Just As FBI Looks To Undermine Encryption, Federal Government Searches For Better Encryption

from the left-hand,-right-hand dept

One of the most bizarre points that became clear in yesterday’s Senate hearings on encryption was that many Senators are so focused on the big bad threat of theoretical ISIS violence in the US, that they don’t understand the very real (and not at all theoretical) threat of our personal data that is being hacked into and exposed on a regular basis, often due to a lack of encryption. The ACLU’s Chris Soghoian summed it up nicely with the following tweet:

If you can’t read it, it says:

Congress: OPM should have encrypted federal employee data.

Congress: Apple has blood on its hands for encrypting user data.

Got it?

Indeed, there has been plenty of talk, including from Congress, over the fact that the Office of Personnel Management, whose computers were hacked to reveal all sorts of information on government employees (past and present), didn’t use encryption, in part because their computers were too old. To be fair, there are indications that encryption might not have mattered that much, since the hackers allegedly got working credentials to access the system, and thus may have been able to decrypt anything anyway.

However, it does seem quite telling that at the same time Congress is freaking out about the supposed evils of encryption, the National Institute of Standards and Technology (NIST) is trying to design a better system for encrypting emails via end-to-end encryption — the very thing that the FBI and some Senators have been complaining about.

The National Institute of Standards and Technology is designing a ?security platform? to authenticate mail servers using crytographic keys. The platform would let individual users encrypt emails.

The system aims to ?provide Internet users confidence that entities to which they believe they are connecting are the entities to which they are actually connecting,” according to a NIST draft report on the topic. A subpar system, the draft said, could result in “unauthorized parties being able to read or modify supposedly secure information, or to use email as a vector for inserting malware into the system,” among other consequences. The draft report is open for comment until Aug. 14, 2015. 

NIST soon plans to issue Federal Register notices to vendors developing individual parts of the end-to-end system.

In other words, as clueless Senators and FBI officials demand ways to undermine end-to-end encryption, the folks who actually understand technology (NIST) are asking for stronger end-to-end encryption. Perhaps, instead of letting FBI director James Comey prattle on about how he doesn’t actually understand this stuff (as he said repeatedly), the Senators could have someone from NIST explain why end-to-end encryption is so important.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Just As FBI Looks To Undermine Encryption, Federal Government Searches For Better Encryption”

Subscribe: RSS Leave a comment
13 Comments
Anonymous Coward says:

Entire US infrastructure is currently vulnerable to attack,

so the FBI wants to further weaken encryption?

Wake up & smell the bacon (oops, not a good thing to say in front of Congress)!

Forget about ISIS on Facebook; we’re at far greater risk from ISIS in our power plants, communications networks, banking networks, etc.

jilocasin (profile) says:

Almost right.....

The quote makes perfect sense if you include the missing part.

Congress: OPM [the governmet] should have encrypted federal employee data.

Congress: Apple [not the government] has blood on its hands for encrypting user data.

There, does that help?

Congress is all for encryption that they can use to keep them safe.

On the other hand Congress is against encryption when it it used by others and thwarts their ability to run roughshod over the Constitution.

The government had mostly unencrypted access to everyone’s data, as long as they followed the Constitution and did so legally. Since they have demonstrated that they can’t help themselves, now they have to deal with mostly encrypted access to everyone’s data.

It’s their [the governments] own short sightedness that has caused this problem. No amount of;

“We only want to access data legally, with a court order…”

Is going to be believed…. nor should it be.

Anonymous Coward says:

I don’t know how this can be explained to the FBI more easily than either you let people use encryption or you ban encryption. There’s nothing in the middle.

I’m sure FBI agents use off the shelf Apple and Android phones. Are they comfortable with China having a means to decrypt those phones? Because if one government can demand access, then every government can and going forward, China may very well be a more important market than the US.

They aren’t saying it, but I think the government wants either key escrow or to have all messages encrypted with their public key. They think it’s as easy as convincing Apple and Google to cooperate, but the reality is that this is all just mathematics. And it isn’t terribly difficult to create new secure communication apps. Once you exchange a secret key (and this can be demonstrated to school children or FBI administrators with finger paints), secure communication is relatively easy. Since the FBI can’t force rogue developers to include escrow or the FBI public keys, the only option is to make it illegal to use encryption.

Seegras (profile) says:

Co mey stupid or what?

What I really don’t understand is how this FBI guy could even _mention_ the idea of banning crypto. I totally understand that some fuckwit like Cameron (like his predecessor Fox who likes to play into the hands of tyrants and features the same spine) is babbling somesuch nonsense.

But I’d actually expect the head of the FBI to at least get informed by its own department that this is a very bad idea, and prevented from making himself the laughing stock of security and law-enforcement professionals.

Since the bright guys at the FBI couldn’t manage to keep their boss from blathering such nonsense, and couldn’t have him removed immediately after he did it, I can only surmise that a) he’s either convinced it’s really a good idea, which put him on par with people that think the odds of winning in russian roulette are quite good, or b) he knows exactly how bad this is and supresses any sane voice within the FBI, because he’s actually craving for the next Führer.

Henlons razor states that you should never attribute malice for things that can adequately explained by stupidity, so I must assume Mr. Comey is not a fascist, but instead must conclude that he is is just utterly, abysmally, stupid.

Anonymous Coward says:

Isn’t obvious to congress that the people (as in We The People) don’t want backdoors in their encryption? Isn’t the recent drive for encryption because the government has violated the trust of the people (We The People)? Are they going to pass a law that says you can not use any encryption except backdoored encryption and would that law pass constitutional muster?

Why is it so hard to understand that any backdoored encryption can be accessed by those other than whom the back door is intended for? Hasn’t recent history made that obvious?

Anonymous Coward says:

Re: Re:

Why is it so hard to understand that any backdoored encryption can be accessed by those other than whom the back door is intended for?

Just presume that FBI Director Comey does indeed understand that. The FBI is the leading domestic counterintelligence agency. So then, where does that train of thought lead you?

Why would our head of counterintelligence urge us to deploy defective defenses?

tqk (profile) says:

Re: Re: Re:

The FBI is the leading domestic counterintelligence agency. […] Why would our head of counterintelligence urge us to deploy defective defenses?

“Why would our head of domestic counterintelligence urge us to deploy defective defenses?”

You dropped something there. Fixed. Guess who that makes Comey’s adversaries. He’s not focusing on defending the citizenry. He’s annoyed he can’t yet find a way to put you in jail.

Anonymous Coward says:

Re: Re:

Isn’t obvious to congress that the people (as in We The People) don’t want backdoors in their encryption?

You would be surprised. My family got together last weekend and, as is usual at family functions, lots of arguments were had. ISIS was mentioned and then a whole discussion around security and privacy ensued. Out of 25 people there, I was literally the only one who though strong encryption was important.

Some people want encryption, others do not.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...