FBI Director Chris Wray Pitches Weakened Encryption At A Cyber Security Conference
from the piling-on-the-unintended-irony dept
On May 29, 2018, the FBI promised to deliver an updated count of encrypted devices in its possession. As James Comey and his replacement, Chris Wray, continued to advocate for weakened encryption, the number of phones the FBI couldn’t get into swelled from 880 in 2016 to over 7,800 by the time the FBI realized its phone-counting method was broken.
This number still hasn’t been updated. An early internal estimate by the FBI put the real number of locked devices at ~1,200. But the official number still hasn’t been released. This hasn’t stopped Chris Wray from continuing his attacks on encryption, painting pictures of a dark future that isn’t supported by the small number of encrypted devices in the agency’s possession.
The attacks continue. They’re more subtle than Attorney General Bill Barr’s aggressive pitches, but they’re still happening. Chris Wray spent his time at a recent cyber security conference in Boston making the case for strong encryption before (yet again) making a plea for tech companies to give law enforcement the encryption backdoors Wray still refuses to call backdoors.
Today we’re worried about a wider-than-ever range of threat actors, from multi-national cyber syndicates to nation-state adversaries. And we’re concerned about a wider-than-ever gamut of methods continually employed in new ways, like the targeting of managed service providers—MSPs—as a way to access scores of victims by hacking just one provider.
We’re also battling the increasing sophistication of criminal groups that places many hackers on a level we used to see only among hackers working for governments. The proliferation of malware as a service, where darkweb vendors sell sophistication in exchange for cryptocurrency, increases the difficulty of stopping what would once have been less-dangerous offenders. It can give a ring of unsophisticated criminals the tools to paralyze entire hospitals, police departments, and businesses with ransomware. Often the hackers themselves haven’t actually gotten much more sophisticated—but they’re renting sophisticated capabilities, requiring us to up our game as we work to defeat them, too.
These all sound like arguments for strong encryption. They’re not, I guess. Because the very next thing out of Wray’s mouth is this:
We’re having to fight these increasingly-dangerous threats while contending with providers increasingly shielding indispensable information about those threats from any form of lawful access—through warrant-proof encryption.
“Warrant-proof encryption” is just encryption. It’s protecting all the people Chris Wray says need to be protected from cyber threats. Just because it’s made gathering evidence slightly more difficult is no reason to portray encryption as an evil the nation needs to be saved from.
But Wray’s disingenuousness doesn’t stop there.
We are all for strong encryption—and contrary to what you might hear, we’re not advocating for “back doors.” We’ve been asking for providers to make sure that they themselves maintain some kind of access to the encrypted data we need, so they can still provide it in response to a court order.
It’s still a door — one that wasn’t there previously. Trying to dodge the “backdoor” term by asking service providers to leave themselves a key under the doormat is a weak and transparent effort to pre-distance Wray from any subsequent damage his desires might cause. Wray doesn’t want to be the villain if anti-encryption laws are ever enacted. But he won’t waste any time availing himself of the access it provides, even as it undermines the security of the nation.