FBI Boss Chris Wray: We Put A Man On The Moon So Why Not Encryption Backdoors?

from the yeah-ok-then dept

Despite the FBI finally admitting it had greatly exaggerated the number of encrypted devices it can’t get into, FBI Director Chris Wray keeps pushing the “going dark” theory to whoever will listen. This time it was NBC’s Lester Holt. In an interview during the Aspen Security Forum, Wray again hinted he was moving towards an anti-encryption legislative mandate if some sort of (impossible) “compromise” couldn’t be reached with tech companies. (Transcription via Eric Geller.)

I think there should be [room for compromise]. I don’t want to characterize private conversations we’re having with people in the industry. We’re not there yet for sure. And if we can’t get there, there may be other remedies, like legislation, that would have to come to bear.

The “compromise” Wray wants is simple: if law enforcement has a warrant, it gets access. The solution isn’t. To weaken or backdoor encryption to serve law enforcement’s needs makes everyone — not just criminal suspects — less safe. If a hole can be used by good guys, it can be used by bad guys. And even the best guys can’t prevent their tech tools from making their way into the public domain. Just ask the NSA and CIA. In the case of the NSA, leaked exploits resulted in worldwide ransomware attacks.

Wray pitches an impossibility by portraying it as a lack of effort by the tech industry. The tech industry — the one with all the “brightest minds” — have been consistent in their stance. A hole for one is a hole for all. There’s no such thing as securely-compromised encryption. Wray’s response has also been consistent: they’re just not thinking hard enough. The only “compromise” pitched by members of the tech sector is basically re-skinned key escrow — the thing that went out of fashion with the death of the Clipper Chip.

Wray’s pitch now includes an appeal to the modern wonders of the world, as if these examples change the equation at all:

We’re a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can’t solve this problem as a society — I just don’t buy it.

First off, bringing the space program into this is ridiculous. All it does is demonstrate the government has access to some of the best minds, but Wray expects the private sector to provide, maintain, and bear the expense of a law enforcement-friendly encryption “solution.” (And if it fails to deliver, Wray’s more than willing to ask the government to force the private sector to play ball.)

Second, putting a man on the moon was the side effect of a Cold War cock-measuring contest with the USSR. While the nation has derived many benefits over the years from the space program, the “man on the moon” mission was a way of expressing superiority and implying that our weaponry was similarly advanced. The US government showed the world how powerful it was. I don’t think that’s the analogy you want to make when discussing personal device encryption.

And third, the whole “putting a man on the moon” analogy was solidly mocked on John Oliver’s program two years ago when he quoted cryptography expert Matt Blaze accurately saying, “When I hear ‘if we can put a man on the moon, we can do this’ I’m hearing an analogy almost saying “if we can put a man on the moon, surely we can put a man on the sun.'” Not every issue is the equivalent of putting a man on the moon.

While the others listed are private sector achievements, they’re simply not good comparisons. Encryption methods continue to advance in complexity and ease-of-use. This is innovation, even if it’s innovation Chris Wray doesn’t like. Each of the innovations listed solved problems and created markets. In this case the problem is device security. Encryption solves it. Who wants secure devices? Everyone who buys one.

The rise of smartphones has seen users replace their houses with handheld devices as the primary storage for a life’s-worth of documents, along with access to a great deal of financial and personal info. Device makers want to ensure a stolen phone doesn’t mean a stolen life. Wray (and others) don’t want to do anything more than obtain warrants to scrape the digital innards of devices they seize. In other words, when the FBI encounters a locked safe in someone’s house, Wray would believe it’s the manufacturer’s fault for the safe failing to unlock immediately in the presence of a search warrant.

Still, Wray believes society as a whole would be better off with weaker encryption because sometimes terrorists and criminals use encryption.

Because to the extent that the bad guys have shifted more and more to living their whole lives through encrypted devices and encrypted messaging platforms, that if we don’t find a way to access that information with lawful process, we’re in a bad place as a country.

Default encryption has been around for a few years now and there’s no evidence we’re less safe as a nation. Very few prosecutions have been dead-ended because investigators couldn’t get into a phone. The problem is presented as swiftly-growing and inevitable, but there’s been nothing delivered as evidence of these claims. The FBI has continually pointed to its growing pile of locked devices as Exhibit A in the War on Encryption, but has never presented anything at all to give these claims of diminishing public safety any credence. All we know for sure at this point is the FBI can’t count. It used a wrong number (~7,800) to push the narrative and still expects us to believe it after it admitted this count was nearly four times higher than the actual number of devices in its possession.

Wray needs to stop complaining about the tech sector until his own agency can demonstrate its ability to approach the issue with facts, verified numbers, and intellectual honesty.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Boss Chris Wray: We Put A Man On The Moon So Why Not Encryption Backdoors?”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

And what about those who aren’t geeks?

Also, what about when the law that applies to MS and Apple gets made to apply to Linux distros as well? Regardless of the infeasibility of forcing this type of thing on Linux, it would make life just that much harder for everyone involved in it.

Better for it to never happen at all.

PaulT (profile) says:

Re: Re: Re:

“And what about those who aren’t geeks?”

Use Ubuntu or some other desktop-focussed distro. For many tasks, some are easier than Windows, especially if you wish to avoid Metro interface crap. The only problems the average user will have is they just have to play AAA games or use X proprietary software title rather than accept the stuff that’s natively available on the platform.

“Also, what about when the law that applies to MS and Apple gets made to apply to Linux distros as well?”

Well, that’s the obvious flaw in the plan. Yes, the open source nature of the OS means that people could easily bypass the restrictions, but once it becomes illegal on there, then we’re back to a minority using it.

Anonymous Coward says:

Re: Re: Re: Re:

Good old security through obscurity. Maybe we all need to go back to speaking in code, you know, just in case:

"Warrant came through boss, we can now access their communications"

"Great! what are they saying?"

"Not sure boss.. they keep saying Yeet."

"That has to be drugs. Call the SWAT team!"

(Disclaimer: I’m so not down with the kids)

Anonymous Coward says:

Re: Re: Re:2 Re:

Good old security through obscurity.

More a case of what was by modern standards extremely limited computers. Like you phone has far more computing power than the control room had to route and display all the incoming data. Marking up the data was not an option, never mind encrypting the data.

The Apollo program happened at the tail end of the era where a room full of computers meant a room full of human with paper, pencil and slide rule, and they were used by the program.

DannyB (profile) says:

It seems so simple

Why can’t we simply have secure systems that are insecure?

And why can’t we have insecure systems that are secure?

But in typical government fashion, why can’t black be white while still being black?

And up can be down, but still be up.

When you’re up, you’re up.
When you’re down, you’re down.
When you’re only halfway up
[_] You’re neither up nor down
[_] You need a different pull up resistor
[_] Your flip-flop is broken
[_] You’re using base 3
[_] Is a superposition of two states
[_] You haven’t had enough to drink
[_] Viagra or Cialis
[_] Is a topic of ongoing study and research not yet sufficiently explored
[x] You’re like an orange clown

When you’re neither up nor down is when your winnings equal the amount you’ve spent betting so far.

Anonymous Coward says:

Once again, with feeling

You can have the most advanced tech possible, you can fuck around with math as much as you want – but what it will not do is be idiot-proof for Wray and his goons to use without inevitably leaking where they don’t want leaks.

Wray is a child throwing a tantrum because his parents won’t let him buy a unicorn-powered atomic bomb.

Anonymous Coward says:

Re: Re: Once again, with feeling

Funny as those prospects are, it does underscore the danger of what Wray is asking for.

What Wray wants is not only something that he and his mooks lack the responsibility for, a trait he has demonstrated repeatedly – but also something under conditions that flat out don’t exist.

Worse still, his reasoning is literally “I believe Mommy and Daddy can do anything and them refusing to give me my weapon of mass destruction is just thing being big fat meanies”.

Anonymous Coward says:

I think there is two or three other arguments to be made other than “If a hole can be used by good guys, it can be used by bad guys”.

A: If access is supposed to need a warrant, what is preventing access when there is no warrant? logicly a system could be implemented to check for one. Yet I don’t think any law enforcement or government agency would be happy about that. If such a system was implemented, people would find ways around it.

On a similar note, this brings a problem when courts rubber stamp warrants. Given that information, it undermines the warrant requirement.

B: most likely, for this kind of change to take effect phones are going to need to be updated. Meaning the change is arguably useless on the phones the FBI already has, as they are locked out and thus can’t update them.

Anonymous Coward says:

Re: Re:

A: Like every other thing that requires a warrant, only the legal permission to access said thing requires the warrant, the physical ability to access it is an entirely separate thing. Doors do not respond to the physical presence of a warrant any more than phones will.

Similarly, if the warrant process is no longer doing it’s job, then there are much broader systematic issues than this particular one. If the courts are not enforcing warrant requirements, then there is no reason they would be enforcing Habeus Corpus requirements either and we are thus actively living in a police state. At which point these legal and political fights are no longer particularly relevant.

B: You have misread law enforcement’s argument. The FBI is not saying "We need this change made so that we can get into this big pile of phones," they are saying "We need this change made so that this pile of phones won’t continue to increase in size in the future."

PaulT (profile) says:

Re: Re:

“A: If access is supposed to need a warrant, what is preventing access when there is no warrant?”

Nothing. But, just because authorities can enter my home if they get a warrant, that doesn’t mean I shouldn’t be able to use the strongest locks available to deter burglars.

“B: most likely, for this kind of change to take effect phones are going to need to be updated.”

They are. Constantly. Which is actually why we’re having this argument to begin with – Apple changed to strong encryption by default in the OS, whereas before it either needed an app or was an optional OS feature.

Anonymous Coward says:

We’re a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can’t solve this problem as a society — I just don’t buy it.

And in all those enterprises there was no backdoor requirement which went counter to what the technology was aiming at. Encryptions is meeting its objectives if only the sender and receiver, or owner of the device can get at the contents, it is compromised if anybody else has a key to get at the contents.

Besides which, all this going dark is returning law enforcement to the situation that existed before all these computers came along, and that is nobody stored incriminating evidence for law enforcement to gather.

Anonymous Coward says:

We're a country that has unbelievable killing powers.

We’re a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can’t solve this problem as a society — I just don’t buy it.

We’re a country that has unbelievable killing powers. We kill animals. We sometimes kill humans. We even can kill time. [T]he fact that we can’t kill this escrow idea as a society — I just don’t buy it.

Anonymous Coward says:

Re: Man on the Sun

All law-abiding citizens of the United States (and Australia and New Zealand and Britain and some others but not all countries) including all law-abiding citizens in legislation, law enforcement, courts, government, military, finance, power plants, traffic, hospitals – in those countries.

All devices manufactured or sold (legally) in those countries.

All law-abiding people abroad who still travel to those countries. And all their communications with law-abiding people in those countries.

That backdoor would be one hell of an espionage target if there were any spies who do not abide by the law.

That One Guy (profile) says:

Re: Re: Man on the Sun

That backdoor would be one hell of an espionage target if there were any spies who do not abide by the law.

Thankfully as everyone knows spies a scrupulous in obeying any and all laws, even laws in other countries, and even when violation of them would provide a previously unthinkably large treasure-trove of intel that could be used for countless things like blackmail, corporate espionage and/or political gain.

crade (profile) says:

“[T]he idea that we can’t solve this problem as a society — I just don’t buy it”

We can solve this problem as a society. We have solved this problem as a society. People can communicate privately, law enforcement can enforce. Stop pretending something has changed and suddenly you can’t enforce the law and allow the possibility of private conversations at the same time.

There, Problem solved. Now you we can discuss all the great ways technology has made forensics better and more reliable.

Anonymous Coward (user link) says:

According to the NASA page, 9 Apollo missions (27 people) got to lunar orbit or thereabouts.

According to Quora, the Apollo program cost 25.4 billion 1973 dollars, and a project dollar then is about 4 project dollars now.

So if Mr. Wray can pony up 3 or 4 billion dollars per person I’m sure that we can get something that meets his requirements set up, especially if some of that goes to paying people to use it.

Darkness Of Course (profile) says:

Comey the Crypto Clown, V2

Wray needs to stop complaining about the tech sector until his own agency can demonstrate its ability to approach the issue with facts, verified numbers, and intellectual honesty.

Well, first off that ain’t gonna happen at our FBI. Comey the Crypto Clown (aka C2CC) started blowing this particular trumpet and Wray must feel the need to perpetuate the lies. Possibly these are signs that it’s a systemic infection and only excising the offending organisms will allow the FBI to consider honoring their oaths.

Anonymous Anonymous Coward (profile) says:

Re: Re:

Couple of problems with that. NSA does not report to Wray, he could ask, but the laughing would be louder than the laughing here. Second, NSA making open source code? Right.

Please share. We all want some of what you are taking/smoking/inhaling. Well, some of us do, that is some of us might. There are certain AC’s that might benefit, though they might benefit more if they listened to actual doctors (a.k.a. psychiatrists, who can prescribe where as psychologist cannot).

Anonymous Anonymous Coward (profile) says:

Re: Re: Re: Re:

OK, they do participate in Open Source development, at least so long as it helps them.

Then they do other things that may or may not be Open Sourced:

The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements. The reference implementation included a general-purpose security policy configuration designed to meet a number of security objectives as an example of how this may be done. The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.

There is still much work needed to develop a complete security solution. Nonetheless, we feel we have presented a good starting point to bring valuable security features to mainstream operating systems. We are looking forward to building upon this work with other developers and users. Participation with comments, constructive criticism, and/or improvements is welcome.

I bet there are many other things that they do that are not Open Sourced, and they won’t confirm or deny that, though those who know how will find out…eventually. I do not expect them to give any hints.

Anonymous Coward says:

Looking past the various problems (and there are thousands) with backdoors, “golden good guy secondary front doors”, “unicorn a-holes”, “alternative front-back doors”, or whatever they want to call it right now; I simply do not trust those people to act within the bounds that would be set for them or to be able to keep any access from leaking.
Here is a question: If this is such a manageable problem to keep information secure with backdoors, how come you suck so badly at security without them?
You can freaking start by cleaning up your own crap first and then we’ll talk.
Here is another demand: All law enforcement in the country must agree to having their passwords logged at every point… that includes your home devices. When none of you use passwords in the top 100 of the easy to guess and break list, then we can start to give an ounce of trust towards that you might be educated enough to handle such powerful tools without 1. Sharing accounts. 2 Using admin as username and Admin123 (or similar) as password for accessing deeply private information about us. 3. Writing passwords down on sticky notes on monitors. 4. Having two-factor authentication turned off on your account because it is annoying. 5. Leaving work devices open for all to see and peruse. 6. Using common secure ways to access and store data.
I know any system would hopefully be more secure than just a login, but if they cannot even handle the basics, then it means nothing.

Uriel-238 (profile) says:

The "going dark" discussion should be tabled...

…until law enforcement agencies have a long running record of few-to-no violations of the rights of the public. So long as the FBI continues seeking to entrap (literal) retards in terrorist-gaslighting sting-ops, it doesn’t deserve the trust of the public. So long as ICE and the DEA are active, they are an enemy to the public, seeking only to do damage for direct gain of their agents.

They can have our crypto keys when they pry them from our cold, dead brains.

Incidently it’s infinitely more likely we develop that technology than we do crypto that is backdoored and secure. Divide-by-zero and all.

ECA (profile) says:

Not know for sure..

Im not to sure about something..
But I DO KNOW that encryption SLOWS things down allot.
If you Tottally encrypt a device, everything must run threw decryption Before it can be run.
Our smart phones are NOT the most powerful things int he world. And even with Windows you would add about 2-3 times the startup times of games and programs.

Even if its an hardware inclusion, and the Chip does all the work, its still NOT a fast thing to do.
But if its PART of the hardware process, then its NOT REAL encryption. Its part of the programming, and PROBABLY fairly simple. because you DONT want to lsow things down. Esp when you answer the phone.

there are 3rd party programs that have little to do WITH the main builder/maker/Cellphone corp/Apple/Android..So WHY are they bitching at these folks to FIX IT??
Its easier to Encrypt only certain things on your phone, WHY do it all, it just Slows everything down if you need to read/see/run it..

General password protection Should not be encrypting anything. Its just a password to allow access.. are these folks messing up the words on purpose??
I can see that IF’ you mess up on the password, that the phone gets LOCKED DOWN HARD, but beyond that, full encryption would take time and effort…unless you did it on the cheap, and just SHIFTED the blocks 1-2 bits just to complicate things..WHICH still takes abit of time.

And abit of tech will tell you that we CAN copy the ram/roms inside to another phone to see what we can do, even to another device that has little or NO security..

So what is the problem here??

Uriel-238 (profile) says:

Re: Good math skills may have narrow application

A relative of mine is one of the great astronavigators of the 20th century, called upon to plot the paths of missions like Pioneer, Galileo and Voyager…

And today he’s a Trump true-believer. When it comes to government and civilization, he cannot think past his own wallet, even knowing full well his own career was government sponsored. He’s a supergenius who has mastered sophisticated mechanics mathematics, and yet takes Trump at his word.

I don’t get it, given he taught me a lot about thinking critically. It breaks my heart.

Oh yeah, he also helped put up several of our climate-study satellites. He totally gets the rising existential risk of global warming. Doesn’t faze him that Trump is a total denier. The cognitive dissonance, it burns us!

John says:

Two issues to back dooring encryption.

1: Any company the complies with the “back door” requirements will demand full indemnity from the demanding authority – Federal, State, County, Municipality, etc.
a: The encryption will be broken – by definition the hackers will spend tons of effort to break it.
b: Once broken the original manufacturer will be required to re-engineer a new encryption with a new back door – expensive.
Once re-created the software must be distributed to the entire user base – expensive.
Then the clock starts again.
This chase the tail scenario will continues until the “entity” finally realizes that a “back door” is not worth the time, expense nor hassle.

2: Encryption is not a secret, there are MANY ways to build an encryption software, and they ALL are designed from some mathematical algorithm.
Most if not all are already in the hands of mathematicians in most if not all nations. What is to prevent some software maven from creating a encryption software application with out a back door – nothing. Once built and offered to the populous anyone can buy and use it. Proof – PGP! There is really no way to prevent this from happening.

So much for Back Door!

That One Guy (profile) says:

"And don't even get me started on closed windows!"

Because to the extent that the bad guys have shifted more and more to talking in person and using forms of communication that don’t rely on encryption, that if we don’t find a way to access that information with lawful process, we’re in a bad place as a country.

Among the many problems with his rampant incompetence and dishonesty(I don’t believe for a second that he’s had the job longer than a week and doesn’t understand what he’s actually asking for), what he’s really demanding is that the companies be required to cripple a security feature that protects millions, just so his buddies with badges can snoop around easier.

They have never had access to everything, and even trying to give them what they’re childishly demanding stands to put millions at risk, causing vastly more crime than it would ever prevent while at the same time doing enormous damage to privacy.

If they can’t deal with having limits then they can quit and let someone competent and who actually does care about public safety and security take the job.

That One Guy (profile) says:

Re: 'If shot by law enforcement = Criminal.'

That’s easy enough, just a matter of tweaking the definitions and making them official rather than just assumed/implied.

Since clearly law enforcement would never shoot a non-criminal it stands to reason that anyone shot by them is a criminal. Therefore they already have guns that only shoot criminals.

Uriel-238 (profile) says:

Re: Re: Well, that leads to a horrifying analogy...

…Anyone shot by [law enforcement] is a criminal…

If your data is encrypted, it’s illegal.

Of course then there’s the matter of proving its actually encrypted rather than a bunch of random numbers.

At that point our surveillance-state-minded friends might take it one step further:

If your data looks encrypted, it’s illegal.

PS: any plain text of length or blank medium might be steganography, thus, illegal.

Rekrul says:

I still say that someone needs to confront such people and frame the problem in terms of a physical lock and key on an impenetrable door. Ask them how to ensure that only the homeowner and the police can unlock a person’s home.

They’ve been using locks their entire life, they know how they work, there’s no nerd-mystery surrounding their operation. So surely they can propose a foolproof method of ensuring that the police can open them while still keeping out the bad guys. Unless of course they want to admit that they’re not smart enough to know how locks work.

ECA (profile) says:

It only works..

It only works if both sides have it..
If you send something from your phone, the data cant be encrypted, unless the other person has a key to open it.

I dont think they are using the correct wording.
I think all they want is the password to get into the device.
Facial ID isnt that good, and when it works, it isnt safe..Just hold the person in position and CLICK..open.
Finger print?? Just as bad..(great to give them the finger)

iF iM CORRECT, i THINK they have a Tech problem

DerekCurrie (profile) says:

Willful Computer Security Ignorance Is Not Acceptable Mr. Wray!

Stop inspiring my hashtag #MyStupidGovernment. Learn what you’re talking about. Stop sitting in a position of authority and speak outright nonsense that demonstrates your unwillingness to understand the subject.

Computing 101: Start there. Then learn about the ongoing abominable state of computer coding security. There’s something to rely upon.

Privacy is our right. We have no evidence to believe it won’t be abused by government and law enforcement as well as criminals and murderous authoritarians.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...