Everybody Knows FBI Director James Comey Is Wrong About Encryption, Even The FBI

from the this-is-your-best-shot? dept

FBI Director James Comey is apparently a likable guy, but if he's going to attack encryption, it might help if he actually understood it better than, say, the editorial board of the Washington Post, who recently argued against "backdoors" in technology, and for a magical "golden key" -- as if the two were somehow different. We wrote a quick take on Comey's Brooking's talk last week, but the deeper you dive into his talk the more and more evident it is that he not only doesn't quite understand the issues he's talking about, but that he doesn't even seem to understand when his own statements conflict with each other.

Just two days earlier, in a 60 Minutes interview, Comey had insisted, incorrectly, that the FBI can never read your email without a court order. This was simply false, and Comey had to 'fess up to that at the Brookings event when called on it. But if he needed to "clarify" that, it seems like he needs to do much more clarifying as well. Because much of his speech presented scenarios for why the phone encryption now being put in place by Apple and Google would have harmed investigations -- and after digging into those examples, it appears that his explanations were, once again, incorrect. Here are his examples:
In Louisiana, a known sex offender posed as a teenage girl to entice a 12-year-old boy to sneak out of his house to meet the supposed young girl. This predator, posing as a taxi driver, murdered the young boy and tried to alter and delete evidence on both his and the victim’s cell phones to cover up his crime. Both phones were instrumental in showing that the suspect enticed this child into his taxi. He was sentenced to death in April of this year.

In Los Angeles, police investigated the death of a 2-year-old girl from blunt force trauma to her head. There were no witnesses. Text messages stored on her parents’ cell phones to one another and to their family members proved the mother caused this young girl’s death and that the father knew what was happening and failed to stop it. Text messages stored on these devices also proved that the defendants failed to seek medical attention for hours while their daughter convulsed in her crib. They even went so far as to paint her tiny body with blue paint—to cover her bruises—before calling 911. Confronted with this evidence, both parents pled guilty.

In Kansas City, the DEA investigated a drug trafficking organization tied to heroin distribution, homicides, and robberies. The DEA obtained search warrants for several phones used by the group. Text messages found on the phones outlined the group’s distribution chain and tied the group to a supply of lethal heroin that had caused 12 overdoses—and five deaths—including several high school students.

In Sacramento, a young couple and their four dogs were walking down the street at night when a car ran a red light and struck them—killing their four dogs, severing the young man’s leg, and leaving the young woman in critical condition. The driver left the scene, and the young man died days later. Using “red light cameras” near the scene of the accident, the California Highway Patrol identified and arrested a suspect and seized his smartphone. GPS data on his phone placed the suspect at the scene of the accident and revealed that he had fled California shortly thereafter. He was convicted of second-degree murder and is serving a sentence of 25 years to life.

The evidence we find also helps exonerate innocent people. In Kansas, data from a cell phone was used to prove the innocence of several teens accused of rape. Without access to this phone, or the ability to recover a deleted video, several innocent young men could have been wrongly convicted.
Powerful stories, right? Just imagine if the data on those phones were locked up and unavailable to law enforcement? Well, imagine-no-more, because people have been looking into these stories, and Comey's fear mongering doesn't check out. First up, The Intercept looked into these cases and their results can be summed up in the URL slug which includes "FBI Dude Dumb Dumb."
In the three cases The Intercept was able to examine, cell-phone evidence had nothing to do with the identification or capture of the culprits, and encryption would not remotely have been a factor.

In the most dramatic case that Comey invoked — the death of a 2-year-old Los Angeles girl — not only was cellphone data a non-issue, but records show the girl’s death could actually have been avoided had government agencies involved in overseeing her and her parents acted on the extensive record they already had before them.

In another case, of a Lousiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas.

And in the case of a Sacramento hit-and-run that killed a man and his girlfriend’s four dogs, the driver was arrested a few hours later in a traffic stop because his car was smashed up, and immediately confessed to involvement in the incident.
The link provides a lot more details about each of those cases, suggesting phones had little to nothing to do with any of those stories, and if there were encryption on those phones it wouldn't have made the slightest difference. And it's not just the folks over at The Intercept recognizing this. The Associated Press called bullshit on most of the examples as well.

And, remember, these were the hand-picked examples the FBI came up with after weeks of time to prepare its case for not allowing such encryption. And they don't hold up under scrutiny.

During the Q&A, Comey was again challenged on these and asked for "real live examples" where encryption would be an issue and his answer did not inspire confidence that Comey has any idea what he's talking about:
Rescuing someone before they’re harmed? Someone in the trunk of a car or something? I don’t think I know – yet? I’ve asked my folks just to canvas – I’ve asked our state and local partners are there some examples where this – I think I see enough, but I don’t think I’ve found that one yet. I’m not looking. Here’s the thing. When I was preparing the speech, one of the things I was inclined to talk about was — to avoid those kids of sort of ‘edge’ cases because I’m not looking to frighten people. Logic tells me there’re going to be cases just like that, but the theory of the case is the main bulk of law enforcement activity. But that said I don’t know the answer. I haven’t found one yet.
In the talk, Comey also disputed the notion of a "back door," but rather claimed he wanted a "front door."
We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process—front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks.
Right. So, just like the question of what's the difference between a back door and a magic golden key, Comey was asked about the difference between a front door and a back door, and his answer was... he doesn't know.
When asked technical questions about the solution he was suggesting, Comey didn’t have the answers. At one point, the host, Benjamin Wittes, a senior fellow at the Brooking Institution, asked Comey to explain his “front door” distinction, to which he responded, “I don’t think I am smart enough to tell you what 'front door' means.”
Yup. You're the director of the FBI and you just gave a key speech -- pushing for legislation -- which focuses on the idea of wanting a "front door" into technology, and when questioned on what the hell that means your answer is "I don't think I'm smart enough to tell you what 'front door' means"? This isn't making me feel any safer.

You know what would make me feel safer? A hell of a lot more encryption. And you know who agrees? the FBI. This is from the FBI's own website for "safety tips to protect your mobile device"
In case you can't read it, it says:
Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
It also recommends passcode protecting your phone (which is how these default encryption systems now work). So, um, here we have the FBI telling people to encrypt their phones... and complaining that such things will lead to the end of the world, though it's unable to actually give an example, or even explain what its new proposal is really about. As Marcy Wheeler pointed out before the speech, this sort of clueless dichotomy seems to follow Comey around. In that 60 Minutes interview, he both talked about how dangerous the internet is, and why people need to protect themselves... and then attacked one of the most important tools for people to protect themselves.

It's almost as if Comey has absolutely no idea what he's talking about.

And that's because he almost certainly does not. He may understand other issues related to crime and law enforcement, but when it comes to encryption, it appears he's reading the hastily prepared script of someone else. The simple fact is that he's wrong. Strong encryption is in the public interest and not only protects people from questionable surveillance, but from bad actors as well. It's the best way to make us all safer -- much better than relying on FBI agents running around trying to snoop on phones.

Thankfully, so far, the folks in Congress don't sound particularly impressed by Comey's demand for "front doors" that he's not smart enough to understand. Hopefully it stays that way.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Mason Wheeler (profile), 20 Oct 2014 @ 10:43am

    No one needs to ask what a "front door" is in a security context. That's obvious: it's the normal way in.

    For the FBI to have a way in by the front door would mean they have my password and/or private key.

    reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 20 Oct 2014 @ 12:02pm

      Re:

      > For the FBI to have a way in by the front door would mean they have my password and/or private key.

      ... Which perhaps they they got from the NSA. I think a properly constitued warrant signed by a suspicious judge is the front door he's forgotten he already has access to.

      I'm beginning to smell a happy ending to this ridiculous story. Hopefully, the snickers of incredulity he hears going on behind his back as he walks the halls of the Hoover building can help to reinforce his understanding.

      I'm a little surprised Congress isn't falling for his Chicken Little routine. Sudden outbreak of common sense in 21st Century USA?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Oct 2014 @ 4:47pm

        Re: Re:

        I'm a little surprised Congress isn't falling for his Chicken Little routine. Sudden outbreak of common sense in 21st Century USA?


        Not an outbreak, nor sudden. When someone starts spying on committees and destroying elected people's privacy, and then when a lack of privacy is demonstrably shown to derail what they've spent the last few years working on, it's purely a defensive measure to make sure that doesn't happen to you too. In other words, Congress is looking at what the CIA did to the Senate, and is becoming careful to ensure the FBI doesn't do the same thing to Congress.

        reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 20 Oct 2014 @ 10:55am

    Obviously. They need a Wizard to better understand how encryption works. They should call Washington Post, they may have one or two Wizardry companies to indicate.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Oct 2014 @ 10:56am

    What is it that compels three letter agency directors to constantly lie to the American public? James Clapper lied to Congress under oath, committing an alleged felony. Now James Comey is lying about the key details in criminal cases, totally fabricating the leads which lead to the suspect's apprehension. It's almost like James Comey was stuck on parallel construct mode when he stepped in front of the cameras.

    If this was meant to rebuild public trust after the Snowden revelations, it's having the opposite effect on me. Don't even get me started about the 'frontdoor' bullshit. Yeah let's build 'frontdoors' with 'magic keys' so China can hack the crap out of us even more!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Oct 2014 @ 11:00am

      Re:

      Hoover's legacy alive and well

      reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 20 Oct 2014 @ 1:04pm

      Re:

      Unless you're a large corporation, China isn't the threat you need to worry about. No, the ones you need to worry about hacking your stuff are a lot closer to home.

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 Oct 2014 @ 10:23am

      Re:

      "If this was meant to rebuild public trust after the Snowden revelations, it's having the opposite effect on me."

      This is the real irony. As damaging as the proof of intelligence agencies wrongdoing was, the most damaging thing of all was how they reacted to it: by lying their asses off at every opportunity.

      If they had just come out and honestly talked with people, they would still have (rightfully) taken a big hit to their credibility. But that damage would have been much less than what they caused by being liars.

      reply to this | link to this | view in chronology ]

  • identicon
    Trevor, 20 Oct 2014 @ 11:10am

    Um

    It's almost as if Comey has absolutely no idea what he's talking about.

    Mike, you and I have vastly different ideas of what "almost" means.

    reply to this | link to this | view in chronology ]

  • icon
    WDS (profile), 20 Oct 2014 @ 11:13am

    "It's almost as if Comey has absolutely no idea what he's talking about."

    No, It's exactly as if Comey has absolutely no idea what he's talking about.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Oct 2014 @ 11:30am

    We all need this

    "Strong encryption is in the public interest and not only protects people from questionable surveillance, but from bad actors as well."

    What, you mean it will protect me from Keanu Reeves?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Oct 2014 @ 11:46am

    Push those buttons. Go on, push them. And again.

    It's funny how the FBI director had to throw in one of the rarest of crimes -- child predation -- a crime that never fails to draw huge emotional outrage. And then to play this card not once, but twice.

    But interestingly, he forgot to throw in an example (real or imagined) of the even rarer crime of international terrorism, since it's the other trump card the authorities like to play whenever people complain about losing their rights and freedoms to the ever-expanding police state.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 Oct 2014 @ 10:25am

      Re: Push those buttons. Go on, push them. And again.

      There has been an increasing shift in the narrative away from "but.. but... but... terrorists" to "but.. but... but... child molesters". I take this as a good sign that people have wizened up about how bogus the terrorism card actually is.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Oct 2014 @ 11:59am

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 20 Oct 2014 @ 12:52pm

    Transparency

    And they don't hold up under scrutiny.

    Nothing the US government does these days will hold up under scrutiny.

    Unless of course you view the US governments actions through the eyes of traitors, criminals and petty-authoritarians.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Oct 2014 @ 1:37pm

    MEMO to all employees

    Remember the skeleton key password for all phones is "FBIAdmin1". When this is leaked we will change it to "FBIAdmin2" and so on.
    We know that this is very confusing to almost all employees due to it's complexity, but we must uphold certain security standards.
    With regards
    Your overlords.

    reply to this | link to this | view in chronology ]

    • identicon
      Danny Angus, 1 Feb 2017 @ 1:35am

      Re: MEMO to all employees

      Jim DeMintt and Cass Ballenger are as good as SHIT SMELLS right along with Energy Party for the Vice Presidents friends. Gov. Operated Quize

      reply to this | link to this | view in chronology ]

  • icon
    TasMot (profile), 20 Oct 2014 @ 2:13pm

    Only AFTER the fact

    One other point Comey seems to keep skipping is that a phone, encrypted or not, will NEVER help catch the alleged criminal. The FBI doesn't have the phone until after the criminal is caught. The lack of encryption just provides easier access to proof "after the fact" once the alleged criminal and said phone are in the possession of law enforcement personnel.

    Now, if we could get the phone companies to stop allowing them to spy on us, and/or somebody implements an effective method of encrypting the call while the conversation is on the wire, then they would start having a real problem to complain about.

    Can you imagine the outcry that is going to happen when the equivalent of HTTPS is available on phones. Each phone will have its own certificate for encrypting the conversation and the entire conversation will be transmitted in an encrypted form to be decrypted by the phone on the other end. They will still be able to track who called whom, but will not be able to listen in on the conversation unless they manage to acquire the decryption keys. Won't that be a hoot.

    reply to this | link to this | view in chronology ]

  • icon
    alex01 (profile), 20 Oct 2014 @ 4:04pm

    This is missinformation

    FBI Director James Comey comments only confirm that the new "encryption" is easily cracked and that the FBI can do it at will with little or no work. His statements are classic misinformation techniques designed to make dumb criminals think their phones are safe.

    reply to this | link to this | view in chronology ]

  • identicon
    BlueLightMemory, 20 Oct 2014 @ 4:05pm

    Comey is a joke

    That's it in a nutshell, Comey is a joke.

    What the FBI basically has going for it, is they have a huge budget which allows them to continuously stick around whoever they are investigating. They figure that sticking around allows them to stumble onto something meaningful if the person they are investigating slips up. Just don't slip up.

    The FBI are parasitic leaches and Comey has the intelligence of a disabled leach.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Oct 2014 @ 12:23am

      Re: Comey is a joke

      So... he's kinda a Comeydian? His tenure as Director of the FBI certainly is looking like it's going to be a Comey of errors.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Oct 2014 @ 1:43am

        Re: Re: Comey is a joke

        When he addresses a crowd from a podium, it's stand-up Comey.

        His office is known as Comey central.

        Light some candles during dinner with him, and you get a romantic Comey.

        Comey crazy, but I kinda like the guy.

        reply to this | link to this | view in chronology ]

  • identicon
    dismembered3po, 20 Oct 2014 @ 5:53pm

    I love how Comey states that the FBI "HAS A SWORN DUTY TO KEEP EVERY AMERICAN SAFE FROM CRIME AND TERRORISM."

    No. No you don't, Jim. Neither the word 'crime' nor the word 'terrorism' appear, even once, in the oath that members of your organization swear.

    You and your minions swear.....TO PROTECT THE CONSTITUTION.

    DO YOUR DAMNED JOB.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Oct 2014 @ 6:42pm

    Warrants

    "I think a properly constitued warrant signed by a suspicious judge is the front door he's forgotten he already
    has access to."


    No, not if the individual pleads the Fifth Amendment, and even Professor Kerr concedes that there may be a viable Fifth Amendment claim.

    Only if the government can prove from an independent source that there is encrypted data, and the individual to whom the subpoena is directed knows the password can the Fifth Amendment be overcome.

    If the existence of encrypted data apart from random data can't be proven like in the 11th circuit grand jury subpoena case, the individual can't be compelled.

    reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 20 Oct 2014 @ 8:36pm

      Re: Warrants

      > "I think a properly constituted warrant signed by a suspicious judge is the front door he's forgotten he already
      has access to."
      >
      > No, not if the individual pleads the Fifth Amendment, and even Professor Kerr concedes that there may be a viable Fifth Amendment claim.


      I'm not talking USA legal minutia or Fifth Amendment or rights of the accused (I'm not even there, and I think your legal system is nuts/perverted).

      I'm just saying, GET A WARRANT, ffs,. It's not that difficult, and won't much slow down / constrain your investigation!

      Comey ought to understand this!!! Or, he should bow out before making even more of a fool of himself.

      reply to this | link to this | view in chronology ]

      • identicon
        David, 21 Oct 2014 @ 4:45am

        Re: Re: Warrants

        I'm just saying, GET A WARRANT, ffs,. It's not that difficult, and won't much slow down / constrain your investigation!

        We are talking about vastly automated dragnet surveillance. You'd need judges having mastered shorthand just for putting down their signature, and they would still cause the searches to screech down to a crawl while getting writing cramps. And not getting anything else done.

        Warrants are not an option at the surveillance scale we are talking about. Which is pretty much the reason that the Constitution demands them.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Oct 2014 @ 9:05pm

    Re: Warrants

    So you think the Fifth Amendment and the legal system granting the individual the right not to be a witness against himself is perverted?

    Got it, but the recognition of the privilege against self incrimination is universal, and any system compelling the individual to divulge the contents of his mind thereby incriminating himself is evil.

    If you aren't American and even don't like the Fifth Amendment Comey's remarks don't concern you.

    What makes the American system unique is the exclusionary rule -- allowing even criminals to walk free if the police has violated the Fourth or Fifth Amendment.

    Warrants without an exclusionary rule are useless.

    reply to this | link to this | view in chronology ]

  • identicon
    Donglebert The Needlessly Unready, 21 Oct 2014 @ 1:16am

    “I don’t think I am smart enough to tell you what 'front door' means.”

    I'll bet his significant other is really pissed off about that.

    reply to this | link to this | view in chronology ]

    • identicon
      David, 21 Oct 2014 @ 4:46am

      Re: “I don’t think I am smart enough to tell you what 'front door' means.”

      I think his neighbors will likely be even more annoyed at him not being able to tell the toilet door from the front door.

      reply to this | link to this | view in chronology ]

  • icon
    Jeremy Lyman (profile), 21 Oct 2014 @ 3:46am

    Opposite.

    I’m not looking to frighten people. Logic tells me there’re going to be cases just like that, but... I haven’t found one yet.
    He's absolutely trying to frighten people into giving up freedoms in exchange for some ill-conceived version of security. He hasn't found a specific example to use yet, but that doesn't stop him from conjuring one from imagination-land.

    reply to this | link to this | view in chronology ]

  • identicon
    Iwona, 19 Apr 2015 @ 10:18pm

    Request of Appology

    James Comey's lack of basic historical knowledge should absolutely end his career. I demand James Comey step down from his duties as a FBI director. He has recently hurt Poles with his senseless untruthful remarks during his speech at the Museum of Holocaust in Washington, DC

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Math Is Not A Crime
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.