FBI's James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It's Because They Haven't Really Tried

from the that's-the-spirit dept

As was widely expected, FBI Director James Comey appeared before two separate Senate Committees yesterday — the Judiciary and the Intelligence Committees — to talk about the “risks” of “going dark” if the government is not allowed to backdoor encryption. You can watch the Judiciary Committee hearing and the Intelligence Committee hearing at those two links. I’d embed the videos here on Techdirt as well, but I can’t because (guess what?) neither offers an encrypted HTTPS version, so they wouldn’t appear on our site, since we force HTTPS connections.

Most of Comey’s comments were pretty much what you’d expect him to say, with a few clear themes repeated over and over again:

  • American ingenuity is great, so I don’t really believe all these computer science experts who say that it’s “too hard” to give the government access. I think they haven’t really tried.
  • I don’t have a proposal myself (which experts would ridicule for the problems it would create), but rather I’m just trying to “start a conversation” on this.
  • We have no data to actually support the fact that encrypted communication has become a real problem, but I can tell you scary stories about (boo!) ISIS.

That was about the crux of it. There were a few times where he would kind of admit that maybe, just maybe the computer scientists were right, but he still thinks they could try harder. The most ridiculous was where he literally said:

“Maybe the scientists are right. But, I?m not willing to give up on that yet.”

Earlier in that same hearing, he said:

“A whole lot of good people have said it?s too hard ? maybe that’s so…. But my reaction to that is: I?m not sure they?ve really tried.”

There are a few problems with all of this. First, he keeps claiming that people are saying it’s “too hard.” But they’re not. They’re saying it’s impossible to give him what he wants without seriously undermining the basic foundations of private communications online. And that’s not just private communications in the form of messaging, but also financial transactions, medical records, business dealings and the like. In short, the “solution” the FBI wants puts everyone at risk.

The second big problem is that it’s fairly stunning that Comey keeps insisting that those bright minds in Silicon Valley can sprinkle some magic pixie dust and give him what he wants, but at the same time claims it’s too difficult for the FBI to actually quantify how big a problem encryption is for its investigations. Furthermore, he can’t even provide a single real world example for where encryption has been a real problem. Even when pushed on this, he noted that when the FBI comes across encrypted communications, they move on to other avenues to investigate those individuals. Which sounds a lot like encryption really isn’t that big of a problem.

The lack of an actual proposal, and the idea that he’s just “starting a conversation” is equally ridiculous, since this conversation was conducted twenty years ago and it was shown what a bad idea it was to backdoor encryption. The idea that we need to do this all over again is just stupid.

Two other quick comments: A few times Comey noted that some big companies are able to encrypt data, but still get access to the underlying content. He used this to argue that it’s “possible.” But he leaves out the fact that those are not end-to-end encryption, but something different entirely which is much less secure than end-to-end encryption. He’s comparing two very different things without recognizing the massive trade off in security associated with what he’s talking about. His technical ignorance — which he underlined multiple times, is kind of bizarre. If he admits he’s so ignorant, why does he brush off the arguments from people who have been in this field working on these issues for decades.

The other comment: multiple times he and some of the Senators hinted that the FBI actually stopped some sort of nefarious plot that was supposed to happen on July 4th weekend. As we noted, despite lots of hype on cable news, the FBI has been making these kinds of failed predictions ever since 9/11 without a single one turning out to be accurate. So it seemed curious that he and others kept hinting at the idea that the FBI had to work overtime last week to actually stop an attack. If true, then you’d think there would be an arrest somewhere, but nothing appears to have been announced. It seems likely that this was just more FUD, but we’ll be curious to see if the FBI ever explains something that it actually did to prevent a real attack.

We’ll likely have a few more posts about some of what was discussed at the hearing a little later. But it’s not just troubling that Director Comey is pushing for efforts to backdoor encryption, he’s wasting the time of lots and lots of smart people who should be focusing on making our communications more secure, rather than proving to Comey and elected officials how ridiculously short-sighted it is to make communications less secure.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI's James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It's Because They Haven't Really Tried”

Subscribe: RSS Leave a comment
54 Comments
Uriel-238 (profile) says:

Re: You laugh at trying to make 2+2=5 by fiat.

But imagine how easy things would be if we could pass a low making Pi=3.

Wow! All of a sudden circles are so much easier to understand!

Now I get how mathematicians may look at that and feel such a notion is ridiculous. That’s why we need a magical mathematics fairy, some kind of mechanism that allows pi to be 3.

Seriously, I think we have a conversation about this.

Anonymous Coward says:

American ingenuity is great, so I don’t really believe all these computer science experts who say that it’s “too hard” to give the government access. I think they haven’t really tried.

American ingenuity is great, so I don’t really believe all these FBI directors who say that it’s “too hard” to catch all the bad guys. I think they haven’t really tried.

SteveMB (profile) says:

Re: Re:

American ingenuity is great, so I don’t really believe all these FBI directors who say that it’s “too hard” to catch all the bad guys. I think they haven’t really tried.

Actually, we know for a fact that they aren’t trying. There are several well-known ways to bypass encryption no matter how strong it is (plant hardware or software bugs to directly intercept keystrokes and display output, intercept EM noise emissions to remotely reconstruct keystrokes and display output). The FBI prefers to pretend that these alternatives don’t exist because they’re too much work and effectively limit them to individual targeted surveillance (i.e. what they’re supposed to be doing) rather than mass surveillance (i.e. what they want to do, laws to the contrary be damned).

alternatives() says:

they haven’t really tried.

Yea, because human beings are well known for their flawless creations and the later flawless working with those creations. Combine that with the kindness humans show fellow humans and the guidance under the Rule of Law and it is no wonder the position of ‘didn’t really try’ was taken.

philnc (profile) says:

Re: RSA?

But for sovereign immunity those banks would have overwhelmed the US government with lawsuits over the damage that bit of industrial self-espionage has done over the years.

Talk about friendly fire.

Anyone know what grade Comey got in first year Calculus, assuming he qualified to even take it?

Suggestion: ALL public officials whose jobs involve making decisions on computer security issues be required to get at least a 2 year degree in computer science. If they can’t cut it then they’re disqualified from participating in those decisions. Not really that much to ask, given how many of them have gone out an earned an MBA on the public’s dime to prepare for a future career in the private sector.

jilocasin (profile) says:

I think you've hit his _actual_ agenda

I think you might have stumbled upon his _actual_agenda_:

“…he’s wasting the time of lots and lots of smart people who should be focusing on making our communications more secure…”

You see he knows that what he wants isn’t possible, he’s just trying to slow things down by keeping all of the worlds top crypto minds tied up in this debate instead of focusing on making cryptography, stronger, more secure, easier to use, and by extension, more ubiquitous.

He’s not stupid, quite the opposite, he’s being very very devious. It’s a good thing for us that you have seen through his ruse.

AJ says:

They, like big media, just can’t fathom the concept that they’ve lost absolute control. You can bet that this will pop up every so often until they figure out a way to get what they want, however impossible it may be. They’ve had a taste of the drug that is full access and they will never settle now for anything less.

In their mind, laws and privacy don’t exist. They are at the point now where they truly believe that it would be better to sink all the ships coming to port rather than let them dock not knowing whats inside of them.

They won’t ever stop, even if it means destroying the internet.

Anonymous Coward says:

“FBI’s James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It’s Because They Haven’t Really Tried”

We havent all tried murder yet…….shall we all try it tomorrow and see if we like it or not?!

There are just somethings you KNOW Mr Comey………the fact that you dont makes me question your morality, your agenda and ponder whether it is fucking wise to have you hold the position you have

David says:

Jurisdictional issue

Despite it being brought up multiple times, he still hasn’t talked about the jurisdictional issues. If the US has a backdoor, other countries will either have their own back door. If they can’t have their back door, they simple will not allow the US products into their country knowing the US has a backdoor.

Carlie Coats (profile) says:

Re: Criteria for Testimony

Since he is claiming to be an expert, he should be held to the “Expert Witness” criteria from the Federal Rules for Civil Procedure, found in Section 702 thereof (see https://www.law.cornell.edu/rules/fre/rule_702 et seq.).

Under those conditions, he is NOT qualified to testify. His testimony should be stricken for cause.

Anonymous Coward says:

I think Comey is stuck in a Moebius loop of ignorance and grandstanding. I have no other reasons to explain his continued crusade in this. I’d cite issues like the OPM breach, his lack of cases where encryption hindered investigations or anything credible, but you can’t engage someone like this. Not with verifiable facts it seems

Anonymous Coward says:

Mathematicians have been trying for over 2,000 years to find a better way to do prime factorization of very large numbers and no one has found the better mouse trap. In the U.S., more than 50% of mathematicians are employed by the government. Mr. Comey has all of the resources he needs in order to backdoor encryption.

Methinks Mr. Comey is a moron.

Uriel-238 (profile) says:

Re: I thought there was a quantum solution

This is where I get to reveal my ignorance on this subject.

I know the current quantum computers on the market can’t do this fast large-number factorization yet but we have a quantum algorithm — Shor’s Algorithm — to do it once we can make such a computer.

…And guess who wants the first one off the block…

“>Here we go. Tick tock tick tock tick tock…

To be fair, I think perfect forward secrecy serves as a workaround for the problem, but still miles to go before the internet sleeps.

John Fenderson (profile) says:

Re: Re: I thought there was a quantum solution

Yes, but the other side of that coin is that quantum computers also theoretically allow new forms of encryption that are prohibitively difficult for quantum computers to break.

This sort of thing has been going on for the thousands of years of crypto history. It’s always a back-and-forth where strong crypto is developed, then a stronger way of breaking it is developed, then even stronger crypto, and so forth and so on.

Uriel-238 (profile) says:

Re: Re: Re: I thought there was a quantum solution

I think the advantage to quantum-only encryption / decryption is that the early computers will be prohibitively expensive for small-time criminal enterprises. Only large governments and larger corporations will be able to afford to run a quantum mainframe, or gain access to one.

Some of the time of the Google / NASA D-Wave is made accessible to students worldwide who have jobs that require quantum computing, so it’s possible for the public to get some access to the quantum machines we have.

It’s going to be a while before our phones or personal data are encrypted with technology that requires quantum manipulation, however we may find non-quantum encryption that still can stump quantum cryptanalysis.

But the current asymmetrical encryption that we rely upon for secure data exchange on the internet is going to fold once we develop a device that can quickly factor large numbers. And we don’t have another asymmetrical scheme yet in place to replace it when that happens.

Anonymous Coward says:

Proof, or it didn't happen!

See that is the really big whopping evidence for me that they really don’t need the powers they have been granted, or anymore power for that matter. If they had just once done something great with things like torture, mass surveillance and all those filthy ways they use, then they wouldn’t be reluctant to share their achievement. They would post it in big letters with a huge show of bragging and justification.
They have released information about cases that were disproven, they have lied and they have told scary stories.
I very much suspect that is the only things they have at all. If they had anything more, at all, they would have released it to hold over our heads every single time anyone tried to oppose them.
The single greatest proof is the very lack of proof.

Anonymous Coward says:

I don’t think James Comey understands what the word “expert” means.

All the medical experts seem to agree that self inflicted gunshot wounds to the head are a bad idea. Comey needs to put a gun to his head and see if those experts are right, before ignoring those other experts on backdoors.

Is there no one out there who will rid us of this troublesome director?

nasch (profile) says:

Then why?

Even when pushed on this, he noted that when the FBI comes across encrypted communications, they move on to other avenues to investigate those individuals. Which sounds a lot like encryption really isn’t that big of a problem.

Then why is Comey so obsessed about it?

– he’s just stupid (simple answer but probably too simple)
– this is a smokescreen (for what?)
– encryption makes bulk collection useless
– he wants everyone to think the FBI can’t deal with encryption so they feel safe using it

Put on your foil hats and come up with some other reasons!

Anonymous Coward says:

Re: Then why?

Then why is Comey so obsessed about it?

In the case of someone like New York County District Attorney Cyrus R. Vance (yesterday’s testimony before Senate Judiciary), it’s reasonable to presume that he just doesn’t have enough foreign policy or economic affairs experience to have really thought through the various factors.

But, in contrast to Mr Vance, FBI Director Comey has a counterintelligence mission for his agency. In addition, Mr Comey’s agency is also tasked with intellectual property cases, and with corporate espionage case, so that his brief includes some matters of economic affairs.

If one really starts speculating why Mr Comey would advocate destroying American technology’s competiveness in the world market…

Anonymous Coward says:

Re: Re: Re: Then why?

If one really starts speculating why Mr Comey would advocate destroying American technology’s competiveness in the world market…

Go on…

If Mr Comey is acting as an agent of influence for a foreign power, then we should probably expect to be able to find two things:

• A means of communication with the foreign power or individuals.
• A motive: money, ideology, compromise, or ego.

Maryanne k Snyder says:

He's a "privacy denier"

He knows exactly what he’s doing. It’s the same political and rhetorical trick developed by the cigarette companies of “keeping the controversy alive.” disregard the experts, deny the science, insist its an open question, keep repeating he just wants a conversation, repeat. We see it used by the the creationists, the anti-vaxxers, the climate deniers.

tqk (profile) says:

I hate dumbth.

American ingenuity is great, so I don’t really believe all these computer science experts who say that it’s “too hard” to give the government access. I think they haven’t really tried.

Sigh. Hasn’t every high tech startup geek heard that from his (nominal) superiors? “Boss: I have this brilliant idea! All we need to do is $Something_Magical_Happens_Here, and we’ll all be rich and famous!”

Oh, and I (tech geek) need to figure out what $Something_Magical_Happens_Here means.

Comey’s a twit.

Wyrm (profile) says:

It's a kind of magic

Sounds to me like this guy expects developers to do magic.
He doesn’t want to do work, as he (more or less) proved that he can arrest terrorists without backdoors. He just has to actually do work and he doesn’t like it.
What he wants is a magical button on his computer “press here to arrest terrorists” and the terrorists get magically teleported in prison.
On second thoughts, no, he doesn’t want that. He wants a magical button “press here to arrest terrorists” and FBI agents are teleported to the terrorists (along with a TV crew) to show how much the FBI is needed.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...