FBI: Bring Us A Unicorn. Techies: They Don't Exist. Senator: Stop Complaining & Tell Us Where The Unicorn Is

from the wait...-what? dept

We’ve already discussed the ridiculousness of yesterday’s Senate hearings with Jim Comey on “going dark” and the desire to backdoor encryption. But one thing that came out in the discussions that deserves further scrutiny is the fact that Comey repeatedly admitted that he had no proposed solution to the question of how to do this. He admits that computer scientists say it’s not possible, but he insists it’s because they’re “not trying hard enough” to figure it out. And whenever Senators suggested different possible legislative fixes, Comey would sort of throw up his hands and say “well, we’re not making any proposals here, we just want a conversation.”

And there’s a good reason for this, which was actually admitted after the hearings by former NSA top lawyer (and proud Techdirt disliker) Stewart Baker (who recently argued that Blackberry failed because it had too much encryption) when he went on PBS Newshour to say that the government won’t put forth a proposal, knowing that it will immediately get shot full of holes by actual experts.

In the segment, Susan Landau, one of the experts who has explained why this whole idea is stupid and won’t work, points out that there are no proposals being put forth because it’s impossible to actually do this in a way that doesn’t create massive problems:

SUSAN LANDAU: The issue is that the government is saying exceptional access, without explaining how they want this done, and all security matters in the details.

And, immediately, Baker shoots back the admission that no one else has been willing to make that, of course the government won’t come up with a plan, because then all the experts can give details for why that plan would be a disaster:

STEWART BAKER: So, I think one of the things that’s clear is the government isn?t trying to say this is exactly how we want you to do it, because I?m sure that Susan Landau would be saying, well, that won?t work and we have got these objections to being told how to do it.

The amazing thing is that Baker doesn’t even seem to realize what he’s admitting, as he then immediately shifts to saying that the government just wants the industry to solve this problem. But the whole point is that there is no solution that doesn’t make lots of other things much worse.

The fact that the government refuses to put forth any solution should be seen as a massive problem. But, incredibly, during the Senate Intelligence Committee hearing yesterday, Senator Barbara Mikulski blamed privacy advocates for not offering up a solution to the impossible (starting around the 58 minute mark).

In our briefing materials I read letters from the ACLU, whose views we so value, the Software Alliance, and I saw a lot of criticism of what we’re pursuing here for some type of opportunity to not go dark. But I didn’t see any solutions. I saw a lot of criticisms. I saw a lot of critiques. But I didn’t see solutions. Now I believe, as Senator Heinrich said and others, we have tremendous technical know-how, and I believe that the people in Silicon Valley are indeed very patriotic people, and they don’t want drug dealers and international traffickers and child pornographers to be able to get away with nefarious things. So, if we could perhaps actually get from those as well as the civil liberties community how we could start working to a solution that would actually be great.

This is the point at which you should be banging your head on whatever wall or desk is closest. All of those patriotic folks in Silicon Valley have been going into great detail about how there is no good way to backdoor encryption, highlighting many explanations of how it actually makes online security much, much worse. To then say that the people pointing out how there are no good solutions should be the ones responsible for offering up a solution, rather than the government, which is insisting that something must be done, is ridiculous.

It takes quite an incredible train of thought to argue that the people telling you that magic fairy dust doesn’t exist need to be the ones to tell you how to make magic fairy dust, rather than the naive folks who believe in magic fairy dust. And yet, that’s exactly what Senator Mikulski did. And that’s because, as Stewart Baker rightfully points out, if the government actually produced a plan for magic fairy dust, actual experts would quickly point out that it’s not magical fairy dust, and actually makes people ill.

How is it that these people are in positions of power and influence?

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI: Bring Us A Unicorn. Techies: They Don't Exist. Senator: Stop Complaining & Tell Us Where The Unicorn Is”

Subscribe: RSS Leave a comment
83 Comments
Anonymous Coward says:

It seems to me like these public hearings are just the posturing and setup for closed-door negotiations with tech companies. The government is trying to make the tech companies out to be uncooperative and unpatriotic (really? like it’s the job of a private company to do the government’s job for it?), so that they can bully them into more of the same types of arrangements we’ve seen getting leaked over the last several years.

These hearings will go quiet at some point and then three or five years later we’ll find out that the result was some tech company caved to pressure and broke their own products for the government.

Anonymous Coward says:

In answer to your last question.

“How is it that these people are in positions of power and influence?”

The reason is that their skill set is that they’re very good at being elected. And that skill set has nothing to do with being competent in technology. Frankly, in my opinion, anyone who actually wants to be elected into a political office has demonstrated that they should never be in that office. It might be better to treat political office in the same fashion as we treat jury duty. Have someone selected and if they can demonstrate why they can’t/shouldn’t be in that office, then select someone else. Compensate them appropriately for their service and at the end of that service, select some other poor fool as a replacement.

But you have to remember, currently, the only required skill in being in a position of political power is the ability to get elected and that skill set has absolutely nothing with being technically competent in making decisions and evaluations of technology. And in fact, given the way our system works, being technically competent can actually be detrimental. A case in point was President Carter. Frankly, he was extremely intelligent and competent. In fact, it’s highly likely that he was better at most of the issues he had to decide on than anyone else in his immediate circle. But that led to him micromanaging things and not delegating the work to those around him who were supposed to actually do the work. As a result, he was pretty much a complete failure since he got overloaded and did a half-ass job on those tasks he micromanaged.

On the other end of the spectrum, was President Reagan. Frankly, he didn’t know much at all about technology. But he was a master at delegation. So he selected good people, gave them an overview of his objective and got out of their way.

Anonymous Coward says:

Re: Re: In answer to your last question.

In politics, anything is negotiable. In this case the politicians are siding with the national security services to go against science. The message is clear:
“You have to give concessions. That is how it works. I don’t give a flying beep about your objections. The fact that you are still arguing against any deal is a sign of you acting in bad faith!”

Anonymous Coward says:

Re: In answer to your last question.

One change:
< And that skill set has nothing to do with being competent in technology.

> And that skill set has nothing to do with being competent.

The list of areas in which most of them are blatantly incompetent (as opposed to merely ignorant) is too long to list, e.g., finance, foreign relations, defense, etc. It’s far easier to leave it at “good at being elected” and call it done.

Anonymous Coward says:

Re: Re: In answer to your last question.

Most of the politicians are actually pretty good at a specific kind of finance: Gathering of election donations and the right supporters. That and a will to bend their opinions to get the right sponsors, is as much a part of it, as seduction of the public.

Both can be said to not be particularly moral, but that is a big part of the game.

twitch (profile) says:

Not surprised....

I’m personally not surprised that Baker and Mikulski both are digging their collective heels in. There’s that belief out there that a person shouldn’t ever complain about a problem with out having a solution in the back pocket to fix it.

But that’s stupid.

A janitor can say “Hey, that pipe’s busted. We need to fix it” and not know what to actually do. OR as is in this case, there _isn’t_ a solution and the experts know it. Sometimes things can’t be compromised on.

John Lambert (profile) says:

There already is an encryption solution for law enforcement

If law enforcement want to get unencrypted versions of what’s been encrypted, all they have to do is get a warrant and then get the private keys. This solution already exists. They could even get a warrant that would let them sneak into a suspect’s home or office and install spyware. The fact that the suspects would feel protected by their encryption would encourage them to feel free in discussing their evil plans, if any.

Anonymous Coward says:

Re: Re: Re: There already is an encryption solution for law enforcement

When the police are alienated from the communities that they police, nobody talks to them, and so they lack intelligence on who is doing illegal things. This has a lot to do with their demand for the ability to carry out general spying on people, and to carry searches of phones of people that they stop.

Anonymous Coward says:

We just need to be able to go faster than light or all the bad people are going to get away. I don’t understand why all the really smart and patriotic people we have in this country who are experts in this area won’t just start bringing us some proposed solutions instead of saying it can’t be done.

< /facepalm >

Stephen says:

Clueless Politicians

Senator Barbara Mikulski blamed privacy advocates for not offering up a solution to the impossible (starting around the 58 minute mark).

There are two responses to that.

First why should privacy advocates be expected offer up a “solution” which would DIMINISH privacy? One might well expect DARPA to produce a weapon which would weaken US defences.

Secondly, which government spends hundreds of billions of dollars on defence and related national security matters each year every year?

If the US national security juggernaut, with all its money and all its resources, cannot come up with a workable solution itself how can lesser mortals be expected to succeed?

Anonymous Coward says:

Its illegal

The constitution gives us certain rights. These rights include the right to privacy. If you have godlike powers you could create a scenario where rights and the government did not conflict, but this is reality and these people are asking for things they don’t even understand. Just as much sense as arguing about how many angels could dance on the head of a pin. Doesn’t change reality one little bit though.

Uriel-238 (profile) says:

Re: Legality doesn't matter.

These officials aren’t arguing against the notion that encryption with a proprietary backdoor is unethical (they want to use it for unethical purposes and they don’t care). These officials are arguing against the notion that encryption with a proprietary backdoor is impossible.

They’re not only happy to violate your constitutional rights, they’re panicked because technology exists that prevents them from doing so.

zarprime (profile) says:

If a solution exists, shouldn't the NSA already know that?

Remember way back in the days of DES, when the NSA shortened the key and changed a couple of other things, and no cryptographer (in the public) knew why? It took years and years before it was figured out. The gap has been narrowed since, but I think the general consensus is that the NSA’s cryptographers are still a couple of years ahead of the public. So if there is non-magical solution to this problem, shouldn’t the NSA already have it, or at least be closer than the software industry?

More likely, given that the NSA hasn’t put forth a proposal, their cryptographers have instead a mathematical proof that this is impossible. Of course politicians, presented with incontrovertible evidence that their position is unsupportable, tell the experts to shut up, and possibly destroy the evidence.

PRMan (profile) says:

Re: If a solution exists, shouldn't the NSA already know that?

There’s an article about Bitcoin about how Satoshi used the same algorithm that NSA uses, but not the same default values.

https://bitcoinmagazine.com/7781/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet/

The NSA bakes these values into a certain encryption protocol:

p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
a = 115792089210356248762697446949407573530086143415290314195533631308867097853948
b = 41058363725152142129326129780047268409114441015993725554835256314039467401291

Bitcoin uses the much simpler:

p = 115792089237316195423570985008687907853269984665640564039457584007908834671663
a = 0
b = 7

p = 2^256 – 2^32 – 977

Many people believe the NSA’s values are chosen precisely because they have found a hack for encryption using those seeds.

Uriel-238 (profile) says:

One clear presumption in the PBS article...

…is that we can trust these government agencies to

a. Use their decryption methods (or any other tools fairly and judiciously with utmost respect for suspect privacy, and…

b. Keep this data, once attained, secure from other interests, whether internal agents sharing cheesecake pics for their own prurient enjoyment or foreign or corporate interests seeking to utilize the data to their own ends.

So far, our agencies have demonstrated they cannot be trusted to do either.

Jeremy Lyman (profile) says:

Enhanced Securitization

I think this is the point where the CIA would start torturing people to “create” golden key encryption.

It’s really the best way to get what they want; for security professionals to say what the government wants to hear despite the fact that it’s not true and the torturees don’t believe it. Why else do people keep starting the same “conversations” about things that things that can’t be done?

Uriel-238 (profile) says:

Re: Re: Re: Horn Ducks

I, too am interested in this horn duck solution.

I believe we have tremendous technical horn duck know-how. I believe that our horn duck experts are indeed very patriotic people, and they don’t want duck dealers and duck traffickers and duck pornographers to get all the horn ducks. So, if we could perhaps actually start working towards a horn duck solution that would actually be great.

Gwiz (profile) says:

Re: Re: Re:

Well, if this were the military we were talking about and the commander asked for a unicorn, he’d shortly after be presented with a horse with a horn duck taped to its head. Duck tape fixes everything, after all.

US Military personnel refer to it as “100 mph tape”.

http://www.urbandictionary.com/define.php?term=100+mile+an+hour+tape

David says:

If the US gets 'exceptional access'

Every other government gets the same ‘exceptional access’. Which means no ones communications end up being secure.

Another point, they talk about ‘the company has the keys’. Actually, in many cases, the company wouldn’t have the keys, just the individuals. For instance, when I get my SSL cert, the Certificate Authority does not know my private key, just myself.

David says:

Stewart Baker: “It’s possible now to write codes right now that no one can break.” So you’re asking the American People to accept a less form of security, despite the fact that non-Americans and criminals will not use it?

Reminds me of the movie Sneakers, where there was a code breaker. However, it would only work on US-based codes. So it does nothing to protect you from your enemies, just your citizens.

Anonymous Coward says:

The needs of the many outweigh the needs of the few. The answer is NO. Not only NO, but so far NO that we are going to go the other way and build unbreakable crypto into EVERYTHING now. It’s already starting to happen.

Here’s a guy who can’t even protect his own networks asking for special access to others. The stupidity is so extreme he doesn’t even realize the danger of what he is asking. He just wants what he wants and everyone and everything else be damned.

Let’s talk about removing your ability to use Stringray’s and hacking people’s computers and flying spy flights inside the US instead. The FBI needs to be reigned in not let loose.

Whoever says:

The government has experts in security -- why don't they suggest something?

If such a backdoor were possible, surely the NSA would have come up with a proposal?

Who don’t these senators ask for input from the NSA? Because they know that it is impossible. What they are doing now is grandstanding. Washington has developed a hatred for Silicon Valley and this is just more bile from Washington.

UriGagarin (profile) says:

Encryption smercryption

*naive mode on*
Surely even if they manage to get some kind of backdoor for online encryption through – the terrorists will just go back to the old practise of one time pads, book codes and number stations (which exist on twitter of all things) and other traditional methods used to securely encrypt data that have been used since the last century? yeah there has to be key exchange but that’s not quite as onerous as it once was.

It’s a totally pointless exercise, for the problem its trying to solve.

*naive mode off*

Anonymous Coward says:

Government thesis: If you’re smart enough, you can make a protocol where the government holds the keys yet smart guys can’t break the protocol.

But if you’re smarter, you can break the protocol. If you’re even smarter than that, you can figure out how to make sure that the smartest guys are only ever good guys, like in the war. So you can’t break the protocol.

Wait a minute, forget this red queen stuff. It’s much simpler than that. It converges in one step.

You don’t need to store keys at all. Just wait till you’ve got some bad guy messages and give it to the maximally smart guys. That solves it. Because super smart guys can break unbreakable encryption. Because they’re smart and because they try hard. Right?

Dismembered3po (profile) says:

The moon...bring it to me

Maybe if we try a metaphor:

Government Officials – “We need to get the stuff on the moon. Bring us the moon!”

Rocket Scientists – “Well, you know…that is not possible. We could send someone TO the moon….on many, many rocket ships, with a lot, lot of stuff and machines, and get some of the stuff and bring it back.”

Officials – “Listen. I don’t want to hear about your rocket ships, and stuff. Bring us the MOON! It’ll be so much EASIER if it’s just here. Why aren’t you sciencing me a solution. I know that you have some experts. Have them propose a solution!”

Scientists – “We ARE the experts. We are telling you that even if we COULD science up a solution, if the moon comes here, we ALL DIE.”

Congresspeople – “Just you try HARDER. We don’t really believe all your experts about the whole dying thing.”

Anonymous Coward says:

Am I the only one who is starting to read these articles like a dilbert cartoon?

Dilbert Cartoon

*Pointy Haired Boss* This thing you’re making costs to much money. We need to make it cost half as much.
*Dilbert* But.. I’m already working on a quarter of the budget I told you would be minimally neccessary to complete the project!
*Pointy Haired Boss* I’m hearing excuses! What I want to hear is solutions!
*Pointy Haired Boss in his own head* I’m a great manager. What I need is less whiney employees.

Government
*Senator* We need to be able to see all the things all the time!
*Experts* But… if we give you the ability to see all the things all the time.. ANYBODY could figure out how to see all the things all the time. Even if we get away from not wanting YOU to see all the things all the time, we want other people to do it even less!
*Senator* Stop giving me problems! I came to you for solutions! Now get to it!
*Senator in his own head* I’m a great senator. What I need is less whiney experts!

John says:

“It takes quite an incredible train of thought to argue that the people telling you that magic fairy dust doesn’t exist need to be the ones to tell you how to make magic fairy dust, rather than the naive folks who believe in magic fairy dust. And yet, that’s exactly what Senator Mikulski did.”

The problem is that politicians live completely immersed in a world of lies and deceit. So when someone, even an expert, tells them something other than what they want to hear they automatically consider it to be untrue.

In this case it’s reasonable to assume that Mikulski simply doesn’t believe what the experts are saying, that it is impossible to safely and securely backdoor encryption.

Rekrul says:

You know what pisses me off the most about all this? It’s not the blatant stupidity of the government people who think that the tech companies can just magically create a perfect solution. It’s listening to them harp about they won’t be able to get access to information even if they have a warrant, but never acknowledging that all this is happening specifically because the government and law enforcement have been doing warrantless searches of people’s data for years.

That One Guy (profile) says:

Re: Re:

That’s because doing so would force them to admit that maybe, just maybe, the push for increased encryption is a direct result of the government and police ignoring the laws and spying on people as much as they can get away with it, making it abundantly clear that if people want to maintain their privacy, they’re going to have to do it themselves, as they can’t trust the government and/or police to do so.

Rather than admit that people are trying to take away their favorite toy because they’ve shown they can’t be trusted with it, they instead choose to place the blame anywhere but where it belongs, them.

Uriel-238 (profile) says:

I was going to suggest that they could also try to invent bullets that kill only bad people.

But I then realized that they might then argue that bullets fired from police weapons do only kill bad people, just as police detection dogs never give false positive signals. (In Chicago, 53% of dog signals are false positives, 92% when used on Latin suspects).

And I realized by the same logic, we just need to make an encryption algorithm that cannot encrypt evidence of crime. Only legal, crime-free data can be encrypted by it. Then the police don’t need access to encrypted data at all.

GEMont (profile) says:

Don't tell me its impossible - just make it happen!

I think you’re misunderstanding Mister Baker’s argument.

Remember, he’s a G-Man, not a thinker, or educated, or even remotely brighter than your average five year old.

What he’s saying is that he knows the techies have said its impossible, and that any “plan” the government might offer the techies will only make the techies respond in a way that proves their point – that its impossible.

What Steward wants is for the techies to stop wasting his time proving the idea is impossible and start working out a way to make it possible.

He feels that techies are like a magic lamp – you just rub money on it and tell it your wish and it magically appears.

His complaint is simply that all the magical energy the techies need to make the Unicorn appear, are being wasted on working out explanations why its not possible to make the Unicorn appear, and as soon as the techies stop doing that, they will have all that magical energy available for creating the government’s wish.

Its really quite simple, as it Stewart Baker.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...