FBI Director Uses January 6 Insurrection To, Once Again, Ask For Encryption Backdoors
from the FBI-really-needs-to-write-some-new-material dept
FBI Director Chris Wray needs to shut the fuck up about encryption.
explain sum up:
For years, consecutive FBI Directors have claimed encryption is preventing law enforcement from doing law enforcement. And for years, public records, efforts by researchers, and court documents have shown encryption isn’t much of an impediment to investigations.
Most importantly — in the FBI’s case — the agency overstated the amount of locked devices in its possession for years while agitating for encryption backdoors. It turns out the FBI’s “locked device” spreadsheet performed some faulty math, greatly misstating the number of locked devices in its possession. While the FBI said it has over 8,000 impregnable electronics allegedly preventing law enforcement from investigating crimes, the correct amount is expected to be less than a quarter of that.
That discovery was made in May 2018. The FBI has yet to provide an accurate count of these devices.
So. Shut. The fuck. Up.
Wray is shameless and incapable of shutting the fuck up, even after the agency admitted to Congressional oversight it really didn’t know how many locked devices it had or how often encryption actually prevented investigators from investigating.
There doesn’t appear to be any lack of open source data capable of aiding the FBI in its investigation of this event. Hundreds have already been charged for their participation in the raid on the US Capitol building.
This event has forced US law enforcement to admit domestic terrorism is an actual threat — a threat propelled mainly by white extremists and others aligned with the pathetic ideal that white makes right. This threat includes far too many law enforcement officers, who have also aligned themselves with the same ideals. That’s why it’s been ignored for so long and that’s why it’s a much bigger problem now than it should be.
But here’s what Chris Wray has chosen to focus on with his allotted testimonial time before the Senate: encryption. Wray says it’s a “lawful access” problem. And he begins with what can only be considered an overstatement of the threat, considering the FBI has done nothing but overstate the problem for years.
The problems caused by law enforcement agencies’ inability to access electronic evidence continue to grow. Increasingly, commercial device manufacturers have employed encryption in such a manner that only the device users can access the content of the devices. This is commonly referred to as “user-only-access” device encryption. Similarly, more and more communications service providers are designing their platforms and apps such that only the parties to the communication can access the content. This is generally known as “end-to-end” encryption. The proliferation of end-to-end and user-only-access encryption is a serious issue that increasingly limits law enforcement’s ability, even after obtaining a lawful warrant or court order, to access critical evidence and information needed to disrupt threats, protect the public, and bring perpetrators to justice.
Yes, encryption can prevent “easy” investigative efforts. But it doesn’t prevent investigations. Lots of data and communications can be obtained from service providers and cloud services that store copies of their own. There are at least a couple of vendors providing law enforcement with forensic tools that appear capable of pulling vast amounts of data from “locked” devices. And while it may be accurate to say the “problem” continues to “grow” given the increased deployment of encryption, the FBI has yet to honestly depict the problem it’s already facing, so there’s no way of quantifying this “growth” to judge its impact on investigations.
And Wray continues to be dishonest about what he wants. He wants encryption backdoors. But when asked directly, he’ll claim he doesn’t want backdoors. Instead, he wants a mythical form of encryption that is capable of protecting users from malicious threats but not government entities armed with a warrant.
The FBI remains a strong advocate for the wide and consistent use of responsibly managed encryption, encryption that providers can decrypt and provide to law enforcement when served with a legal order.
This sure sounds like a backdoor, but Chris Wray is in permanent denial.
We are not asking for, and do not want, any “backdoor,” that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else.
It’s the everyone else who is wrong.
Unfortunately, too much of the debate over lawful access has revolved around discussions of this “backdoor” straw man instead of what we really want and need.
LOL. Get fucked, Chris. The reason no serious security professional agrees this is possible is because it isn’t. A hole for law enforcement is a hole for anyone. Once providers start storing encryption keys for law enforcement, those encryption keys are a target for malicious hackers. Criminals who find the keys will do the same thing Wray is asking companies to do, bypassing encryption to obtain communications and personal data.
The only person trotting out straw men is the FBI Director, who appears to believe any counterargument is made in bad faith. His straw men may be uncaptured terrorists or dead kids or whatever, but they’re still straw men, especially considering the FBI still has yet to provide an accurate count of encrypted devices in its possession.
And those are his straw men. Wray cites both terrorist attacks and child sexual exploitation as reasons to eliminate actually secure encryption. This ignores the FBI’s willingness to radicalize people solely for the purpose of arresting them on terrorist charges. And it ignores the fact the FBI has — on more than one occasion — seized and operated servers distributing child porn in order to catch other child porn distributors. Whether or not we agree with the FBI’s actions in these cases, it illustrates breaking encryption isn’t the only way to address these problems.
Wray also claims the rest of the law enforcement community is suffering from the proliferation of end-to-end encryption.
Our state and local law enforcement partners have been consistently advising the FBI that they, too, are experiencing similar end-to-end and user-only-access encryption challenges, which are now being felt across the full range of state and local crime. Many report that even relatively unsophisticated criminal groups, like street gangs, are frequently using user-only-access encrypted smartphones and end-to-end encrypted communications apps to shield their activities from detection or disruption.
But this really hasn’t been observed by anyone else but Wray. (And we know Wray can’t be trusted.) The FBI has made constant noise about encryption. Local agencies — despite having far fewer resources — haven’t said much publicly about encryption or its challenges, outside of the outsized racket whipped up by Manhattan DA Cy Vance. And Vance is no more trustworthy or credible than Chris Wray.
Chris Wray will take any chance given to complain about encryption and a lack of “lawful access.” But he doesn’t have facts or history on his side.