FBI Director Says It's 'Not Impossible' To Create Compromised Encryption That's Still Secure
from the saying-the-same-thing-over-and-over-doesn't-make-it-true dept
FBI Director Chris Wray was back on the “going dark” stump this week. In a speech [PDF] at Boston College, Wray again stated, without evidence, that it wasn’t impossible to create weakened encryption that isn’t weakened. (via Cyrus Farivar at Ars Technica)
We have a whole bunch of folks at FBI Headquarters devoted to explaining this challenge and working with stakeholders to find a way forward. But we need and want the private sector’s help. We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both. I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available. But I just don’t buy the claim that it’s impossible.
It really doesn’t matter whether or not Wray “buys” this claim. If you deliberately weaken encryption — either through key escrow or by making it easier to bypass — the encryption no longer offers the protection it did before it was compromised. That’s the thing about facts. They’re not like cult leaders. They don’t need a bunch of true believers hanging around to retain their strength.
Yet Wray continues to believe this can be done. He has yet to provide Senator Ron Wyden with a list of tech experts who feel the same way. The “going dark” part of his remarks is filled with incongruity and non sequiturs. Like this, in which Wray says he doesn’t want backdoors, but rather instant access to encrypted data and communications… almost like a backdoor of some sort.
We’re not looking for a “back door” – which I understand to mean some type of secret, insecure means of access. What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.
If by “backdoor,” he means insecure exploit, then he’s technically correct. If by “not a backdoor,” he means another door located on the front or side or connected to the basement or whatever, then what difference does the door’s location really make? A door is door and it provides an opening where there wasn’t one previously.
Solutions have been provided. There’s no shortage of people suggesting workarounds. Metadata is valuable even if Wray continues to downplay it. It’s a weird position for him to take considering the agency’s long reliance on metadata swept up by the NSA. Devices can be hacked, but Wray continues to assert this isn’t a solution either, even after Cellebrite made the stunning announcement it could crack any iPhone, including the latest models. There are a variety of third parties hosting communications in cloud services, all of which could be approached to gain access to at least some evidence. Even public enemy #1, Apple, stores encryption keys for its iCloud services, which would give law enforcement much of what can’t be obtained from a locked device.
Wray doesn’t want a solution that isn’t forced subservience of tech companies. That’s become plainly apparent as he continues his anti-encryption crusade. Tech experts are ignored. Hacking breakthroughs like Cellebrite’s aren’t even cited. Legislators, for the most part, have offered no support for anti-encryption legislation, and yet Wray continues to push for technical access he can’t define and proclaim his rightness despite having no expertise in the subject matter.
He also mentioned the stack of cellphones the agency claims it can’t access — 7,800 devices or more than half of those the FBI tried to access last year. But the number is meaningless. Wray claims they’re all tied to investigations in one way or another, but does not describe what efforts were made to access their contents. Were the phones owners approached and asked for passcodes? Were the phones owners presented with the option of unlocking the devices or facing contempt charges? Were phones sent to Cellebrite or its competitors? Or has the FBI simply shrugged its shoulders, thrown them in a big pile, and decided to let the problem go unaddressed until it has enough legislators on its side?
In this discussion of The 7,800 Phones That Couldn’t Be Broken, Wray mentioned something that shows the FBI won’t be happy until it has mandated access to all encrypted data — not just data at rest on locked devices.
Being unable to access nearly 78-hundred devices is a major public safety issue. That’s more than half of all the devices we attempted to access in that timeframe. And that’s just at the FBI. That’s not even counting devices sought by other law enforcement agencies – our state, local, and foreign counterparts. It also doesn’t count important situations outside of accessing a specific device, like when terrorists, spies, and criminals use encrypted messaging apps to communicate, which is an increasingly widespread problem.
Wray ended his speech as he always does — with emotional appeals meant to throw shade on the tech experts who’ve told him his safely-broken encryption dreams are impossible.
After all, America leads the world in innovation. We have the brightest minds doing and creating fantastic things. A responsible solution will incorporate the best of two great American traditions – the rule of law and innovation. But for this to work, the private sector needs to recognize that it’s part of the solution. Again, I’m open to all kinds of ideas. But I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it’s utterly beyond reach to protect innocent citizens. I also can’t accept that anyone out there reasonably thinks the state of play as it exists now – much less the direction it’s going – is acceptable.
Broken down, his final thoughts on “going dark” run like this:
1. Smart people refuse to help us.
2. They are irresponsible.
3. They are part of the problem.
4. They are making America unsafe.
Christ, what an asshole. The private sector is doing far more to “protect innocent citizens” than the FBI is. Encryption makes communications and data transfer much, much safer. Wray wants this weakened for one reason: to give law enforcement immediate access. Will this make America safer? The answer is no. Default encryption has been available for years now and there’s been no corresponding spike in criminal activity and no loud chorus of united law enforcement officials lamenting their inability to close cases or prosecute people. America’s jails are as full as they’ve ever been and crime rates remain far lower than they were prior to the advent of smartphones and encryption-by-default. It’s only a very small number of law enforcement officials that seem to have a problem with this, but they’re by far the loudest and most visible.
Filed Under: backdoors, chris wray, encryption, fbi, going dark, responsible encryption
Comments on “FBI Director Says It's 'Not Impossible' To Create Compromised Encryption That's Still Secure”
Wrong from start to finish
We have a whole bunch of folks at FBI Headquarters devoted to explaining this challenge and working with stakeholders to find a way forward.
Great, then have them come up with what you insist is absolutely possible, ‘secure’ broken encryption, and let everyone else stress test it before you force it on the public. In fact, if you’re so sure that it can be done, start with your own agency, mandating that you use whatever ‘encryption’ system you want everyone else to be required to use, for no less than one year. Every system must use it, no exceptions, as anything else would be an admission that you don’t believe that what you’re pushing is truly secure.
But we need and want the private sector’s help.
No, you ‘need and want’ their subservience, their unquestioning obedience. That is distinctly different than wanting their help.
We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity.
Those are mutually exclusive options, taking one will necessarily require sacrificing the other. Strong cybersecurity means that good and bad people can make use of security that prevents both those with a badge and those without from accessing, easily or at all, certain data.
We need to have both, and can have both.
No, you want both, but you cannot have both. At ‘best’ you can have one, but it will require that the other be given up.
I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available.
In that it would require ‘varying degrees of innovation’ for the automotive industry to create cars that can ignore gravity with a flick of a switch, sure. Or in the sense that it would require ‘varying degrees of innovation’ for mathematicians to come up with a way for 2+2 to equal 5.
But I just don’t buy the claim that it’s impossible.
Translation: "I want your ‘help’, but I refuse to believe you when you tell me something isn’t possible, as advice clearly isn’t a form of help I welcome."
We have the brightest minds doing and creating fantastic things.
‘… Minds which we/I will completely ignore when they tell us/me that something isn’t possible, and/or make a statement that contradicts one of my stated positions.’
This reminds me of a perfect example someone else brought up to highlight the absurdity of this argument by noting that just because we can land a person on the moon, does not mean we can land a person on the sun(well, not and get them back…). Just because we have smart people creating other stuff, does not mean they can do the impossible in this case.
Again, I’m open to all kinds of ideas.
Liar.
You’re only open to ideas that match your preconceived notions and that support what you want. Anything else is to be rejected out of hand.
But I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it’s utterly beyond reach to protect innocent citizens.
In which case his mind would be absolutely shattered were someone to tell him about another form of communication, talking in private, that no amount of ‘lawful authority’ that wasn’t completely tyrannical and invasive could access.
I also can’t accept that anyone out there reasonably thinks the state of play as it exists now – much less the direction it’s going – is acceptable.
Only because you refuse to look or even acknowledge their existence. There are plenty of people who have looked at the existence of encryption, realized that it does allow bad people to do bad things at times, and yet still come to the conclusion that the gains vastly outweigh the costs.
(Gotta love the attempt at poisoning the well there by framing anyone who disagrees with him as not being ‘reasonable’.)
Broken encryption/’Responsible’ encryption/Unicorn gates were a stupid and dangerous idea when they first came up, and they remain a stupid and dangerous idea now. That the gorram FBI Director is pushing for an idea that he knows will cause vast amounts of damage(the only alternative to this is that he is impossibly stupid) is a disgrace to the position, and should be grounds for removal of office, or at the very least everyone firmly and strongly telling him to shut the hell up when it comes to topics that he is clearly unfit to comment on.
The country is not well served by an FBI director trying to make things easier for criminals and terrorists to harm the public, and he, or anyone else, really shouldn’t need to be told this.
Re: Wrong from start to finish
Most secure algorithms we use are technically broken: "Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute force. Never mind that brute-force might require 2^128 encryptions; an attack requiring 2^110 encryptions would be considered a break…simply put, a break can just be a certificational weakness: evidence that the cipher does not perform as advertised." (wikipedia link). E.g., AES-128 actually provides 126.2 bits of security rather than the claimed 128.
Of course that’s not what the FBI wants, and what they want was already proven insecure.
Re: Re: Wrong from start to finish
There’s a significant difference between ‘This encryption system probably has a flaw because people aren’t perfect, and therefore can’t make perfect encryption’, and ‘This encryption absolutely does have a flaw, because it’s required to, and all you need to do is find it.’
Re: Wrong from start to finish
“We have a whole bunch of folks at FBI Headquarters devoted to explaining this challenge and working with stakeholders to find a way forward.”
Great, let them build that awesome encryption. We will then break it and prove your goal is not achievable.
Pretty simple.
Re: Wrong from start to finish
Oh, “2+2=5” is absolutely easy – after all “2+2=4” is so because of the definition of addition. You change the definition, you change the result.
That so defined “+” might not have some other properties is a different story…
“What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.”
a.k.a. a back door. It doesn’t matter what kind of lock you install, who guards the keys for it and who you get permission to use them from. It’s still a door, and even a locked door is more vulnerable than simply not making a hole in the wall to install it in the first place.
What he and his kind are missing is simple – no matter how strong the door, no matter how restricted the access, no matter where it is installed – it still has keys, those keys can be used by the “bad guys” and once they have the keys it makes everyone less safe.
“Being unable to access nearly 78-hundred devices is a major public safety issue.”
The actual evidence for this is lacking. Perhaps instead of trying to mislead people about what they’re asking for, they’d be better served by explaining what it is that not being able to easily access these phones is preventing them from doing. Bearing in mind that authorities have never had instant access to the kind of data they’re trying to get here, but they still managed to do their jobs anyway in the past. If they want new powers, they need to both explain why they need them and why the public need for them is greater than the public need for effective encryption.
“I also can’t accept that anyone out there reasonably thinks the state of play as it exists now – much less the direction it’s going – is acceptable.”
He’s right here. The problem is that he’s part of the group that wants to push things further in the unacceptable direction.
Re: Re:
Your explanation is correct. But it is not as simple as a sound byte that cuts through all of the detail.
You can have either:
1. Secure systems. Hackers can’t get in, and neither can government.
2. Insecure systems. Government can get in, but so can hackers.
You can’t have both. They are mutually exclusive. It is not a sliding scale. It is like being pregnant. You are. Or you are not. There is no try.
Re: Re: Re:
Or, if we continue the door analogy:
1. (FBI demand) There’s a back door, but instead of keeping the key under a mat, we’ll keep it in a safe that only a few people can open, and nobody unauthorised will ever get in there, honest.
2. (Everyone else who understands the discussion) We don’t build the door to begin with, everyone has to still go in the front.
You’re right that soundbites are what’s probably needed to get the idea across, but that’s the difference – we’d prefer nobody builds the door in the first place, it doesn’t matter how secure they promise the door will be. Even if it’s as secure as they promise (and it absolutely won’t be), we’re better off without it.
Re: Re: Re:
1) People are “insecure”. Computing systems are “unsecure”
2) You offer a false dichotomy. There is no such thing as a secure computing system. The purpose of security is to slow down a determined attacker such that the attack can be discovered and mitigated before damage is done or data is exfiltrated.
In other words, we either don’t want to or forgot how to do our jobs and we will whine incessantly until things are done the way we want. Petulant kids are better than law enforcement.
Re: Re:
I think you’re wrong on the age thing.
The FBI are teenagers. They want what they want, now, without working for it because they’re special. And by the way, you geeks can provide it because of your magical abilities, and the fact that you won’t is because you hate us!
Christ, what an asshole.
Nice, 4 word summary of the entire article. Should have been the title.
Re: Re: Re:
Wrong! The are bunch of little Verrucas.
“In order to stop guns from killing innocent people, all guns should come equipped with a system where the presence of a person in front of the gun will automatically block the trigger and make it impossible to fire the gun. Only law enforcement officers can overrule this and shoot at people in the line of duty. I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available. But I just don’t buy the claim that it’s impossible. I also can’t accept that anyone out there reasonably thinks the state of play as it exists now – much less the direction it’s going – is acceptable.”
Re: Re:
Watch it happen in your lifetime. (Unless you’re 80, perhaps…)
Re: Re:
So in other words, only criminals will be able to use guns.
It’s not so much they want the physical access as the legal authority to force companies to modify their products in their interests.
Re: Re:
No, he doesn’t want the legal authority. If he did, he would continue to pester Congress to pass laws compelling compliance with the Agency’s wishes, instead of making public speeches. But he knows that a law that forbids encryption that is inaccessible to the government would be a hard sell, as it would drive business away from the US to many overseas companies. It would also apply to all devices in all use cases, unless some sort of ITAR-like regulatory system is set up.
Instead, what he wants is for companies to volunteer to weaken their encryption in some way for consumer products. He would probably prefer that this be done secretly, so that the public believes that the encryption is secure when it isn’t, but he would settle for society pressuring companies to do this “in the name of civic duty” or some such nonsense. This way, he can have his cake and eat it too: the government isn’t compelling anyone to weaken their encryption, strong encryption is available for business to business (where they can compel that a non-encrypted backup be kept), but weak encryption is there anyway for individuals’ devices.
Really, what he wants is to roll the clock back a few years. What he wants, without saying it outright, is for companies to stop offering Secure By Default services, i.e., default encryption of devices. He wants device encryption to be difficult to achieve and ultimately insecure. He also wants the use of device encryption to be considered an indication that the user is involved in suspicious activities (“why would he do something so difficult if he weren’t doing something illegal”). And he wants companies to volunteer to do this so that, which is why he keeps yapping about it.
Re: Re: "Your foot is bleeding because YOU shot it genius."
What he wants, without saying it outright, is for companies to stop offering Secure By Default services, i.e., default encryption of devices.
What makes the situation extra funny is that encrypted by default got a huge kick in the pants a few years back when people learned about how the NSA(among others) were simply incapable of showing restraint. They wanted it all, and they wanted it now, such that if the public wanted their stuff to be kept private they had to do it themselves, causing companies to start offering it as a selling point.
While more widespread encryption was almost certainly going to happen, the speed at which it did is likely almost entirely on the government agencies, one of which is now whining about how they can’t go on fishing expeditions as easily as before.
Re: Re:
Maybe the ignorant fools will declare themselves stake holders and modify the user stories to suit their goals – lol, agile is such a flimsy tool.
If encryption is used to secure communications between Alice and Bob, and is insecure if Carol, the FBI and any law enforcement has the ability to read the messages. Similarly if I encrypt my data, it is secure if only I can decrypt it, and is insecure if the CIA, FBI or law enforcement can decrypt it.
That is to say if any party other than the intended parties can decrypt the messages or data, the encryption is by definition broken. Therefore what he is demanding is broken encryption.
Also, it not as if it is impossible to solve crimes without access to all the encrypted data, because before the advent of phone, conversations could only be listened to by someone in the physical presence of those talking, or more rarely, intercept and read letters. Also, before computers and smart phone became almost ubiquitous, most of what the want to examine was ephemeral conversation, and not available for latter examination.
Police managed to solve crimes without the information he is demanding access, but doing so requires that the police are involved in, and respected members of society, rather than being seen as the enemies of most of society, and which is a problem that they themselves have caused by switching from proactive policing to reactive policing.
Re: Re:
Even if it actually IS impossible to solve a crime we shouldn’t be screwing everybody else’s rights and privacy because of the very few cases where the criminal was a mastermind that never erred and left no breadcrumbs.
Re: Re: Re:
Well, if that mastermind was so perfect as to not leave any traces, you bet he wouldn’t be using broken encryption but rather the (albeit illegal) unbroken one…
Re: Re: Re: A TRUE mastermind...
…would have his data compressed to include a secondary cache, so that if forced to open it under threat of duress (say a judge ready to throw down a contempt charge) he’d use the alternative password to show it’s 100% furry balloon porn.
Last I checked there are commercial and open source options that offer plausible deniability.
For everyone but idiot criminals, this battle is already lost by the FBI.
Re: Re:
I think what he’s asking for is that the definition of “the intended parties” be expanded to include “anyone the government says is lawfully authorized to access the contents”.
Redefining that part of the problem out of existence, in other words.
Which does exactly zip to address the practical problems which such a redefinition would entail, but he doesn’t appear to care about those.
Coming out of the mouth of a government official, ‘Not Impossible’ tends to sound too much like “Least Untruthful.”
For the FBI’s huge stacks of locked cellular telephones, There must be at least rough estimates, whether measured in years or decades (or centuries?), of when technology will advance far enough that those encryptions can be easily cracked.
so, if it’s not impossible to do, why have none of his employees or outside sources managed to achieve it? anyone think it might be something to do with ‘it isn’t possible’?
Re: Re:
Several have, the director just wants to have it for free/ no cost.
Also not impossible
It’s also not impossible for the FBI to not be completely corrupt.
But it’s not the way things are.
Bottom line
The bottom line is that the FBI is asking to make hundreds of millions of us more vulnerable to attack in order to avoid doing more police work in a dozen or so cases.
Key escrow
implies that the FBI can be trusted. The ENTIRE foundation of the FBI starting Hoover is based on breaking the law and not being held accountable.
They are the last people on Earth I would trust to hold encryption keys.
Multiple keys to same data
This backdoored encryption is just multiple copies of the same data, which has been encrypted with different encryption keys. Then distribute both of them in the same package, allowing decryption of the content with either of the keys.
Obviously this will duplicate the amount of data that needs to be handled, and management of the keys is always problematic, but otherwise it’s just ok kind of encryption.
Re: Multiple keys to same data
So… you understand that there will be more keys than should be necessary, and you understand that actually securing those keys will never be 100% effective. But, you don’t understand that this is reducing security for everyone, that this is exactly the problem, and the thing that the FBI are pretending isn’t going to happen?
Re: Multiple keys to same data
Anytime you have more than one way to access data, it’s broken and insecure. Sure the encryption hashes might be strong but you have an extra key that is outside of your control. If whoever has access to that key loses control of it and it goes public, you’re screwed. There is nothing you can do to prevent everybody and their brother’s cousin’s sister’s third aunt twice removed from getting access to your private data.
What you’re describing is simply a more complicated form of key escrow which doesn’t solve anything.
Re: Re: Multiple keys to same data
A bit of a tangent, but this reminds me of something I’ve wondered about recent-ish-ly.
Say you have three pieces of data: 1, 2, and 3. You group them in all seven possible combinations (1, 2, 3, 12, 13, 23, and 123), generate seven distinct but equally-complex keys, and encrypt each grouping with a different one of those keys.
Would it be easier for someone who has all seven encrypted files on hand to break the encryption on at least one such file than for someone who has fewer (e.g., just one) of them?
(The idea here is that you can choose which decryption key to hand over to a given person depending on which parts of the complete data set you want to permit that person to access.)
Re: Re: Re: Would it be easier for someone who has all seven encrypted f
Yes.
Re: Re: Multiple keys to same data
Did we seriously expect Mr. I-Hate-Fair-Use-and-Will-Lie-the-Fuck-About-What-IP-Law-Actually-Says to have anything substantial to say about tech?
Re: Multiple keys to same data
If you don’t know how many people can access (read) that key, how many people can copy (write) that key, and how many others could have just snapped a picture of the key with their smartphones, or sent the key via a private VPN to whatever foreign agency wanted it, it’s become insecure.
Once more than one copy of your key exists outside of your direct control it is far more easy for it to be stolen or viewed by unauthorized parties.
Re: Multiple keys to same data
One would think that making multiple copies of something would make it more likely to be compromised, not less. Would you be willing to be the first test subject of such a system? Put your ssn and pw in a file and let them make a bunch of copies each encrypted with a different key and then distribute same across all sorts of government and law enforcement agencies. How long do think it will be before you are broke and no longer have a retirement to look forward to?
Re: Multiple keys to same data
Two messages of the same length.
The government can read one of the messages with their golden backdoor key. They cannot read the other one encrypted with your secret key. But they believe the contents are the same because you say so.
I see no flaw in this scheme.
If it is so easy, why doesn’t this douche nozzle just tell us how to do it?
Smart people refuse to help us.
Your enumerated points aren’t unique to the FBI. This view is being flogged all across mass media, by both parties and has been for about a decade.
Compromised Encryption
He probably also believes:
It is ‘Not Impossible’ To Create Corrupt Politicians That Are Still Ethical.
Dear Mr. Wray
Please gather the “folks at FBI Headquarters devoted to explaining this challenge and working with stakeholders to find a way forward” and have them present their plan.
Problematic at its core.
The real problem here is truly a lack of mathematical understanding by not just politicians, but people in charge of major security agencies. An analogy here might be:
Is 2+2 ALWAYS equal to 4? Can’t we just have it equal to 4.1 when we need it to? But we have smart people; why can’t they make it equal to 4.1, or maybe 4.05? We pay them a lot. They’re really smart. Why can’t they do this for us? Why must they be unpatriotic? We know they can do this, so why must they be so stubborn?
This comes from a serious lack of mathematical education that goes way, way back to elementary and middle school.
You cannot cure this without fundamental changes in our educational system.
Re: Problematic at its core.
Well….
2+2 sometime can equal 4.1…. for slightly larger than normal values of 2.
So I suppose there could be a “secure” two key system. If the primary key is entered, display the contents. If the secondary key is entered, display the key as an image. If any other key is entered display nothing. Set the secondary key to goatse.x and give it to the FBI.
Ta da! A two key system that’s still secure, and gets the FBI what they really want.
Re: Changing the laws of math by fiat
We’ve tried this to some degree. Much the way that tomatoes are classified as fruits by biological standards, they’re classified as vegetables by the department of commerce since tomatoes are consumed in savory dishes (such as salads or dinner sauces) atypical of sweet fruits.
Some educational departments want to reduce Pi to 3, for the ease of public education students, figuring that if they ever are doing anything that requires more precision they can relearn their circles.
Then the math teacher blows their minds by circumscribing an equalateral triangle, creating spaces with an area of zero.
Bona Fides
Dear Mr Wray,
You sound like such a nice man. I once had a friend who I’m sure would have been able to help you. His name is Aaron Swartz. Unfortunately he’s no longer with us.
broken encryption vs 4th Amendment
Personally, I consider personally owned electronic devices to be protected by the 4th Amendment. Encryption is to enforce our protections.
If Chris Wray does not agree with the Constitution, then why doesn’t he just get a warrant allowing him to beat the passcode out of the accused? Then it’s judges and the law that he can rail against instead of the tech industry. Oh, but that is the hand that feeds him.
If it isn't impossible
If it’s not impossible then what are you waiting for? Shut up and get to work inventing that system instead of demanding someone else do it. Maybe the NSA can help you with it. You can also volunteer to test whatever system you come up with on your devices.
He's right
It is possible to create a backdoor to encryption that is secure. It is secure until it’s used. He should work with the DRM industry. They have a great track record of securing software.
Missing the point
> If you deliberately weaken encryption — either through key escrow or by making it easier to bypass — the encryption no longer offers the protection it did before it was compromised
This whole debate is sort of missing the point. The battle over weakening encryption has already been lost. Widely available, open-source, free, strong encryption algorithms have existed for a while.
“But I just don’t buy the claim that it’s impossible.”
Well … if he really believes this, which I doubt, then perhaps he would like to volunteer his financial documents for use in a test of his theory using whatever mythical secure but warrant-able transmission technique(s).
I eagerly await this experiment.
So you want the most secure door
then you hide the spare key under the door mat
hoping no one else but you will find it .
Good Luck with that
“Compromised Encryption That’s Still Secure”
This guy deserves an Oscar for saying that as if he meant it.
….Or maybe he fell on his head every day as a baby.
That device is doing illegal things, arrest it...
…Read it it’s Miranda rights, get it a lawyer and prosecute the hell out of it. What do you mean it has the right to not testify?
I still have a problem with Wray’s assertion that the 7800 devices he cannot decrypt are a public safety issue. What does he think those devices are going to do? Since the devices are presumably in the possession of law enforcement, just lock them up, or better still put them in a Faraday cage so that they cannot do anything on their own. Or, they could come to understand that devices don’t do anything, but the people using those devices do things, or cause devices to do something. It’s the people he needs to go after, not the devices.
So, he will come back with, we need the information on those devices to investigate and prosecute those people who do things with devices. And, as mentioned ad nauseum, there are other methods of investigation that do not require access to devices. It does take more work, and probably more time. It sure seems like the hurry he is in is more like he has a party to go to rather than the end of the world would be exposed if the devices were decrypted. Does he think he’s the head of a union or something?
Re: That device is doing illegal things, arrest it...
So a gun walks into a school
wait wait a person walks into a school
No it was the gun , the person had nothing to do with it
The gun had immoral intentions
are you sure it wasn’t the person?
No this is the age of enlightenment you fucken idiot
people no longer have responsibility for themselves its always the inanimate that did everything
that’s why the gun walked into the school
Re: Re: That device is doing illegal things, arrest it...
The gun might not do those things itself, but it sure helps kill a lot of people when a person has a gun, doesn’t it? There’s a reason why the US is the only country in the world where those things regularly happen, and no matter what you’re being told it’s not because you don’t arm enough teachers.
Re: Re: Re: That device is doing illegal things, arrest it...
LAST month, British woman Sue Howarth and her husband Robert Lynn were woken at 2am by three men breaking into a window of their remote farm in Dullstroom, a small town in the northeast of South Africa, about 240km from the nearest capital city.
The couple, who had lived in the area for 20 years, were tied up, stabbed, and tortured with a blowtorch for several hours. The masked men stuffed a plastic bag down Mrs Howarth’s throat, and attempted to strangle her husband with a bag around his neck.
The couple were bundled into their own truck, still in their pyjamas, and driven to a roadside where they were shot. Mrs Howarth, 64, a former pharmaceutical company executive, was shot twice in the head. Mr Lynn, 66, was shot in the neck.
Miraculously he survived, and managed to flag down a passer-by early on Sunday morning. Mrs Howarth, who police said was “unrecognisable” from her injuries, had multiple skull fractures, gunshot wounds and “horrific” burns to her breasts.
“Sue was discovered amongst some trees, lying in a ditch,” writes Jana Boshoff, reporter for the local Middelburg Observer newspaper. “Her rescuers managed to find her by following her groans of pain and then noticing drag marks from the road into the field.
“Her head was covered with a towel. Her eyes were swollen shut. She was partially clothed with just scraps of her shirt remaining. Her breasts and upper body was bloody. The plastic bag, shoved down her throat, took some effort to remove because her jaw was clamped down tightly.
“How she managed to breathe with the bag in her throat remains a mystery. One of her rescuers later recalled how Sue was unresponsive except for the constant groaning. Whilst the man ran back to the road to see if an ambulance has not arrived yet, she managed to curl one of her arms around her breasts in a last attempt to protect herself.”
She was rushed to hospital and placed on life support, but died two days later. Due to her British nationality, her murder attracted an unusual amount of overseas media attention.
Robert Lynn managed to survive the attack.
Robert Lynn managed to survive the attack.Source:Supplied
Mr Lynn shows how he was tortured with a blowtorch. Picture: ITV News
Mr Lynn shows how he was tortured with a blowtorch. Picture: ITV NewsSource:Supplied
In any other country, such a crime would be almost unthinkable. But in South Africa, these kinds of farm attacks are happening nearly every day. This year so far, there have been more than 70 attacks and around 25 murders in similar attacks on white farmers.
Earlier this month, for example, 64-year-old Nicci Simpson was tortured with a power drill during an attack involving three men at her home on a farm in the Vaal area, about two hours drive from Johannesburg.
When paramedics arrived, they found three dead dogs, and the woman lying in a pool of blood, spokesman Russel Meiring told News24. “They used a drill to torture her,” police spokesman Lungelo Dlamini said.
Official statistics on farm attacks are non-existent, due to what human rights groups have described as a “cover-up” by the notoriously corrupt — and potentially complicit — South African government.
Play
Mute
0:00
/
0:27
Fullscreen
Autoplay
A group of armed men captured walking onto a property in South Africa
The most reliable numbers are released by the Transvaal Agricultural Union, which represents commercial farmers, and civil rights group AfriForum.
According to the TAU, last year there were 345 attacks resulting in 70 deaths — the highest death toll since 2008. In 2015 there were 318 attacks resulting in 64 deaths, and the year before there were 277 attacks resulting in 67 deaths.
In total, between 1998 and the end of 2016, 1848 people have been murdered in farm attacks — 1187 farmers, 490 family members, 147 farm employees, and 24 people who happened to be visiting the farm at the time.
While South Africa has one of the highest rates of violent crime anywhere in the world, the attacks on white farmers are no ordinary crimes.
In a 2014 report, “The Reality of Farm Tortures in South Africa”, AfriForum wrote that “the horror experienced during farm tortures is almost incomprehensible”.
“The well-known ‘blood sisters’ from the South African company Crimescene-cleanup have rightly indicated that, in their experience, farm tortures are by far the most horrific acts of violence in South Africa,” the report said.
“They are of the opinion that the term ‘farm murders’ is misleading and that the terms ‘farm terror’ and ‘farm tortures’ are more suitable.”
An image of an elderly farm attack victim uploaded to Facebook.
An image of an elderly farm attack victim uploaded to Facebook.Source:Facebook
Human rights groups say the number of attacks is increasing.
Human rights groups say the number of attacks is increasing.Source:Facebook
While sometimes farmers and their families are tortured to obtain information, such as the whereabouts of keys to the safe, human rights groups say the excessive brutality may be intended to send a message to the general farming community — get out of our country.
Victims are often restrained, harmed with weapons such as machetes and pitchforks, burned with boiling water or hot irons, dragged behind vehicles and shot. Female victims are often raped during attacks.
AfriForum warns that the attacks are becoming increasingly sophisticated, military-style raids, but says community farm watch groups and sharing of information on WhatsApp and Facebook were thwarting a “significant” number.
The three men responsible for killing Mrs Howarth — Themba William Yika, Nkosinathi Yika and Lucas Makua — were arrested soon after, and more than 150 farmers turned up to demonstrate outside court.
But any form of justice is incredibly rare, and white farmers are increasingly questioning their future. The number of white farmers in South Africa has halved in a little over two decades to just 30,000. Thousands more farms are up for sale.
“The farmers live in fear, because being a farmer in South Africa is the most dangerous occupation in the world,” Henk van de Graaf, spokesman for the TAU, told Swedish newspaper Nya Tider last year.
“The average murder ratio per 100,000 or the population in the world is nine, I believe. In South Africa, it is 54. But for the farming community it is 138, which is the highest for any occupation in the world.”
Since 2007, at the direction of the government, South African police have stopped releasing statistics about the race of the victims. Monitoring group Genocide Watch says the cover-up has been exacerbated by American and European governments, which have “remained silent about the problem, reinforcing the campaign of denial”.
The rise in farm attacks has been blamed on increasingly anti-white hate speech, particularly from the ruling African National Congress.
The home of Robert Lynn and Susan Howarth. Picture: ITV News
The home of Robert Lynn and Susan Howarth. Picture: ITV NewsSource:Supplied
Security footage uploaded to Facebook by Intelligence Bureau SA.
Security footage uploaded to Facebook by Intelligence Bureau SA.Source:Facebook
In 2010, high-profile ANC member Julius Malema sang “Shoot the Farmer, Kill the Boer”, which Genocide Watch describes as “once a revolutionary song, but now an incitement to commit genocide”.
Malema was convicted for hate speech and the singing of the song was banned, but just seven months later president Jacob Zuma sang the song himself at an ANC event, in direct contempt of the judge’s ruling.
Malema was later kicked out the ANC, forming his own Marxist party, the Economic Freedom Fighters, which is now the third-largest party in parliament. Recently, Malema has been travelling the country urging black South Africans to take back land from “Dutch thugs”.
“People of South Africa, where you see a beautiful land, take it, it belongs to you,” Malema was quoted in The Telegraph as telling parliament.
Perhaps in response to populist pressure from Malema, Zuma earlier this month called for the confiscation of white-owned land without compensation. Zuma urged the “black parties” in the parliament to unite to form the two-thirds majority that would be needed to make the necessary change to the country’s constitution.
Last week, during a debate in parliament about the farm attacks, an ANC MP shouted “Bury them alive!” while MP Pieter Groenewald was speaking about the plight of white farmers.
“This is proof that the utterances of political leaders could lead to violence and murders and that the issue of farm murders is of little importance to the ANC,” AfriForum’s head of community safety, Ian Cameron, said in a statement afterwards. “Certain members of the ANC were chatting during the debate and not listening nor partaking at all.”
While right-wing groups have claimed South Africa is experiencing “white genocide”, Genocide Watch disputes that characterisation. According to the group’s founding president, Dr Gregory Stanton, “early warnings of genocide are still deep in South African society, though genocide has not begun”.
South Africa president Jacob Zuma. Picture: Mujahid Safodien/AFP
South Africa president Jacob Zuma. Picture: Mujahid Safodien/AFPSource:AFP
Economic Freedom Fighters leader Julius Malema.
Economic Freedom Fighters leader Julius Malema.Source:AFP
“The fact that farm murders do not comply with the legal definition of genocide in no way renders the crisis that white farmers in particular face in South Africa as less imminent,” AfriForum deputy CEO Ernst Roets wrote in a report this month.
“It is important to note that not all who are murdered on farms are white people. On the other hand, it is equally important to note that black farmers are not subjected to the same levels of torture as their white counterparts.”
Australian rice farmer Graeme Kruger, who emigrated from South Africa to New Zealand in 1997 before coming to Australia in 2012, said an increasing number of white farmers were getting out.
“I would like to say, I certainly have never been and was never a supporter of the apartheid regime, and I certainly didn’t immigrate because I wanted to get away from South Africa,” said Kruger, now executive director of the Ricegrowers’ Association of Australia.
“We supported and openly celebrated the changes. But equally what is happening now is not right. To me it’s about humanity. Whether it’s the old apartheid regime or black-on-black violence or xenophobia, leaders need to be very careful with their positions and inciting violence towards anyone.”
Kruger’s family, like many, has been touched by violence. “My wife’s aunt — it wasn’t a farm situation — they broke in through the roof, stole her TV, tied her up with cords and she was killed,” he said.
Asked whether he feared South Africa would become another Zimbabwe, where white farmers have all but been driven out, Kruger was uncertain.
“My family back in South Africa have chosen not to [get out], and they love living there,” he said. “They have a very hopeful, pragmatic view, but they are also concerned.
“South Africans have got this undying ability to believe in the bigger picture, and I’m talking about many blacks. There are lots of wonderful people of all colours that believe all of this stuff is wrong.
“The question I would ask, given the rhetoric, is there a future for farming in South Africa? It’s not just about, is there a future for white farmers. It’s three times more dangerous to be a farmer than it is to be a policeman. It’s sad — it’s not what we want.”
frank.chung@news.com.au
Re: Re: Re:2 That device is doing illegal things, arrest it...
TL;DR
Re: Re: Re:2 That device is doing illegal things, arrest it...
There is a function on the internet known as a “link’ which you can paste instead of an entire uncited article.
But, even if you were intelligent enough to know how conversation happens on the internet – what did your apparent tale of farmers in South Africa have to do with my comment?
I admit I only skimmed the thing because you were too lazy to provide any context and thus weren’t worth the effort of making effort myself, but it seems totally irrelevant.
Re: Re: Re: That device is doing illegal things, arrest it...
Yea go buy a farm in South Africa
I’m sure you’ll love your gun free zones
Re: Re: Re:2 That device is doing illegal things, arrest it...
What the actual fuck does your bullshit story about murder on South African farms have to do with the price of tea in China?
Re: Re: Re:3 That device is doing illegal things, arrest it...
An armed society is a polite society .
Re: Re: Re:4 That device is doing illegal things, arrest it...
Even in a bar at 2AM?
Re: Re: Re:4 An armed society is a polite society .
Interesting, then, that the Japanese (who have no gun culture) find a lot of USians rude, or at least boorish. And that guns do nothing to improve their charm.
Re: Re: Re:4 That device is doing illegal things, arrest it...
Then why is America full of so many mass murdering fuckwits, while countries where they don’t feel the need to carry any weapon at all on them far nicer to each other?
Re: Re: That device is doing illegal things, arrest it...
Don’t conflate constructive tools with destructive weapons. Encryption has lots of constructive uses; guns don’t.
Re: Re: Re: That device is doing illegal things, arrest it...
Your right……. why should law abiding citizens have the right to infringe on a criminals ability to attack you unopposed .
Re: Re: Re:2 right to infringe on a criminals ability to attack you unop
Ah, the old self-defence chestnut…
Can the gun nuts really come up with nothing new?
Re: Re: Re:2 That device is doing illegal things, arrest it...
Why is the only method of self defence you can think of a gun? Lots of people defend themselves every day without one.
Christ…they can’t even do their jobs correctly when they have unencrypted data AND multiple reports about a person wanting to shoot up a school.
Why should we believe that they will improve with access to encrypted data via the encryption screen door they’ve been pushing?
Re: Re:
I think their goals are more in line with CYA than with law enforcement.
The FBI is no longer interested in law enforcement.
The FBI has even removed enforcing the law from its mission statement.
Rather it is interested not in serving the public but in protecting the current regime.
In that light it deserves no cooperation from the public. It’s not here to serve and protect the people of the US. To the FBI bad guys is more about dissenters than criminals.
In fairness to the government, considering how quickly a speedy trial can be convened, they probably haven’t yet worked through the backlog of arrestees from the pre-encryption days, so they haven’t even looked at how many more recent arrestees might be using default encryption. Give them at least another ten years before assuming they have data current enough to support or disprove such a claim.
Wray: "the FBI supports ... strong encryption"
“the FBI supports information security measures, including strong encryption”, as in “strong, like bull”
(shit!)
Give Us A Constructive Proof
You claim it can be done, show us a proof of concept. It doesn’t have to be a production-quality system, it just has to demonstrate the basic principles in operation.
During the (Bill) Clinton Administration, we had the Clipper chip, which was intended as just such a system. It didn’t work then, and the (initially classified) algorithm turned out to be problematic anyway. Think you can do better? By all means, show us a Clipper Mk II, and let it be subject to open peer review.
Because if it cannot survive critical probing by the good guys, how do you expect it to stand against the bad guys?
Has it occurred to FBI Director Chris Wray that ...
… 17 people killed at the recent Florida shooting might still be alive if he had assigned his agents to investigate reported threats instead of tasking them with concocting propaganda stories to serve his anti-encryption crusade? Or, as he prefers to describe it, devoting “folks at FBI Headquarters to explaining this challenge and working with stakeholders to find a way forward”
Re: Investigating reported threats
The problem with situations like Cruz has a remarkable similarity to the NSA stack of surveillance data for their eternal search for terrorists: we’re swamped by false positives.
And law enforcement, including the FBI are not very good at handing innocent false positives without wrecking their month. (If not their whole life.)
In San Francisco, we have psychiatric crisis centers to hook people up with urgent counceling so they can talk through their issues and reach a state where they can weigh alternatives to suicide (or in some cases, homicide).
I can’t speak for other parts of the nation, though some have crisis counciling available at any time while others simply disparage people for emotional crisis as being crybabies or special snowflakes or whatever. We’re going through an unforgiving era in the US.
At any rate, most crisis centers are typically impacted with dispair situations, most of which may have resolved without incident, but some might not have. We never can tell, because no-one knows when you saved the world from another rampage killing or suicide. We only know our failures, and the rest are people who go on to live another day.
The FBI has been more about politics than investigating crime since its inception from the Pinkertons. They hunt enemies of the (current) state, or during the Hoover years, enemies of J. Edgar Hoover. So I wouldn’t really count on the FBI as being useful for anything, except maybe serving to sustain the FBI.
Belief is What Matters
To paraphrase Chris Wray, “I don’t care how many so-called ‘experts’ claim they have secret, special knowledge to the contrary, which I’m utterly incompetent by either training or wit to grasp, from where I stand, I can plainly see the world is flat.”
“Responsible Encryption” – the NEW, government-approved religion*!
*Disclaimer: winged unicorns not included.
Wray is still "catching up on all things cyber"
“the last time I had to think seriously about cyber security through a law enforcement and national security perspective was 13 years ago. … It’s fair to say that no area has evolved more dramatically since then, given the breathtaking and blistering pace of technological change. And I’ve tried over the past six months to start catching up on all things cyber.”
“the most useful thing I can do today is to offer the viewpoint of someone who’s looking at this world with fresh eyes”
And with my “fresh eyes”, I see that the crypto experts have simply not tried hard enough, and they need to simply “nerd harder”.
Hi,
I am about to bring my secure back door encrypted messaging startup out of stealth. I am certain that with enough funding almost anything is possible.
I could use a little help from someone, who may (or may not) be reading this while wearing a very sharp looking logo’d vest, in raising my 400MM seed round from the people who know in their heart that this technology is absolutely possible.
Who’s in?
Nothing is impossible
The recent production of hitchhikers guide to the galaxy on the BBC should remind us all that nothing is impossible. But many things are infinitely impossible.
“It also doesn’t count important situations outside of accessing a specific device, like when activists, whistleblowers, and regular people use encrypted messaging apps to communicate, which is an increasingly widespread problem.”