FBI Director Gets Back On His Anti-Encryption Bullshit In Statement To Homeland Security Committee

Overhype

from the just-shut-the-fuck-up dept

We’ll get to Chris Wray in a moment, but first let’s do a throwback to May 29, 2018 — the date the FBI first promised to correct its miscount (estimated to be off by as much as 4,000 devices) of uncrackable devices in its possession. Multiple statements utilizing the FBI’s bad stats were edited, with the erroneous number replaced with footnotes like this:

** Due to an error in the FBI’s methodology, an earlier version of this speech incorrectly stated that the FBI had been unable to access 7,800 devices. The correct number will be substantially lower.

This promise to deliver accurate numbers debuted 1,642 days ago. To put that in perspective, we’ve had two national elections and three different presidents (Obama, Trump, Biden) since the FBI promised to perform a recount. That number will continue to increase because it appears the FBI has no intention of telling the truth about how much of a problem device encryption actually poses.

FBI Director Chris Wray apparently has no shame. Despite spending more than a half-decade basically lying about the encryption “problem” the FBI faces, Chris Wray (like James Comey before him) continues to use every opportunity he has to claim encryption that can’t be bypassed at will by law enforcement is a threat to public safety and, in this case, national security.

Speaking to the Senate Homeland Security Committee, Wray again made a pitch for an impossibility he likes to call “lawful access.”

Protecting data and privacy in a digitally connected world is a top priority for the FBI, and we believe that promoting encryption is a vital part of that mission. Encryption without lawful access, though, does have a negative effect on law enforcement’s ability to protect the public. As I have testified previously, when the FBI discusses lawful access, we mean putting providers who manage encrypted data in a position to decrypt it and provide it to us in response to a legal process. We do not mean for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else. 

The last two sentences contradict each other: you cannot have encryption that can be broken on demand that will still be secure when the bad guys come for it. Asking device manufacturers to become apartment complex managers who hold onto everyone’s keys just in case law enforcement needs to get in isn’t any better. It just centralizes the attack vector, giving malicious hackers fewer targets, but ones housing much bigger payloads.

So, when Chris Wray says he’s not asking for “backdoored” encryption, he’s technically telling the truth. He just wants to be let in the front door whenever he asks. You don’t need a back door when the front door is no longer an obstacle. The FBI Director is playing word games, referring to fully functioning encryption as “warrant-proof” and compromised end-to-end encryption as “lawful access.” That makes this assertion extremely disingenuous.

Unfortunately, too much of the debate over lawful access has revolved around discussions of this concept that the FBI would not support.

Nah. That ain’t it. The discussion revolves around what Wray himself has asked for. Wray won’t provide specifics or technical details because that would make it too easy for critics to poke holes in his plans. So, he makes up new phrases like “warrant-proof” and “lawful access” to avoid being pinned down on what it is he actually wants and then he claims everyone else is misconstruing the things he won’t be intellectually honest about.

What Wray wants is one-stop shopping for evidence — something agents can accomplish by doing little more than plugging a seized phone or laptop into a third-party box that grabs every bit of data residing on the devices for the FBI to search through at its leisure. The average phone can contain more evidence than an entire house, depending on the crime being investigated. But that doesn’t mean the government should have at-will access just because the alternative is inaccessible evidence.

Since the inception of law enforcement agencies, there has always been evidence investigators can’t access. Incriminating documents get burned. Murder weapons get tossed into rivers and lakes. Criminals use stash houses to keep their own houses free of incriminating evidence. Criminal conspirators speak in person outdoors, rather than risk interception via phone lines or bugged rooms. And yet, no FBI director has repeatedly called for the private sector and government to work together to prevent the exploitation of matchbooks, open bodies of water, outdoor conversations, and real estate purchases.

This is increasingly dumb shit. And it’s made worse because the FBI won’t be honest about the problem it says it has on its hands. Chris Wray shouldn’t be considered a credible speaker on the subject of encryption — at least not until he stops being vague about what it is he really wants. And definitely not until he provides the updated encrypted device numbers his agency promised almost a half-decade ago.

Filed Under: chris wray, doj, encryption, lawful access