FBI Director Chris Wray Says Secure Encryption Backdoors Are Possible; Sen. Ron Wyden Asks Him To Produce Receipts

from the not-so-great-when-you're-on-the-receiving-end-of-a-bludgeoning-interrogation dept

I cannot wait to see FBI Director Christopher Wray try to escape the petard-hoisting Sen. Ron Wyden has planned for him. Wray has spent most of his time as director complaining about device encryption. He continually points at the climbing number of locked phones the FBI can’t crack. This number signifies nothing, not without more data, but it’s illustrative of Wray’s blunt force approach to encryption.

I’m sure Wray views himself as a man carefully picking his way through the encryption minefield. But there’s nothing subtle about his approach. He has called encryption a threat to public safety. His lead phone forensics person has called Apple “evil” for offering it to its users. He has claimed the move to default encryption is motivated by profit. And if that’s not the motivation, then it’s probably just anti-FBI malice. Meanwhile, he claims the FBI has nothing but the purest intentions when it calls for encryption backdoors, even while Wray does everything he can to avoid using that term.

He claims the solution is out there — a perfect, seamless blend of secure encryption and easy law enforcement access. The solution, he claims, is most likely deliberately being withheld by the “smart people.” These tech companies that have made billionaires of their founders are filled with the best nerds, but they’re just not applying themselves. Wray asserts — without evidence — that secure encryption backdoors are not only possible, but probable.

Senator Ron Wyden has had enough. He’s calling out Director Wray on his bullshit. Publicly. His letter [PDF] demands Wray hand over information on his encryption backdoor plans. Specifically, Wyden wants Wray to name names. [via Kate Conger at Gizmodo]

Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.

I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you’ve personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.

Remember how FBI directors (Wray, Jim Comey) claimed they just wanted to have “an adult conversation” with tech experts and cryptographers? My guess is they’ve never even tried. Wray hasn’t held the post for long, but he’s been beating Comey’s weathered anti-encryption drum as long as he’s held the title. And in all this time, I doubt he has talked to anyone in the tech industry directly about his encryption backdoor theory. Even if he has, he certainly hasn’t found anyone who agrees such a thing can be done without weakening device security. Wray will have no answers for Wyden. We can only hope being publicly embarrassed by Senator Wyden will force him to rethink his position.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Director Chris Wray Says Secure Encryption Backdoors Are Possible; Sen. Ron Wyden Asks Him To Produce Receipts”

Subscribe: RSS Leave a comment
80 Comments
Anonymous Coward says:

So you're saying the whole public / private key thing is wrong.

Seems "cryptographers" are of two opinions, both
wrong. I’d avoid everything NSA advises, just
because the method is known if not the keys.

Use any custom method instead.


"petard-hoisting" — What is it with mangling
this standard phrase this week?

It’s "hoist with your own petard", meaning blown
up by your own bomb. There is NO "bomb-hoisting"
even possible if you understand the notion!

Then there’s "weathered anti-encryption drum"!
Where DO you come up with these concatenations of
ordinary words? They’re unique and practically
INHUMAN, and I mean that this minion MAY be "AI".

Machin Shin says:

Re: So you're saying the whole public / private key thing is wrong.

Have you done much reading on encryption? If so I doubt you would be suggesting “Use any custom method instead.” I will freely admit I am no expert, but as someone fascinated by math who has taken some time to understand the basics of encryption… trying to make your own encryption will fail horribly verses any real attacker.

Encryption relies on scrambling data so it appears to be random even if it isn’t. All it takes is a very slight mistake for it all to come apart. The enigma machine was cracked because of someone sending a message that was one letter repeated over and over. Once someone finds a pattern your encryption falls.

Building a solid encryption system is well beyond the skill level of most people.

David says:

Re: Re: Ouch

Encryption relies on scrambling data so it appears to be random even if it isn’t.

Oh wow. No, that’s not what encryption relies upon. That’s a side effect, and only so if you don’t package the result with steganography afterwards.

Building a solid encryption system is well beyond the skill level of most people.

Given the understanding displayed in the above, this conclusion is doubly valid.

Anonymous Coward says:

Re: Re: Re: Ouch

No, that’s not what encryption relies upon. That’s a side effect&helllip;

Look, since you seem so sure about this, then instead of me trying to explain “indistinguishability” to you—how ’bout you explain it to me. Please.

My question is… simply… what is IND-CPA, IND-CCA1, and IND-CCA2 all about?

I can handle a moderate amount of math in your explanation, but listen, I’m an EE, not a mathematician.

Anonymous Coward says:

Re: So you're saying the whole public / private key thing is wrong.

Nobody’s saying PKI is wrong. However, it’s irrelevant to this topic: you cannot have PKI where the private key is publicly held, which is what the FBI appears to be proposing.

For an illustration of how this falls apart, look at the FAA’s public/private key solution for suitcase locks.

Someone took a picture that just happened to include the keys handed out to appropriate personnel, and suddenly that key wasn’t so private. And ALL locks made for the program were suddenly useless.

And yes: in the FAA illustration, “rolling your own” is likely better, although it will result in your own lock being destroyed by the TSA eventually.

In the case of cryptography, rolling your own has ALWAYS resulted in something that didn’t work. Real cryptography is done in public, with industry feedback. Even the smartest cryptographer is going to miss something, because the subject is insanely complex.

Uriel-238 (profile) says:

Re: Re: Rolling your own encryption

These days, rolling your own means taking one of the several well-tested sans-backdoor encryption schemes available and using one of them. Contrast the 1990s in which security through obscurity was still regarded as a valid encryption tactic. And it was in vogue for mathematics freshmen to try their hand at amateur crypto.

We’ve gotten really good at both cryptanalysis and guessing human-created passwords, and this has been established by the late aughts. So it’s commonly known (at least should be within the tech sector) that it is dangerous to attempt to construct an encryption scheme without a lot of study, practice and rigorous testing. And if passwords are easy to guess or stowed while lightly encrypted themselves, they’re going to be discovered.

(Curiously, it’s less well known that cracking TPMs is expensive but doable and has been since 2011. Generally, something that is expensive to crack is regarded as acceptable. Regarding the San Bernadino Shooter iPhone affair, either the FBI lied about having cracked it, or the consulting firm broke the unit’s TPM with a tunnelling electron microscope.)

And granted, programming is a messy, buggy process, but that puts the vulnerability of roll-your-own encryption not in the encryption algo but its implementation.

Richard (profile) says:

Re: Re: Re: Rolling your own encryption

Contrast the 1990s in which security through obscurity was still regarded as a valid encryption tactic.

That’s not how I remember the 90’s. I think you need to go back a lot further to get to the point where anyone competent thought that. I was looking at ASIC implementations of RSA in 1983.

Anonymous Coward says:

Re: Re: Re:2 Rolling your own encryption

Agreed; there were a group of us working with Phil Z in the 90s to find secure implementations of accepted crypto routines.

The problem with "rolling your own" isn’t limited to rolling your own key crypto: the problem extends to rolling your own implementation of known-secure crypto. All it takes is for your random seed to not be so random, or your inputs to be subject to a replay or timing attack, and it doesn’t matter which crypto lib was used. This stuff needs many eyes from end to end to ensure that the implementation doesn’t have a fatal flaw.

Adding the complexity of third party keys into the mix basically makes the "acceptable security" part of it impossible. If one person doesn’t control the keys, they don’t control the security.

So the only way this could possibly work is if, say, the FBI had a PKI program where they held the master key, but access to that key was role based and time boxed. You could even have multipart keys, where, say, the FBI and the manufacturer both held key parts, and they both had to present their tokens within a specific timeframe to gain access to the master key. This access would then be used alongside the individual’s public key to generate a decryption key for the individual product.

Works fine in napkin theory. However, such a model is rife with holes in security management: not only will those keys need constant rotation to stay secure (due to the known bug in PKI and human fallability), someone still has to manage the servers that manage the private keys. And we’ve created a single point of failure that every single hacker in the world is going to see as the ultimate target, and this single point HAS to be connected to the Internet.

TL;DR: Sure there’s plenty of bright people out there, but in order for good enough security, the entire process needs many eyes and few inputs. What the FBI wants is few eyes and many inputs, which isn’t secure.

I.T. Guy says:

“And in all this time, I doubt he has talked to anyone in the tech industry directly about his encryption backdoor theory.”

He absolutely has, no doubt. He was also advised it’s not possible… without making everyone less secure. He (FBI, NSA, ETC) could give 2 shit about the latter and it is acceptable collateral damage as long as they get the backdoor.

Anonymous Coward says:

Re: Re:

He absolutely has, no doubt. He was also advised it’s not possible… without making everyone less secure. He (FBI, NSA, ETC) could give 2 shit about the latter and it is acceptable collateral damage as long as they get the backdoor.

Actually, you can be absolutely certain that he’s found a government contractor – probably small and almost certainly fly-by-night – that specializes in telling government officials what they want to hear, who can absolutely accomplish what’s considered to be impossible (by actual experts) as long as there are enough zero’s on the check.

Anonymous Coward says:

Re: Re:

But then they had an age of unencrypted http traffic and clear-text passwords because it was probably judged to be safe enough for the relatively small amount of people who knew enough to make use of the poor security. IT was a niche thing for nerds and a lot of people thought it a fad that would never be a major necessity in neither business as well as other places.
In 2000 – 2010 they said that we educated too many people in IT and the bubble was bursting again.
Today it is easy with very little knowledge to “hack” as long as you have $50 and know the right place to look (or can do the right search) and then we have “home-grown” IT people without an official education but with access to the greatest gathering of knowledge ever known.
My point is that the agencies loved the clear-text age, because they had the people with the knowledge to use (or misuse) that… today they are outdone by many forms of encryption that everyone has access to. So yeah, they have forgotten how to investigate, because for years it was so very easy for them.

David says:

Let me pick one tidbit from the intro:

[Wray] has claimed the move to default encryption is motivated by profit.

If the offer of encryption is enough of an added value for enough customers to make their phone choice (and it’s not like the price spread is all that large) profitable, it seems like enough customers care for their privacy that should be protected from government intrusion by the Fourth Amendment (but isn’t really anymore) that it counts.

So how about some representatives offering to work on making the Fourth Amendment heeded? There is a market for it, you know. It’s just that the market is getting bled dry because of partisan politicsmaking and either of the two ingrained parties being a lousy choice for heeding any of the amendments coined against government overreach because either are too accustomed to getting their turn in the seat of power occasionally.

A person must not be running more than twice for president. How about a party being only permitted to rule not more than 5 times at all? Now that would upset the party system continuity that rides roughshod over democracy.

Roger Strong (profile) says:

To: FBI Director Christopher Wray

From: Senator Ron Wyden

Re: Backdoors without weakening security

When you wish upon a star

Makes no difference who you are

Anything your heart desires

Will come to you

If your heart is in your dream

No request is too extreme

When you wish upon a star

As dreamers do

To: Senator Ron Wyden

From: INS

Re: Dreamers

Dreamer located. Please deport.

TDR says:

The Nerd Harder Song

Nerd Harder (played to the tune of Eye of the Tiger)
———————————————————

Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!

Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!

Loggin’ in, startin’ up Windows
Worst OS on the planet
But the spooks, they just love it to death
They want us all insecure all the time

Clapper’s
lied on and on about this whole goin’ dark
wants to go
and install some useless backdoors
But it’s
not gonna work and it’ll make us less safe
Now Wray still says tech needs to go
nerd harder

Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!

Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!

Ignorant, that’s what Chris Wray is
Not a clue about nothin’
Safe backdoors, it just cannot be done
But he still asks for the impossible

Clapper’s
lied on and on about this whole goin’ dark
wants to go
and install some useless backdoors
But it’s
not gonna work and it’ll make us less safe
Now Wray still says tech needs to go
nerd harder

Just got to nerd harder

Anonymous Coward says:

"These tech companies that have made billionaires of their founders are filled with the best nerds, but they’re just not applying themselves."

In otherwords, nerd harder. So far that hasn’t worked for eliminating the effects of gravity for physicists. It’s a dodge for trying to say, "That’s not my problem, I just know what I want. Someone else make it possible".

If it were that easy, I want to be able to go to other galaxies. Not next year but tomorrow. Has the same ring of reality to it.

orbitalinsertion (profile) says:

Re: Re:

They keep ignoring the better nerds who actually do encryption. If Apple is actually rolling their own, the FBI probably already has what it wants and just doesn’t know it. Or again, broken encryption isn’t really what they want, or only part of it. They want to keep shifting what the public is used to, and probably even for no really good police-state reason, but just to suit their authoritarian tastes.

DannyB (profile) says:

Another consequence of backdoored encryption

If US companies are forced to build insecure systems and backdoored encryption, it will put the US at a competitive disadvantage compared to the other 96% of the world’s population.

The other 96% of the world population will know better than to use products from US companies — because of baked-in backdoors. If you’re looking for a security product, or a secure product, DON’T BUY FROM THE US!

Quasi-related: Intel’s Management Engine is going to come back to bite them so hard they will hate the day they ever built it. These things just take time. But I suppose I should consider that Windows is used all over the world and Microsoft can totally pwn your Windows computer at its whim.

Machin Shin says:

Re: Another consequence of backdoored encryption

“But I suppose I should consider that Windows is used all over the world and Microsoft can totally pwn your Windows computer at its whim.”

LOL, You mean like how Windows 10 is a huge malware program pretending to be an OS? They demand control over your computer any time they feel like they need an update. Then they spy on all that you do on your computer. If you try and stop all the spying then they make sure the next forced update “fixes” all your settings preventing the spying.

Thad (user link) says:

Re: Another consequence of backdoored encryption

Quasi-related: Intel’s Management Engine is going to come back to bite them so hard they will hate the day they ever built it. These things just take time.

I think you’re being optimistic.

Intel’s share of the processor market is already decreasing, but that’s mostly due to the rise of ARM in mobile devices. Intel has very little competition in the desktop/laptop market; AMD has made some positive steps in the past year, but the vast majority of people buying a desktop or laptop are not the kinds of consumer who pay attention to whether it’s got an Intel or AMD processor under the hood. (And the kinds of users who are likely to switch to AMD are enthusiasts who are more interested in performance for the buck than security — if security were their highest priority, they wouldn’t be using Windows.)

If IME is going to dent Intel’s bottom line, it’s going to be because OEMs become wary of Intel processors, not end users. I don’t see much evidence of that happening yet. If a major remote exploit shows up in the wild, that could change things, but so far most of the exploits have required physical access, and there’s no evidence of any attacks as yet.

I’d like to see users rise up against IME, but I just don’t think it’s a priority for most users — hell, most users aren’t even aware that it exists.

orbitalinsertion (profile) says:

Re: Re: Another consequence of backdoored encryption

OEMs will switch to AMD, at least in some portion of their offerings, for similar reasons as when they used AMD in the past: cost, or some feature. Considering AMD and Intel both have other IME flaws, and i don’t see security as being a big point of consideration with OEMs anyway, i imagine you have a fair point here.

Lawrence D’Oliveiro says:

Re: Re: Intel's share of the processor market is already decreasing

Intel is currently at number 3 in the processor market:

  • x86 — under 300 million units per year and still dropping
  • MIPS — close to a billion units per year
  • ARM — more units shipped per year than the entire population of the Earth.
orbitalinsertion (profile) says:

Re: Re: Re: Intel's share of the processor market is already decreasing

RISC architecture CPUs are still used differently than 86/64 CPUs. The continuing drop in the x86 market is the general purpose desktop being killed off. (I’d go for a RISC system for an open source OS, at least with one of the more current chips that basically are comparable in function to x86, or with board design that covers what the main processor doesn’t.)

Eldakka (profile) says:

Re: Re: Re:2 Intel's share of the processor market is already decreasing

The x86/x86-64 ISA is CISC, but the in-silicon processor architecture of the processing cores have been RISC for over a decade.

Their front-ends are CISCy, but the decode step in the pipeline breaks the instructions down into RISC instructions – what Intel calls micro-ops – for processing on the ALU/FPU. The actual processing cores – ALUs, FPUs, etc – are RISC engines.

Uriel-238 (profile) says:

"Purest Intentions"

The FBI has demonstrated from the Hoover years forward that it never has pure intentions.

Remember this is the same institution that entraps mentally disabled people in terrorist sting operations by gaslighting them and isolating them from all their friends.

Even if it _was_ possible to design encryption with a backdoor safe from hackers, The FBI (and the rest of our Law Enforcement) have demonstrated they should not be trusted with the keys.

Wray doesn’t follow codes of ethics or honor. He just trumpets for his team — a team to which the rest of us do not belong.

Iggy says:

Maybe the FBI needs to attract more "Smart People" to their side

If the “Smart People” are withholding solutions the FBI needs, maybe they should do more to attract “Smart People”. They wont find a secure encryption with a back door but they might get a leg up in the hacking arms race against Silicon Valley. As the Senator said, there are often vulnerabilities right from the design stage of many encryption schemes and hackers working for the government have found zero-day vulnerabilities before as in the Stuxnet virus. In modern times, there are costs to alienating people in STEM fields and the FBI is experiencing them now.

Zonker says:

Making a secure encryption backdoor is impossible because in order to work the backdoor must be able to break the encryption. If the encryption can be broken, it is not secure.

Authorized persons would have the key to the encryption.
Unauthorized persons would not have the key and have to find a backdoor to get in.
If a backdoor exists, they will be able to get in. If it doesn’t, they won’t.

The Wanderer (profile) says:

Re: Re:

The argument is that a secure backdoor could be one where any given ciphertext can be decrypted by either of two keys: the unique one controlled by the person who the encryptor means to be able to decrypt the data, and a single central key which is in the control/custody of law enforcement (or of a company which is obligated to use it upon demand of law enforcement).

No encryption-breaking is involved in that backdoor; it’s just that the encryption is designed to have two valid keys. (This is also why they try to argue that it’s not a backdoor, it’s a second front door, or something like that.)

Of course, even leaving aside the problems with securing the central key and the likelihood that that central key would be abused even by its authorized holders, the counterargument is that a system which is designed to have two keys in this way would be inherently easier to crack than one which is designed to have only one key, because of the mathematical underpinnings of the encryption.

That counterargument is where I understand the "nerd harder" line to come in; "if you think making one that’s not less secure would be impossible, you must not be trying hard enough".

Anonymous Coward says:

Choice

“He has claimed the move to default encryption is motivated by profit. And if that’s not the motivation, then it’s probably just anti-FBI malice.”

I certainly hope the choice list is longer, including at least sane, sober considerations of the security needs of private citizens and an entire web of national and international commerce. However, if no other options ARE on the list, I hope it’s malice. When it comes to malicious retaliation for deceitful attacks on Constitutional rights, I can think of no more deserving group than the FBI.

Toom1275 (profile) says:

“So, we’ve just rolled out our ‘secure encryption backdoor.’ How long do you think we can keep this to ourselves?”

“Ten…”

“Ten Ten what?”

“Eleven…”

“Wait, if this is a countdown, aren’t you counting the wrong way?”

“Twenty…”

“… And now it’s accelerating?!”

“…Fifty. This isn’t a countdown, it’s just a count – of how many malicious hacker groups already have possession of our ‘secret secure master key’. One hundred…”

Dave Cortright (profile) says:

Are you willing to conduct all of your personal banking with this backdoor encryption system, Mr Wray?

When it comes to literally putting your money where your mouth is, I would like to see any person who is proposing a backdoor encryption model move all of their personal banking, stocks, bonds, loans, retirement accounts… really all financial data over to using that encryption. Given all the bad actors out there, do they really trust all of their money with this system? I think we all know the answer…

That One Guy (profile) says:

Re: Are you willing to conduct all of your personal banking with this backdoor encryption system, Mr Wray?

Absolutely right. If they’re willing to put the public’s security at risk by mandating a security hole for things like banking, medical data, email and so on they should be required to put their own data under the same protections to demonstrate that they really believe that it’s secure.

Anything less should be treated as a flat out admission that they don’t trust what they claim is secure, and as such need to shut up.

Dave Cortright (profile) says:

Re: Re: Are you willing to conduct all of your personal banking with this backdoor encryption system, Mr Wray?

Maybe he should talk to Todd Davis…
https://www.wired.com/2010/05/lifelock-identity-theft/

“Apparently, when you publish your Social Security number prominently on your website and billboards, people take it as an invitation to steal your identity.

LifeLock CEO Todd Davis, whose [social security]number is displayed in the company’s ubiquitous advertisements, has by now learned that lesson. He’s been a victim of identity theft at least 13 times,…”

That One Guy (profile) says:

Re: Re: Re: Are you willing to conduct all of your personal banking with this backdoor encryption system, Mr Wray?

Credit where it’s due, he did put his money where his mouth was and learned personally why what he was pushing was a bad idea.

… Well, I was going to say I hope he learned his lesson, but a quick check at their wikipedia page and it seems that whether or not he learned his lesson the company at large apparently just brushed it aside and carried right on, to the point that they’ve been hit with multiple fines by the FTC, one in 2010 for deceptive advertising and another in 2015 for violations of the 2010 ‘agreement’.

Anonymous Coward says:

It is refreshing...

that someone is finally and openly protesting this and asking the good questions. One of the most frustrating aspects of this whole debate is how we have to entertain the notion that what these people say should be taken seriously, while the media and even opponents dance around the blatant lies and immature attacks because “terrorists” and “for the children” tales that are used in all their arguments.
These people with an impossible demand of “safe backdoors” keep demanding that we have an adult conversation, all the while acting like children, stomping the ground, going on like a 7 year old screaming “Waaah! I want a rocket launcher! Why can’t I have it?! You are so mean!”

Anonymous Coward says:

History repeating itself...

The USG’s desire to backdoor encryption used by it’s citizens and around the world is long known. This particular moment in history is just a repeat of the clipper chip push from the early 90’s. Look what happened there – Backlash against the USG from the public and private sector combined with release of strong (somewhat easy to use) encryption onto the internet, it all rendered the USG’s plan completely useless. The cat is out of the bag, you can’t outlaw math.

It’s almost as it Wray and his like keep reading Nineteen Eighty-Four where INGSOC is the benevolent dictator and Winston Smith is the enemy. Or maybe they’re reading it as a ‘how to’…

Dave P. says:

Brilliant

We could do with some forthright politicians like Mr. Wyden here in the UK. His letter is brilliant and he obviously understands what he’s talking about, unlike most of OUR waffling parliamentary members – and I am especially directing that comment at our lovely P.M; Mrs. May, who, once again, is up to her usual grandstanding tricks of trying to outlaw encryption. Do they not take any notice whatsoever of all the cryptographic experts who say that safe backdoors can’t be done? I despair.

That One Guy (profile) says:

Re: Brilliant

Do they not take any notice whatsoever of all the cryptographic experts who say that safe backdoors can’t be done?

Giving them the benefit of the doubt, they know, they just don’t care.

Under that view it’s simply grandstanding about how the terrible encryption helps criminals(ignoring the millions of non-criminals it protects), and how it allows them to avoid government scrutiny (again, ignoring that it also makes it harder to go on baseless fishing expeditions).

Besides, it’s not like their data will be protected by broken encryption, because while every person is equal, some are more equal, and therefore more deserving of protection, than others.

Anonymous Coward says:

This is very VERY simple.

Everyone is forced to ‘backdoor’ encryption for banks etc and the FBI holds the backdoor key.

if there is ANY breach, whether malicious or not, no matter who breached or why, the FBI’s payroll budget is on the hook for compensation.

I’d say we match copyright at say $150,000 per item per breach. Sound fair to everyone else?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...