Top FBI Official Says Tech Companies Need To 'Prevent Encryption Above All Else'
from the where-do-they-find-these-people? dept
Usually, when we see clueless government lackeys discussing the need to backdoor encryption, they at least admit upfront that they think encryption is important in protecting private information. Even that nutty rambling speech by Homeland Security Appropriations chair Rep. John Carter recognized that there were important reasons to use encryption to protect privacy. And FBI boss James Comey usually does some hand waving to that effect as well. But apparently he forgot to tell one of his deputies.
While testifying before Congress, Michael Steinbach, assistant director in the FBI’s Counterterrorism Division, just went to the levels of pure insanity, in arguing that above all else companies should work to prevent encryption. This was during a ridiculous grandstanding hearing held by the House Homeland Security Committee entitled “Terrorism Gone Viral”, and Steinbach didn’t waste the opportunity to make a ridiculously viral comment of his own:
So that?s the challenge: working with those companies to build technological solutions to prevent encryption above all else.
Above all else? Is he crazy? At least his written testimony isn’t quite as crazy, but still has a bunch of fear-mongering about “going dark.”
Unfortunately, changing forms of internet communication are quickly outpacing laws and technology designed to allow for the lawful intercept of communication content. This real and growing gap the FBI refers to as ?Going Dark? is the source of continuing focus for the FBI, it must be urgently addressed as the risks associated with ?Going Dark? are grave both in traditional criminal matters as well as in national security matters.
He also seemed positively freaked out that some social networks actually recognize that protecting their users privacy is a good thing:
“There are 200-plus social media companies. Some of these companies build their business model around end-to-end encryption,” said Michael Steinbach, head of the FBI’s counterterrorism division. “There is no ability currently for us to see that” communication, he said.
“We’re past going dark in certain instances. We are dark,” he added.
While the head of the committee, Rep. Michael McCaul played along with this insanity, arguing about how these so called “dark spaces” are a “tremendous threat to the homeland” at least Rep. Ted Lieu — the same Rep. who recently called out the push to backdoor encryption as “technologically stupid” — has some more thoughts on the FUD and grandstanding by McCaul and Steinbach. As he told the Intercept:
?When they talk about dark places, ooooh it sounds really scary,? Lieu said. ?But you have a dark place in your home you can talk, you can meet in a park ?- there are a zillion dark places the FBI will never get to and they shouldn?t because we don?t want to be monitored in our home.? …..
?The notion that encryption is somehow different than other forms of destroying and hiding things is simply not true,? Lieu told The Intercept. ?Forty years ago, you could make the statement that paper shredders are one of the most damaging things to national security because they destroy documents that law enforcement might want to see.?
More Lieu, less McCaul and Steinbach, please.
The thing is, as we’ve noted before, what’s equally as disturbing as the ignorant statements from folks like Steinbach is that now, security researchers and tech companies are going to have to waste tons of time and resources explaining why all of this is not just “technically stupid” but actively makes all of us less safe. And they need to do that, rather than building stronger encryption, which is what we really need.
Filed Under: encryption, fbi, james comey, michael mccaul, michael steinbach, privacy, security, ted lieu
Comments on “Top FBI Official Says Tech Companies Need To 'Prevent Encryption Above All Else'”
“…ignorant statements from folks like Steinbach…” I would argue that they are willfully ignorant statements. Steinbach knows what he’s doing and is pushing this narritive on purpose. He is as aware as Lieu is of dark places, and how forty years ago they go along just fine. Steinbach just doesn’t want to lose something that makes the FBI’s job so much easier.
Re: Re:
I do not so sure that it actually makes their job easier because, they Hoover up as much information as they can and then try to make sense of it. Perhaps if the Internet and phones were heavily encrypted they would actually focus of the criminals, and that would make their job easier.
Re: Re: Re:
From my view the easier part is that they don’t have to leave their safe offices and go out into the big scary world to do their jobs. That they have more ‘paper’ to push around is an excuse to stay indoors where no one can ‘shoot’ you with their cellphones.
Re: Re: Re:
It depends on what you mean by “their job”.
If you mean “actually stopping terrorists”, then sweeping up everything makes their job harder (e.g. the clear red flags about the Fort Hood shooter, the Boston Marathon bombers, the Garland shooters, etc got lost in the information overload).
If you mean “collecting a paycheck until you can collect a pension”, well, then, yeah, being able to sit at a computer instead of wearing out shoe leather makes their job easier.
Re: Re: Re:
‘Hoover’ is such an apropos word in several different ways for this.
Re: Re:
He’s helping the FBI set up the “middle ground” option, the same that you would do with any project.
It’s the proverbial “here’s the cadillac option, here’s the ford focus option, and here’s the yugo option that you’d present as project options to your boss.”
This is (depending on your perspective) either the Yugo or the Cadillac option. He doesn’t expect to get it, probably doesn’t actually want it, and you can be certain he knows he’s coming off as sounding unreasonable/irrational.
But it’s going to make the “middle ground” option – when finally presented – sound oh-so-much better to the powers that be.
Re: Re: Re:
I don’t know…I’m not certain of that at all.
The more they push against encryption, the more ground (and credibility) they lose. Go take your dark-scary-place-terrorist platform back to 2001. We’re done with it.
Next argument
“Forty years ago, you could make the statement that paper shredders are one of the most damaging things to national security because they destroy documents that law enforcement might want to see.”
To which the FBI would no doubt say “Wow good point. We better get those banned too.”
Re: Next argument
Before shredders there were burn bags. They need to go back to the caveman era and sequester fire. That’s in their purview, right?
Re: Re: Next argument
Burn bags are still a thing in some environments. 🙂
Re: Re: Re: Next argument
You beat me to it. Burn bags are still used for very secure documents, because paper shredders only stop casual spies. More dedicated ones can and do reassemble shredded documents.
Where I work, everything gets burnt after being shredded. We don’t have burn bags as such, but instead we hire a company to take care of the disposal.
Re: Re: Re:2 Next argument
Also, shredding documents prior to burning ensures a more efficient destruction due to the resulting aeration.
Re: Re: Re:2 Next argument
That is a chink in your armor that the spy agencies can use.
Re: Re: Re:3 Next argument
Indeed yes. If it were my company, I’d do it differently, but it’s not. Also, where I work the primary concern is industrial espionage, not governmental.
Re: Re: Re:4 Next argument
Just make sure that your competition is not on the same round, and after you on your burn bag pickup.
Re: Re: Re:4 Next argument
I thought most governmental espionage was also industrial espionage? Like what the USA did to Airbus.
Re: Re: Re:5 Next argument
“I thought most governmental espionage was also industrial espionage?”
I don’t know if “most” fits there, but even if it does, it still remains true that most industrial espionage is not performed by the government. Most governmental industrial spying is also against foreign companies.
Re: Re: Next argument
I can’t find it online, but the original congress building in the US had something like 700 fireplaces, for exactly this reason.
TBF
“But you have a dark place in your home you can talk, you can meet in a park –- there are a zillion dark places the FBI will never get to and they shouldn’t because we don’t want to be monitored in our home.”
To be fair, there’s a huge difference between this and encryption; the ‘zillion dark places’ can be monitored with a warrant. All the warrants in the world can’t get them past encryption.
Don’t get me wrong, I think they just need to suck it up, but at least I understand why encryption freaks them out more than clandestine meetings in the dog park, amongst the hooded figures.
Re: TBF
Nonsense. Keyloggers and other bypass methods are well-known technologies. Of course, they need to be installed one device at a time, which is a bug for the Feds (who want to spy on everybody) but a feature for us (who want the Feds to obey the law).
Re: TBF
Actually they can monitor encryption. They just have to monitor the endpoints (key loggers, microphones, hidden cameras, etc). Same as they can monitor “the ‘zillion dark places'”. The key thing about encryption is that they can’t monitor between the end points. And since encryption prevents them from being able to monitor the middle, it means that whatever they do monitor doe require a warrant and so prevents the indiscriminate vacuuming of data on everyone.
I don't get it
Encryption is not something that is limited to computers.
Quoting Wikipedia: In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can read it.
You don’t need computers to do it. All you need is an agreement between the parties wanting to communicate with each other privately. They could agree to use a book as key and send each other just pairs of numbers, the first indicating a specific page, the second the place of a word on that page. Without knowing the book there is no way (at least that I know of) to decrypt such a message.
So, what is all the fuzz about?
Re: I don't get it
Two things: In today’s world, if you want secure crypto you either need to use computers or you need to be able to share a secret key (which requires a secure method of communication to begin with). Also, in the old days, strong crypto was very rarely used, but since computers make it easy, it’s common now.
don't forget the chinese
the russians, iranians, mafia, north koreans
they all need access too………
For the FBI to justify their jobs of course......
Just think how much weakened or lack of encryption helped the Chinese to OPM. And how much guaranteed work for the FBI this generated.
Re: For the FBI to justify their jobs of course......
Having abysmal security is almost the same as no security at all.
I like to think of the OPM data breach as a small way the US gov’t is walking the talk.
Re: Re: For the FBI to justify their jobs of course......
It’s actually much worse than no security, perceived security encourages more people to risk more important communication and data using the illusion of security.
Re: For the FBI to justify their jobs of course......
I bet that the people that are arguing for bad encryption also have never had their personal data stolen or exploited. If they were in that boat they would be saying lets encrypt everything.
Pssst
Is there a banjo player in farmer Johannson’s silo?
How can you tell a DHS employee is lying?
Their lips are flapping.
> there are a zillion dark places the FBI will never get to and they shouldn’t because we don’t want to be monitored in our home.” …..
Uhh…yeah, I think they already are being monitored in our homes through our PCs, TVs, smartphones and soon through all the “Internet of Things” devices.
Lieu has been great so far, but it’s interesting to see that even someone like him can’t really understand that we’re already passed that point and the situation is MUCH WORSE than he is imagining. If even he can’t see that, what can we expect from the technologically clueless politicians?
Please abolish the DHS along with the TSA. They are not just worthless, but downright harming to actual national security.
These morons are going to screw up and it’s going to be 100% their fault, but even then they’ll say:
“IF WE ONLY HAD MORE POWERS WE WOULD’VE DEFINITELY STOPPED THIS ATTACK!!”
if it’s that big an issue for him, buy Michael Steinbach a ticket to Iraq and tell him fuck off over there! see how long he lasts and how much he likes the government knowing so much about him that it knows what color his crap is before he drops it!!
they need to take a minute to consider the alternative
Let’s just say that no-one has access to encryption, just for the sake of argument. Everyone’s information is unprotected. In other words, if a malicious entity wanted to do whatever, then that entity would be able to easily sort through information to find a suitable victim. Arguing against encryption is arguing for making us all easier targets; to oppose encryption is to oppose security for those people the bozos are supposed to be trying to protect.
Re: they need to take a minute to consider the alternative
This behavior and the accompanying blather are nothing new for those with the statist mindset. Consider how many items you can use to complete the following paraphrase of mcinsand’s statement:
Arguing against [insert item] is arguing for making us all easier targets; to oppose [insert item] is to oppose security (or rights) of the people.
Wow
This guy is seriously calling having to get a warrant “going dark?” The only reason to say they cannot access communications at all is if they only do so without due process. Interesting how honest these guys can be when ignore the foolish point of their statements and read into the implications.
Never mind shredders
Matches!
We must ban matches, apparently if you burn a letter no-one can read it afterwards.
Oh and foreign languages, many people don’t even speak God’s good English how can we be expected to understand that?
Oh and whispering!
For pity’s sake when will they ban whispering, we must think of the children …
sounds of very small brain exploding …
When they outlaw encryption, only outlaws will have encryption
Do they really think that criminals and terrorists aren’t going to use encryption if it is made illegal? All this will do is ensure Joe Public is unsafe while criminals will have a field day. Next thing you know, they will make it illegal to have locks on the doors to your home and automobiles.
Re: When they outlaw encryption, only outlaws will have encryption
They don’t actually care about terrorists. There are not enough of those to keep them in business. They care about keeping Joe Public under their thumbs so they can keep their big budgets and cushy jobs.
Re: When they outlaw encryption, only outlaws will have encryption
If you make encryption illegal, you can, ipso facto, arrest and convict people simply for using it.
At that point, you don’t even have to worry about the nature of the presumed illegal activity the crypto-user might have been planning.
And in a networking environment where you can hoover up nearly all network traffic, people using crypto stick out like sore thumbs.
Re: When they outlaw encryption, only outlaws will have encryption
Not just criminals. I will continue to use strong crypto no matter what the laws say, but I am not a criminal by any rational definition.
Re: Re: When they outlaw encryption, only outlaws will have encryption
JkdJKjh@JJlkjl#1KKJJ!
Re: Re: When they outlaw encryption, only outlaws will have encryption
when encryption is outlawed, only outlaws will have encryption
So this must be the “Dark Web”
What's really missing here is effective oversight.
If this guy really believes what he’s saying, he should never have got the job and should be fired immediately, or at least demoted to walking a beat.
These agencies waste a fortune on people like this, but with effective oversight scaring them into actually doing their jobs as is expected of them, they’d be able to do multiple times better than they are now, and with far less. Instead, encouraging lazy minded and ignorant whiners like this, all that money just pours through the cracks in the floor.
All big gov’t agencies learn this truth eventually. Throw a fortune at them and they’ll find a way to waste it and come back whining they need more. Effective oversight is the only solution.
Oh, and fire the people who hired him and his immediate superior too. They’re apparently just as lazy or incompetent, or both. None of them are earning their continued employment and blue ribbon salaries.
encrytion?
http://www.nytimes.com/2015/06/06/us/chinese-hackers-may-be-behind-anthem-premera-attacks.html?_r=0
sigh
br3n
Burn bags, matches, and fire...
I’m old enough to remember when several large retailers in my area had an incinerator in back of their stores to burn their trash. Those were outlawed in the 1960’s. Today the only ‘incinerators’ belong to biolabs, hospitals, and mortuaries. Not all of them have an incinerator, and they all have to go through a use permit process to get one. If there is an incinerator belonging to the government in my area I don’t know about it. Likely burn bags are couriered to another area that has a legal incinerator.
Re: Burn bags, matches, and fire...
Sortof, yes. Private incinerators weren’t exactly outlawed, but they were regulated due to the amount of pollution they were producing. Private incinerators still exist, but as you say, they have to be permitted and conform to emissions rules.
"Above All Else"
We need to remove Luddites like this from our government. We have become a digital nation; our leaders MUST become digitally aware (if not savvy) – so our only recourse is to convince digital natives to step up and run – and for us to elect them soon -before these clueless ones finish ruining this country. These guys are worse than the first senators who declared they would never “dial a phone” as it was beneath their dignity (or over their heads).
All this talk about being afraid of going dark makes me want to send them nightlights.
Nomenclature Issues.
“Michael Steinbach, [is] arguing that above all else companies should work to prevent encryption.”
Nonsense! Mike, turn that frown upside-down — just announce and enforce a new mandatory business encryption standard. That solves all issues: mandatory encryption AND an automatic embedded security key that only the good guys* can use.
Double ROT-13 for consumers! High security issues? Use twice-as-hard quadruple ROT-13.
*BAD guys will be shown only the highly encrypted contents so absolutely no issues here.
All the security breaches lately say we need encryption more than ever
Just read the news on any given day lately, and there is some major data breach. We need better security, not weaker or no security. I think they are grandstanding with these arguments while they quietly are figuring out how to hack into anything.
Does the Government use encryption?
Why?
Should citizens be denied that same protection?
Why?
Re: Re:
“Does the Government use encryption?” A: Yes.
“Why?”: A: To protect itself and its citizens from the Very Bad People(tm) who wish to do Very Bad Things(tm).
“Should citizens be denied that same protection?”: A: Yes.
“Why?”: To allow the government to properly protect itself and its citizens from the Very Bad People(tm) who wish to do Very Bad Things(tm).
From a certain perspective, that logic makes a lot of sense. From most other perspectives, not so much. But when your job mandate is to make sure that “never again will there be a (9/11, world trade center, boston marathon bombing, etc)”, it must get pretty easy after a while to accomplish the necessary mental gymnastics. It’s the same pressure that eventually allows a person to turn everyone who disagrees with their methods into terrorist sympathizers.
Re: Re: Re:
So these guys don’t want any encryption, AND it looks someone just stole all the governments HR data. Seeing how these two super geniuses are government employees, I can only hope the group that has all that data, does something really fun, public and devastating with James Comey, and Michael Steinbachs social security numbers. This is going to be SO much fun to watch, where’s my popcorn.
Yes...Yes
*Mr Burns hands* we have to spy on every communication! If we don’t the world will end and a thousand years of chaos will rise! Muahahaha…
Sorry but statements like this just bring the worst out of me
Here’s something I wrote earlier. };)
encryption vs implementation.
I wouldn’t say we need stronger encryption- we need to eliminate weaker encryption; and more then anything, improve implimentation of the good encryption we have. Poor implimentation is the #1 threat to secure encryption.
Will The Terrorists Please Stand Up
Note to the House Homeland Security Committee:
The terrorists can be found at 1600 Pennsylvania Washington DC across town at Capitol Hill and across the Potomac in Arlington Virgina.
The classic example of meglomaniac!
The FBI seems to claiming the right and duty of eavesdropping on everything spoken, written or thought in the USA or the world. How better to describe a megalomaniac nutcase? The FBI seems to define themselves as insane both personally and institutionally, incrementally day by day with full political backing. Is somebody spiking the water supply in Washington with hallucinogenics the last 10 years.
"Going dark".
FYI, from Life after Snowden – journalists’ new moral responsibility:
It’s a good read summing up Snowden’s legacy (so far). I wonder why the administration is ignoring experts they themselves hired to inform themselves.
Re: "Going dark".
Because the experts are telling them things that they don’t want to hear. They don’t want experts, they want yes-men, people to tell them that what they’re doing is the correct thing, even, or especially if, it really, really isn’t.
FBI is terrorist.
The former soviet union went under about 20 odd years ago and no doubt various dictatorial regimes keep collapsing so there is no shortage of people willing to be despots and dictators to the free world.
You mean we have to be nice to the whole world and actually end poverty now? Or we have to say goodbye to online shopping.
So I assume the FBI does NOT encrypt their agents’ laptops. I assume that they have no problem with people getting their data. Oh, it’s a one way street? You can be trusted, but not the citizens? Oh, I see. No thanks, I’ll keep my information encrypted.