The Future The FBI Wants: Secure Phones For Criminals, Broken Encryption For Everyone Else
from the safety's-just-another-word-for-nothing-left-to-lose dept
The old truism is in play again with the FBI’s renewed CryptoWar: if X is outlawed, only criminals will have X. In this case, it’s secure encryption. The FBI may not be trying to get encryption banned, but it does want it weakened. No backdoors, claims FBI director Chris Wray, just holes for the government to use at its pleasure. So, if the FBI gets it way, the only truly secure encryption will be in the hands of criminals… exactly the sort of people the FBI claims it needs weakened encryption to catch.
For years, a slew of shadowy companies have sold so-called encrypted phones, custom BlackBerry or Android devices that sometimes have the camera and microphone removed and only send secure messages through private networks. Several of those firms allegedly cater primarily for criminal organizations.
Now, the FBI has arrested the owner of one of the most established companies, Phantom Secure, as part of a complex law enforcement operation, according to court records and sources familiar with the matter.
Phantom makes phones solely for criminals, unlike Apple or Android manufacturers, who only have a certain percentage of criminals in their userbases. All of these companies may provide the protection of encryption, but only one actively targets a criminal market. Encryption protects everyone, not just criminals, but that fact is usually paved over with subtle-as-10-tons-of-asphalt comments from the FBI director while portraying the FBI as the nation’s white knight and cell phone manufacturers as profit-driven sociopaths.
These companies marketing directly to criminals do more to protect data and communications than vanilla smartphones. Remote wipe capability is built in. Often, cameras and microphones are removed, along with GPS software/hardware. It’s more security than most people need, but then again, most people aren’t cartel members.
The thing is, the FBI director doesn’t care if you’re law-abiding. He wants your encryption options limited and weakened so the contents can be accessed. This makes your smartphone more susceptible to being accessed by criminals, rather than just G-men. And these criminals accessing your phone will probably have phones the FBI can’t even access, even with backdoors or key escrow or easily-cracked encryption. Chris Wray claims this is all about public safety, but he’s willing to make the public less safe to gain the access he wants.
While I understand the concern of the inability to access evidence, the fact remains no solution involving compromised encryption will make the public safer. And while I understand the concern, the concern itself is overstated and accompanied by smoke-and-mirrors presentations. The FBI points to stacks of locked phones, but says nothing about the many tools at its disposal: phone-cracking companies, judges, contempt charges, good old fashioned consent requests, or whether all cases involving these phones remain at a standstill. The FBI does not argue in good faith, and the access it wants can only be had by sacrificing the security and safety of law-abiding citizens.
Filed Under: doj, encryption, fbi, going dark, security
Comments on “The Future The FBI Wants: Secure Phones For Criminals, Broken Encryption For Everyone Else”
When will the TLA’s demand plain text copies of all electronic communication are lodged with them in case they need to look at them?
What do the major credit card companies think about this?
I am still waiting to hear what the major credit card companies think about this. If the government pushes ahead with the compromised encryption, are the credit card companies going to end ecommerce. Maybe you will be a able to get a permit for secure encryption if you are a major corporation that donates to the right political campaign.
Re: What do the major credit card companies think about this?
They will be able to use strong encryption, because they can turn over plain text records on demand, and without a warrant as it is all third party data.
Re: What do the major credit card companies think about this?
Do you remember the non-export browsers of the 1990s? To get a secure version of IE (for free), I had to provide an American or Canadian address and promise I wasn’t going to export it. Otherwise it was 40-bit encryption. Not many sites could do 128-bits; maybe a few banks.
There’s a reason we’re calling this Crypto Wars 2.0.
Re: What do the major credit card companies think about this?
I don’t know about credit card companies, but banks have been trying to have version 1.3 of TLS weakened to make their jobs easier. https://www.cyberscoop.com/tls-1-3-weakness-financial-industry-ietf/
Re: Re: What do the major credit card companies think about this?
The good news is that their call for a back door was refused.
https://www.cyberscoop.com/tls-1-3-approved/
Re: What do the major credit card companies think about this?
The financial sector will not save you. It’d be too expensive.
https://www.cyberscoop.com/tls-1-3-weakness-financial-industry-ietf/
Of course this is how they want it. It makes their jobs way easier. They didn’t get Al Capone for all the various racketeering and murder, they got him for tax evasion. The FBI regularly doesn’t get people for various forms of corruption, but for perjury.
And in this case they want to make it so they don’t have to get you for whatever you were doing on your encrypted channel, they can just lock you away for using an encrypted communications channel.
Re: Re:
It’s essentially the same scheme that the MAFIAA is pushing towards. It’s too expensive and difficult to track down and sue all the individual copyright violators out there, so they want to be able to go after anyone even talking about specific examples of copyright violation.
I really thought based on the headline the story was going to be about how only the FBI would be allowed to have encrypted phones.
Re: Re:
Oh, don’t worry, I’m sure if any legislation ever comes around to getting drafted, there’ll be an exception for law enforcement, military, and congress.
So basically, you want a backdoor?
Re: Re:
Nooo you are not getting the point. They are not doors you know, just windows through we can get into. 🙂
Re: Re: Re:
So, you want back windows
No, no, no. Just like a secret small opening in a wall that only we can look through.
Re: Re: Re: Ummm, no…
…They’re still shy about admitting they want their own glory holes
so they twist English into pretzels to call them anything but that. ;]
If it's possible, why hasn't the NSA published the mechanism?
The NSA has possible the world’s best collection of cryptographers.
If what these people claim is possible, why hasn’t the NSA published the mechanism to do it yet?
Secure crypto doesn’t rely on secret methods. In fact, just about every crypto which employs a secret methodology has been shown to be insecure.
Re: If it's possible, why hasn't the NSA published the mechanism?
They may have:
https://en.wikipedia.org/wiki/Dual_EC_DRBG
What about the First Amendment and Anonymity
My understanding from reading examples such as [this](https://www.jstor.org/stable/794351?seq=1#page_scan_tab_contents i) (Oh, well. So much for markdown.) Anyway, if the First Amendment protects anonymity, then government-driven weakened security (backdoors, holes, exploits, etc.) would seem to be a First Amendment violation. What am I missing?
Re: What about the First Amendment and Anonymity
“What am I missing?”
Power?
Re: What about the First Amendment and Anonymity
The use markdown tick box.
Re: Re: What about the First Amendment and Anonymity
The “Preview” button.
That’s amazing – I didn’t know that Techdirt had hired the anthropomorphic personification of a Twitter debate to write articles on its site.
I frankly don’t see any other reason for the “what-about-ism” in the second half of the article. It is as irrelevant to the first half of the article as the price of tea in China, and the fact you would combine tow two tells me more about Techdirt’s biases than it does about the original story.
But hey, congratulations on successfully using a bot to write an article! That is quite the accomplishment!
Re: Re:
Huh?
Re: Re: Re:
exactly what I thought when reading Tim’s piece!
Re: Re: Re: Re:
Perhaps work on your reading comprehension?
The post has a pretty clear through-line. 1. FBI wants to outlaw encryption to capture more criminals. 2. There are companies that specialize in selling encrypted phones to criminals. 3. If the FBI succeeds in fubar’ing encryption, there criminals will still have encryption and 4. everyone else gets screwed.
I see no "what-about-ism." I see no Twitter style argumentation (other than from your baseless attacks). I’d expect better of you.
Re: Re: Re:2 Re:
I hate to (sort of) agree with an obvious troll, but I have to admit that the fourth paragraph IS a bit more convoluted than it should be. Even after reading it several times, it still felt awkward and confusing to me i spite of the fact my reading comprehension is above average. Your comment actually does a better job of summing it up, IMHO. As for the rest of the article, it was fine and I found it interesting.
Now if you’ll excuse me, I feel very dirty and thus am heading off to have a shower. 😉
PS: I had no idea super secure cell phones were being marketed to “criminals”, though surely they aren’t the only people who buy these things? I definitely like the concept, speaking as someone who always goes the extra mile when it comes to securing my home and all my digital devices. Other than a point and shoot camera (USB only), I do not own anything with a camera or microphone as I’ve never been able to bring myself to trust devices that have them; doubly so for internet enabled devices. Given everything that has been coming to light this past decade, I was certainly justified in being cautious. Heck, I wouldn’t even buy an Xbox One until they’d removed that stupid Kinect thing (Microsoft + NSA’s PRISM = A BIG FAT NOPE). So glad they did.
Re: Re:
dear Nate from the FBI:
here’s another way to look at it. George Washington and Co. wasn’t worried so much about breaking the law using coded messages and hidden meetings to plot the overthrow of the Crown in the British Colonies, as much as Overthrowing the Crown in the British Colonies itself. The same goes for criminals, They aren’t worried about breaking encryption laws to commit crimes, so much as committing the crime itself.
Just which criminals were you talking about?
Well, there are criminals, and there are criminals. There are those criminals who rob and murder and rape and extort other people, etc.. Then there are those who break the law in the name of enforcing the law by setting up innocents to do purportedly illegal things that would be illegal if they were real. They also practice breaking Constitutional protections by collecting information and by listening in on others, without appropriate warrants, and then lie in court about their sources and methods via a process we know as parallel construction (what was that other phrase?) and by avoiding Brady material both by not telling the prosecutors about it and signing NDA’s with the manufacturers of technologies designed solely for the purpose of spying.
In the end, as now, we will not be able to find out what they are up to, but they will know everything about what we are up to, giving them the ability to charge us with ‘made up conspiracies’ using things out of context while they will continue to hide their activities via obfuscation, hand waving, and legal contracts that prevent the freedom of information that the law allows us.
Re: Just which criminals were you talking about?
Wow, when I started reading your comment, I thought the second sentence was going to read: "There are those criminals who rob and murder and rape and extort other people, etc.. and then there are criminals who aren’t cops."
Sadly, still true.
The sad thing is what they want isn’t impossible at all; all they want is for some tech company to pretend they can make a secure backdoor into their encryption so they can sell it to a gullible public as solved and force everyone to use it. It’s practically guaranteed.
Re: Re:
And then they want of course
everyone to call a duck a horse
um
im not a crimnal nor in the usa and ill have the best strongest encryption i can
your country can get bent for its stupidity and this only leads me ot have less faith in doing any business with any americans….perhaps its good we end nafta and go with mexico ( i am in canada ) and hten we can keep shit to ourselves and our new european trade partners as well as asian TPP partners….
at this rate the only people you will be trading with is your next door neighbor
Most encryption software is written outside of the U.S. and it’s because of the U.S. Government and the first crypto wars.
The simple fact of the matter is Most will end up with a backdoor into their phones, and the Criminals. Anyone smart enough with a little effort can just install 3rd party encryption software. No backdoors!!! There’s not a single thing the U.S. Government could do about it. So the 99% of the Public that are not criminals now have holes in their phone security. Creating a bigger problem with all the fraud that’s going to happen and other crimes from the criminals getting into people’s devices from holes. The criminals are still protected.
How the F did you fix anything. Besides, other countries will NOT want any U.S. products sold in their country that has a backdoor where the U.S. Government could spy on their citizens!!!! This is one of the biggest reasons it was killed in the past. What may be worse, allowing to be sold, but access to the backdoor themselves so they can spy on their own citizens, and the U.S. Citizens. More and more control of keys getting into the wrong hands.
Theft
I remember the early days of smart phones, when the devices were theft targets. This happened again with tablets.
Today, mobile device theft is much less common, because Android and iOS both have built-in secure remote-brick functionality. If my phone is stolen, it becomes a fancy paperweight until I remove the block. This makes “hot” phones much less valuable.
This works because of strong encryption. If a phone can cracked once, the internet makes distribution of the instructions easy to the point where any matching phone can also be cracked. Weakening encryption will bring us back to those early days, when leaving a phone sit idle even for a moment meant saying “Goodbye” to an expensive device.
How exactly does a phone with no microphone work?
Re: Re:
Are you a pagan? Phones are used to send text messages. 🙂
They don’t want back doors to encryption…they’d rather have screen doors.
of course they do! it’s so much easier to find someone who isn’t hiding and so much easier to build a case against someone who hasn’t done anything wrong and has no reason, let alone the funds or ability to defend themselves!
The FBI doesn’t need to weaken encryption or mandate backdoors to help it catch serious criminals. They already have the resources and technical ability to penetrate the security of targeted criminals – see the Apple case where the feds in the end dropped the case because they ‘found’ an alternative way into the phone.
What they don’t have the resources to do is monitor en-mass the general public or implement minority report-style pre-crime analytics to arrest those who might be about to commit a crime. Until, that is, they manage to mandate their blanket backdoors.
” We have met the enemy and they is us”
*Walt Kelly
We the sheeple are the enemy. We get so wrapped up in all the BS flying back and forth between the 2 political parties we forget WE are the ones who put them there. The legislature was never designed to be a public trough for lazy bureaucrats.
If we want to stop all this BS about encryption or anything else the answer is obvious. Vote every incumbent out regardless of party affiliation.
We don’t have the govt we want but we have the one we deserve because we can’t see any further than OMG that’s a Democrat or that’s a Republican.
Just go to the damn polls and vote against every bill, and every incumbent.
It’s not rocket science people.
Who is a criminal
If there were a group of people using these type of phones to securely communicate because they were enemies of the state (because they want better free speech, human rights etc.) in e.g Russia, China then many (“Western”) people would regard them as good and brave rather than criminals (though obviously Russia, China would regard them as criminals).
So there are (if we accept the definition of criminal depends on viewpoint in the same way that “one mans freedom fighter is another mans terrorist”) non criminal (in many peoples view) uses of such technology.
Such tech could be of use to people involved in clandestinely conducting affairs (plenty of adultery goes on, it might be frowned upon but we don’t jail people for adultery) as less chance of their partners catching their affair comms.
no camera, no microphone, no GPS, no service
“cameras and microphones are removed, along with GPS software/hardware”
Do non-GPS phones even work in the U.S. at all? I thought that 911 required GPS in modern smartphones.
Does “right-to-repair” allow this sort of amputation?
If so, where do I sign up?
FBI are the real criminals. Encryption is way more important than FBI.