FBI Director Chris Wray Pitches Weakened Encryption At A Cyber Security Conference

from the piling-on-the-unintended-irony dept

On May 29, 2018, the FBI promised to deliver an updated count of encrypted devices in its possession. As James Comey and his replacement, Chris Wray, continued to advocate for weakened encryption, the number of phones the FBI couldn’t get into swelled from 880 in 2016 to over 7,800 by the time the FBI realized its phone-counting method was broken.

This number still hasn’t been updated. An early internal estimate by the FBI put the real number of locked devices at ~1,200. But the official number still hasn’t been released. This hasn’t stopped Chris Wray from continuing his attacks on encryption, painting pictures of a dark future that isn’t supported by the small number of encrypted devices in the agency’s possession.

The attacks continue. They’re more subtle than Attorney General Bill Barr’s aggressive pitches, but they’re still happening. Chris Wray spent his time at a recent cyber security conference in Boston making the case for strong encryption before (yet again) making a plea for tech companies to give law enforcement the encryption backdoors Wray still refuses to call backdoors.

Today we’re worried about a wider-than-ever range of threat actors, from multi-national cyber syndicates to nation-state adversaries. And we’re concerned about a wider-than-ever gamut of methods continually employed in new ways, like the targeting of managed service providers—MSPs—as a way to access scores of victims by hacking just one provider.


We’re also battling the increasing sophistication of criminal groups that places many hackers on a level we used to see only among hackers working for governments. The proliferation of malware as a service, where darkweb vendors sell sophistication in exchange for cryptocurrency, increases the difficulty of stopping what would once have been less-dangerous offenders. It can give a ring of unsophisticated criminals the tools to paralyze entire hospitals, police departments, and businesses with ransomware. Often the hackers themselves haven’t actually gotten much more sophisticated—but they’re renting sophisticated capabilities, requiring us to up our game as we work to defeat them, too.

These all sound like arguments for strong encryption. They’re not, I guess. Because the very next thing out of Wray’s mouth is this:

We’re having to fight these increasingly-dangerous threats while contending with providers increasingly shielding indispensable information about those threats from any form of lawful access—through warrant-proof encryption.

“Warrant-proof encryption” is just encryption. It’s protecting all the people Chris Wray says need to be protected from cyber threats. Just because it’s made gathering evidence slightly more difficult is no reason to portray encryption as an evil the nation needs to be saved from.

But Wray’s disingenuousness doesn’t stop there.

We are all for strong encryption—and contrary to what you might hear, we’re not advocating for “back doors.” We’ve been asking for providers to make sure that they themselves maintain some kind of access to the encrypted data we need, so they can still provide it in response to a court order.

It’s still a door — one that wasn’t there previously. Trying to dodge the “backdoor” term by asking service providers to leave themselves a key under the doormat is a weak and transparent effort to pre-distance Wray from any subsequent damage his desires might cause. Wray doesn’t want to be the villain if anti-encryption laws are ever enacted. But he won’t waste any time availing himself of the access it provides, even as it undermines the security of the nation.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Director Chris Wray Pitches Weakened Encryption At A Cyber Security Conference”

Subscribe: RSS Leave a comment
This comment has been deemed insightful by the community.
Bruce C. says:

Re: Here's the thing about criminals

Exactly. Even in Wray’s "perfect world" where all the phone makers, app makers, service providers and websites implemented the "key under the doormat", he still runs into the first amendment when it comes to researchers investigating and publishing full "strong encryption" algorithms. People who want to be secure will simply go to offshore companies that aren’t bound by US restrictions, and the crooks will roll their own as usual.

And that doesn’t even begin to address the issue that these business organizations can’t even properly protect the information about us that they already have. There have been literally billions of user accounts and personal data records breached over the years. To think that hardware makers and service providers have a chance at preventing the extraction and sale or publication of these backdoor keys is insane. A cybercriminal would probably pay mid-6 figures or more for a backdoor from (say) Apple, or the Bank of America.

Anonymous Coward says:

Re: Re: Here's the thing about criminals

Even in Wray’s "perfect world" where all the phone makers, app makers, service providers and websites implemented the "key under the doormat", he still runs into the first amendment when it comes to researchers investigating and publishing full "strong encryption" algorithms. … crooks will roll their own as usual.

Criminals rolling their own is about the best result he could hope for. It’s like the #1 way to get an insecure system.

Scary Devil Monastery (profile) says:

Re: Re: Re: Here's the thing about criminals

"Criminals rolling their own is about the best result he could hope for. It’s like the #1 way to get an insecure system."

The most secure encryption algorithms today are all open source. What it takes is for criminals to not employ an incompetent moron for them to be effective.

So in other words criminals will have the best possible encryption. The citizenry will have, effectively, none. At least after someone has used the 5 dollar wrench attack to obtain Apple’s master key from their lead technician.

This comment has been deemed insightful by the community.
Lawrence D’Oliveiro says:

Re: Re: No Need To Ban Guns?

The difference being, encryption is a constructive technology with lots of useful, nonviolent uses (like securing your online banking), while guns are just destructive weapons designed only to blow holes in things. When a gun is causing destruction, injury and death, it is only working as designed.

Conflating the two is not helpful to the discussion. The fact that guns need to be controlled to minimize their harm cannot be used as an argument that encryption needs to be controlled.

Scary Devil Monastery (profile) says:

Re: Re: Re: Re:

"The major cyber problem can’t be solved by encryption."

No, but it’s pretty much guaranteed we’ll never be rid of PEBKAC.

What we CAN do is to ensure that everyone has access to basic, simple to use communications which make use of a good encryption standard.

If some moron later on sees fit to use a password on the top ten dictionary attack laundry list to access his bank that’s no longer our problem.

This comment has been deemed insightful by the community.
Jeremy Lyman (profile) says:

Golden Toilet Key

Anyone else surprised he’s not railing against the scourges of fire, paper shredders, or flushable toilets? Think of all the essential information to which these warrant-proof devices have deprived law enforcement access. Can these technologies possibly be worth the societal cost? We should all go back to shitting in a bucket. Yeah. For the greater good.

This comment has been deemed insightful by the community.
teka says:

"we don’t want keys to everyone’s houses, we just want to require all door installers and lock makers to keep a spare key for every house for themselves and then give it to us whenever we want with no questions or restrictions whenever we want. Anyone who is against that must be a kiddie-porn terrorist who also sells drugs and is some kind of foreigner"

Scary Devil Monastery (profile) says:

Re: Next up...

"FBI Director Chris Wray Pitches Partial Pregnancy."

No he isn’t!

He’s very explicitly saying that he isn’t asking for partial pregnancy. He’s asking for sort-of-but-not-quite pregnancy.

What I really have to ask, at this point, is whether Chris Wray is so monumentally inept he doesn’t realize what he’s asking for, or he knows damn well what he asks for and keeps ignoring it because he doesn’t really give a fsck?

That One Guy (profile) says:

Re: Re: Next up...

It’s the latter, guaranteed. For the former to be even possible he’d either have to have a literal inability to remember things that he doesn’t like, or be so stupid that he would be incapable of doing any task that required even the most modest amount of thinking.

He knows that what he’s asking for is not only stupid but dangerous, he simple doesn’t give a damn as it’s a price he’s willing to have the public pay.

That One Guy (profile) says:

Kiss your credibility goodbye

Inviting someone with a demonstrable history of antagonism against encryption to a security conference is like inviting a known arsonist to a fire-fighters’ conference.

I’m sure there’s a better way to make clear that you care more about the spectacle than the actual subject of the conference than inviting someone known to be against said subject, but for the life of me I can’t think of it.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...