the Confederate battle flag into U.S. Congress, no less. It takes a lot of denial to see that as something not related to an insurrection.
[ link to this | view in chronology ]
Re:
They took down a US flag and replaced it with a Trump flag, so I'd say that answers that question.
https://people.com/politics/pro-trump-rioters-tear-down-american-flag-replace-with-trump-f lag-at-u-s-capitol-building/
[ link to this | view in chronology ]
Re: insurrection lol
FTFY
[ link to this | view in chronology ]
Re: Re: insurrection lol
I get the sentiment, but this a No True Scotsman fallacy. Those were Americans through and through, as much as the rest of us may be disgusted by them.
[ link to this | view in chronology ]
Re: Re: Re: insurrection lol
They put the domestic in domestic terrorist.
[ link to this | view in chronology ]
Re: insurrection lol
They were also carrying the Korean flag, for some damn reason. What's your point? Does carrying a flag somehow make it impossible for them to be insurrectionists?
[ link to this | view in chronology ]
And still there's the issue that if people weren't using smartphones, none of that encrypted evidence would exist anyway. So yeah, shut up. You have more potential evidence, not less.
[ link to this | view in chronology ]
Re:
Hell they don't even need any cracking to exploit it - just good ole fashioned prisoners dilemma would get those already doomed opening up for deals to get concurrent instead of consecutive sentencing.
[ link to this | view in chronology ]
We would have gotten away with it too if it wasn’t for those meddling backdoors.
[ link to this | view in chronology ]
BUT BUT BUT THE REAL CRIME IS HIDING ON THE DARK WEB!!!!!!
Its not like there are completely publicly accessible places where you can find out the next round of Q BS being hatched.
Oh no... it is all done in secret in the background.
Considering they still haven;t explained how much they are taking in already and how effective its been at anything other than an after action report saying yep we missed all the planning for this, what is there to gain?
They can not show a single case where encryption let the bad guys get away.
They can not show a single case where encryption kept them from knowing the event was coming.
They can not show that this is anything but a desire to limit our rights that little bit more so people who exhibit wrongthink can be stalked & and FBI handler injected into their orbit so they can home grow another 'terrorist' providing material support to isis via a $20 amazon gift card.
Congress lives in a bubble... up until they heard the people beating on the doors of Congress they never thought anyone would dare do that, but even now not all of them are willing to say it was bad.
Our country almost had legislators murdered on the street b/c 1 asshole convinced them the election was stolen & he never provided a single fucking fact. But they were ready to kill Pence for not violating his oath... and somehow CPAC can have these people show up to keep spreading the lies & keeping the horde amped up b/c they fear that orange man might turn on them.
Orange man is willing to burn it ALL to the ground so long as he can say he won, 500k dead to stick it to blue states & they still can't even suggest perhaps he made mistakes.
This is only going to get worse as the assholes keep stoking the fears that the dems are gonna replace you & force you to learn Chinese. Campaign lies are one thing but these are elected officials using their offices to spread rumors and unrest to keep the country destabilized so they can hold onto power & gain more.
We need to get rid of all of them on both sides....
the idea that $1400 going to someone making "too much" in year 2 of a pandemic when they've done fuck all for us shocks the conscious. Hell more than half the aid was setup so states could fuck around, make it impossible for people to get help then keep the money for themselves... gee those systems to get help were labyrinths where everyone was eaten by a grue.
But hey... those poor suffering corporations who needed bailouts to stay in business managed to buy back stock while still firing workers they promised they woudl keep.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
To enable that means the encryption is broken, that is people other than sender and receiver's can read the messages. All financial transactions, and most software upgrades also depend on encryption. There is a certainty that broken encryption will be used by criminals for their own purposes, who will also be able to use existing strong unbroken encryption for their own security.
That is encryption backdoors pose serious risks to law abiding citizens who use it, while exposing them to criminals who will use unbroken encryption to protect themselves.
[ link to this | view in chronology ]
Re: Re:
That depends. Do you believe the government should be able to use a court order (often times ex-parte and under seal) to make you decrypt a snail mail letter between you and a family member that you've written in a code that only you two know? Or do you believe in privacy, security, freedom and the 4th Amendment?
The government never had access to this type of information before and grew addicted to it in the days before encryption was necessary. Now they're acting like an addict trying anything they can to keep feeding their addiction.
[ link to this | view in chronology ]
Re:
Transparency applies to /governments/ - nobody would call GDR a transparent society or the Statsi agents of transparency.
Governments keep loads of secrets for self-serving purposes. We might as well quit while we are ahead as civil society already cannot exist by your own words. Just as well - it never really existed anyway.
[ link to this | view in chronology ]
Re:
Paragraphs ... who needs 'em?
[ link to this | view in chronology ]
Re:
Encryption isn't just for keeping stuff away from governments, you know. That's a backdoor argument.
[ link to this | view in chronology ]
Re:
What are you smoking? There's nothing anonymous about the coup in Myanmar, the military is brazenly attacking people out in the open. The generals are known. You're not making a coherent argument, you're just spouting "encryption bad."
[ link to this | view in chronology ]
look like we got a another billy boy "barr"
oh...great another 4 years of this encryption crap!
when will government learn WE THE PEOPLE want encryption and privacy!
[ link to this | view in chronology ]
Legality v Morality
Ignoring the impossibility of "selective" backdoors, and ignoring Chris Wray's idioticly repetitive insistence on same, there is still a real problem with the repeated insistence on needing "lawful access" to people's private communications.
While something may be permitted, or not prohibited, by law, does not make that something the right, or morally acceptable, thing to do. The frequent disconnect between legality and morality always needs to be taken into account when government types start talking about things like "lawful access."
[ link to this | view in chronology ]
Just because it's legal to smash your own hand with a hammer...
Going back a number of years to the Snowden 'leaks' I believe it was John Oliver who noted regarding the NSA's actions 'We're not accusing you of breaking the law, we're just a little creeped out that you didn't have to'.
Both in the US and elsewhere we've seen what happens when the government is able to snoop around at will and that's before you factor in crippling the security that protects hundreds of millions of people and huge parts of society and the economy.
[ link to this | view in chronology ]
Just want to let you know I see what you did there and I like it.
That's not a straw man, unless he is claiming his opponents are in favor of terrorism and dead kids. It's scaremongering.
[ link to this | view in chronology ]
I imagine they already have backdoors and are wanting to use the data in court, also parallel construction is too much work.
[ link to this | view in chronology ]
How about no?
Are they really that stupid? Encryption exists in many forms and outside of their jurisdiction.
Users are depending on the default security settings and options set by the phone or service provider.
Who will you make your demands to when users start using alternatives?
Be careful what you wish for. I'll get my popcorn ready for the "unintended" consequences. They certainly aren't unknown consequences. How many years have these requests (demands) been made?
When an agency believes they are entitled to violate constitutional rights as often as this one does, maybe it's time to disband the agency and assign their role elsewhere.
[ link to this | view in chronology ]