FBI Boss Chris Wray: We Put A Man On The Moon So Why Not Encryption Backdoors?
from the yeah-ok-then dept
Despite the FBI finally admitting it had greatly exaggerated the number of encrypted devices it can't get into, FBI Director Chris Wray keeps pushing the "going dark" theory to whoever will listen. This time it was NBC's Lester Holt. In an interview during the Aspen Security Forum, Wray again hinted he was moving towards an anti-encryption legislative mandate if some sort of (impossible) "compromise" couldn't be reached with tech companies. (Transcription via Eric Geller.)
I think there should be [room for compromise]. I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear.
The "compromise" Wray wants is simple: if law enforcement has a warrant, it gets access. The solution isn't. To weaken or backdoor encryption to serve law enforcement's needs makes everyone -- not just criminal suspects -- less safe. If a hole can be used by good guys, it can be used by bad guys. And even the best guys can't prevent their tech tools from making their way into the public domain. Just ask the NSA and CIA. In the case of the NSA, leaked exploits resulted in worldwide ransomware attacks.
Wray pitches an impossibility by portraying it as a lack of effort by the tech industry. The tech industry -- the one with all the "brightest minds" -- have been consistent in their stance. A hole for one is a hole for all. There's no such thing as securely-compromised encryption. Wray's response has also been consistent: they're just not thinking hard enough. The only "compromise" pitched by members of the tech sector is basically re-skinned key escrow -- the thing that went out of fashion with the death of the Clipper Chip.
Wray's pitch now includes an appeal to the modern wonders of the world, as if these examples change the equation at all:
We're a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can't solve this problem as a society -- I just don't buy it.
First off, bringing the space program into this is ridiculous. All it does is demonstrate the government has access to some of the best minds, but Wray expects the private sector to provide, maintain, and bear the expense of a law enforcement-friendly encryption "solution." (And if it fails to deliver, Wray's more than willing to ask the government to force the private sector to play ball.)
Second, putting a man on the moon was the side effect of a Cold War cock-measuring contest with the USSR. While the nation has derived many benefits over the years from the space program, the "man on the moon" mission was a way of expressing superiority and implying that our weaponry was similarly advanced. The US government showed the world how powerful it was. I don't think that's the analogy you want to make when discussing personal device encryption.
And third, the whole "putting a man on the moon" analogy was solidly mocked on John Oliver's program two years ago when he quoted cryptography expert Matt Blaze accurately saying, "When I hear 'if we can put a man on the moon, we can do this' I'm hearing an analogy almost saying "if we can put a man on the moon, surely we can put a man on the sun.'" Not every issue is the equivalent of putting a man on the moon.
While the others listed are private sector achievements, they're simply not good comparisons. Encryption methods continue to advance in complexity and ease-of-use. This is innovation, even if it's innovation Chris Wray doesn't like. Each of the innovations listed solved problems and created markets. In this case the problem is device security. Encryption solves it. Who wants secure devices? Everyone who buys one.
The rise of smartphones has seen users replace their houses with handheld devices as the primary storage for a life's-worth of documents, along with access to a great deal of financial and personal info. Device makers want to ensure a stolen phone doesn't mean a stolen life. Wray (and others) don't want to do anything more than obtain warrants to scrape the digital innards of devices they seize. In other words, when the FBI encounters a locked safe in someone's house, Wray would believe it's the manufacturer's fault for the safe failing to unlock immediately in the presence of a search warrant.
Still, Wray believes society as a whole would be better off with weaker encryption because sometimes terrorists and criminals use encryption.
Because to the extent that the bad guys have shifted more and more to living their whole lives through encrypted devices and encrypted messaging platforms, that if we don't find a way to access that information with lawful process, we're in a bad place as a country.
Default encryption has been around for a few years now and there's no evidence we're less safe as a nation. Very few prosecutions have been dead-ended because investigators couldn't get into a phone. The problem is presented as swiftly-growing and inevitable, but there's been nothing delivered as evidence of these claims. The FBI has continually pointed to its growing pile of locked devices as Exhibit A in the War on Encryption, but has never presented anything at all to give these claims of diminishing public safety any credence. All we know for sure at this point is the FBI can't count. It used a wrong number (~7,800) to push the narrative and still expects us to believe it after it admitted this count was nearly four times higher than the actual number of devices in its possession.
Wray needs to stop complaining about the tech sector until his own agency can demonstrate its ability to approach the issue with facts, verified numbers, and intellectual honesty.
Filed Under: backdoors, chris wray, encryption, fbi, going dark, man on the moon
