FBI's James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It's Because They Haven't Really Tried

from the that's-the-spirit dept

As was widely expected, FBI Director James Comey appeared before two separate Senate Committees yesterday -- the Judiciary and the Intelligence Committees -- to talk about the "risks" of "going dark" if the government is not allowed to backdoor encryption. You can watch the Judiciary Committee hearing and the Intelligence Committee hearing at those two links. I'd embed the videos here on Techdirt as well, but I can't because (guess what?) neither offers an encrypted HTTPS version, so they wouldn't appear on our site, since we force HTTPS connections.

Most of Comey's comments were pretty much what you'd expect him to say, with a few clear themes repeated over and over again:
  • American ingenuity is great, so I don't really believe all these computer science experts who say that it's "too hard" to give the government access. I think they haven't really tried.
  • I don't have a proposal myself (which experts would ridicule for the problems it would create), but rather I'm just trying to "start a conversation" on this.
  • We have no data to actually support the fact that encrypted communication has become a real problem, but I can tell you scary stories about (boo!) ISIS.
That was about the crux of it. There were a few times where he would kind of admit that maybe, just maybe the computer scientists were right, but he still thinks they could try harder. The most ridiculous was where he literally said:
"Maybe the scientists are right. But, I’m not willing to give up on that yet."
Earlier in that same hearing, he said:
"A whole lot of good people have said it’s too hard … maybe that's so.... But my reaction to that is: I’m not sure they’ve really tried."
There are a few problems with all of this. First, he keeps claiming that people are saying it's "too hard." But they're not. They're saying it's impossible to give him what he wants without seriously undermining the basic foundations of private communications online. And that's not just private communications in the form of messaging, but also financial transactions, medical records, business dealings and the like. In short, the "solution" the FBI wants puts everyone at risk.

The second big problem is that it's fairly stunning that Comey keeps insisting that those bright minds in Silicon Valley can sprinkle some magic pixie dust and give him what he wants, but at the same time claims it's too difficult for the FBI to actually quantify how big a problem encryption is for its investigations. Furthermore, he can't even provide a single real world example for where encryption has been a real problem. Even when pushed on this, he noted that when the FBI comes across encrypted communications, they move on to other avenues to investigate those individuals. Which sounds a lot like encryption really isn't that big of a problem.

The lack of an actual proposal, and the idea that he's just "starting a conversation" is equally ridiculous, since this conversation was conducted twenty years ago and it was shown what a bad idea it was to backdoor encryption. The idea that we need to do this all over again is just stupid.

Two other quick comments: A few times Comey noted that some big companies are able to encrypt data, but still get access to the underlying content. He used this to argue that it's "possible." But he leaves out the fact that those are not end-to-end encryption, but something different entirely which is much less secure than end-to-end encryption. He's comparing two very different things without recognizing the massive trade off in security associated with what he's talking about. His technical ignorance -- which he underlined multiple times, is kind of bizarre. If he admits he's so ignorant, why does he brush off the arguments from people who have been in this field working on these issues for decades.

The other comment: multiple times he and some of the Senators hinted that the FBI actually stopped some sort of nefarious plot that was supposed to happen on July 4th weekend. As we noted, despite lots of hype on cable news, the FBI has been making these kinds of failed predictions ever since 9/11 without a single one turning out to be accurate. So it seemed curious that he and others kept hinting at the idea that the FBI had to work overtime last week to actually stop an attack. If true, then you'd think there would be an arrest somewhere, but nothing appears to have been announced. It seems likely that this was just more FUD, but we'll be curious to see if the FBI ever explains something that it actually did to prevent a real attack.

We'll likely have a few more posts about some of what was discussed at the hearing a little later. But it's not just troubling that Director Comey is pushing for efforts to backdoor encryption, he's wasting the time of lots and lots of smart people who should be focusing on making our communications more secure, rather than proving to Comey and elected officials how ridiculously short-sighted it is to make communications less secure.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 9 Jul 2015 @ 4:21am

    Sounds like James Comey would blame the mathematicians for not trying hard enough when they say they cannot make 2+2=5;

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Jul 2015 @ 5:43am

      Response to: Anonymous Coward on Jul 9th, 2015 @ 4:21am

      But 2+2=5 for large enough values of 2. 2.3+2.3=4.6 and when rounded using normal rounding rules you get 2+2=5.

      Why can't cryptographers just do that. Where is the sarc mark when you need one.

      reply to this | link to this | view in chronology ]

    • identicon
      David, 9 Jul 2015 @ 6:31am

      Re:

      2 + 2 = 5 for large values of 2.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Jul 2015 @ 6:43am

      Re:

      Eh, keep waterboarding 'em until they see five lights.

      reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 9 Jul 2015 @ 10:09am

      You laugh at trying to make 2+2=5 by fiat.

      But imagine how easy things would be if we could pass a low making Pi=3.

      Wow! All of a sudden circles are so much easier to understand!

      Now I get how mathematicians may look at that and feel such a notion is ridiculous. That's why we need a magical mathematics fairy, some kind of mechanism that allows pi to be 3.

      Seriously, I think we have a conversation about this.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 4:33am

    American ingenuity is great, so I don't really believe all these computer science experts who say that it's "too hard" to give the government access. I think they haven't really tried.


    American ingenuity is great, so I don't really believe all these FBI directors who say that it's "too hard" to catch all the bad guys. I think they haven't really tried.

    reply to this | link to this | view in chronology ]

    • icon
      SteveMB (profile), 9 Jul 2015 @ 6:49am

      Re:

      American ingenuity is great, so I don't really believe all these FBI directors who say that it's "too hard" to catch all the bad guys. I think they haven't really tried.


      Actually, we know for a fact that they aren't trying. There are several well-known ways to bypass encryption no matter how strong it is (plant hardware or software bugs to directly intercept keystrokes and display output, intercept EM noise emissions to remotely reconstruct keystrokes and display output). The FBI prefers to pretend that these alternatives don't exist because they're too much work and effectively limit them to individual targeted surveillance (i.e. what they're supposed to be doing) rather than mass surveillance (i.e. what they want to do, laws to the contrary be damned).

      reply to this | link to this | view in chronology ]

  • identicon
    Rikuo, 9 Jul 2015 @ 4:39am

    "The other comment: multiple times he and some of the Senators hinted that the FBI actually stopped some sort of nefarious plot that was supposed to happen on July 4th weekend."

    If they're able to stop these nefarious plots without backdoors...then why do they insist they need backdoors?

    reply to this | link to this | view in chronology ]

  • identicon
    avideogameplayer, 9 Jul 2015 @ 4:45am

    If I were these tech companies, I'd be ignoring the troll until an ACTUAL law was make them do 'backdoor encryption'...

    Otherwise, just keep encrypting everything...

    reply to this | link to this | view in chronology ]

  • identicon
    alternatives(), 9 Jul 2015 @ 4:46am

    they haven't really tried.

    Yea, because human beings are well known for their flawless creations and the later flawless working with those creations. Combine that with the kindness humans show fellow humans and the guidance under the Rule of Law and it is no wonder the position of 'didn't really try' was taken.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 4:48am

    RSA?

    banks are getting hacked all the time? do they use RSA encryption, as backdoored by NSA?

    reply to this | link to this | view in chronology ]

    • icon
      philnc (profile), 9 Jul 2015 @ 5:49am

      Re: RSA?

      But for sovereign immunity those banks would have overwhelmed the US government with lawsuits over the damage that bit of industrial self-espionage has done over the years.

      Talk about friendly fire.

      Anyone know what grade Comey got in first year Calculus, assuming he qualified to even take it?

      Suggestion: ALL public officials whose jobs involve making decisions on computer security issues be required to get at least a 2 year degree in computer science. If they can't cut it then they're disqualified from participating in those decisions. Not really that much to ask, given how many of them have gone out an earned an MBA on the public's dime to prepare for a future career in the private sector.

      reply to this | link to this | view in chronology ]

  • identicon
    Bengie, 9 Jul 2015 @ 5:16am

    Tanks

    I want you to build a weakness into your tanks that only we know about. We want to be able to attack the tank just right that it gets destroyed, but is not immediately obvious to others.

    reply to this | link to this | view in chronology ]

  • icon
    jilocasin (profile), 9 Jul 2015 @ 5:45am

    I think you've hit his _actual_ agenda

    I think you might have stumbled upon his _actual_agenda_:

    "...he's wasting the time of lots and lots of smart people who should be focusing on making our communications more secure..."


    You see he knows that what he wants isn't possible, he's just trying to slow things down by keeping all of the worlds top crypto minds tied up in this debate instead of focusing on making cryptography, stronger, more secure, easier to use, and by extension, more ubiquitous.

    He's not stupid, quite the opposite, he's being very very devious. It's a good thing for us that you have seen through his ruse.

    reply to this | link to this | view in chronology ]

  • identicon
    Jame, 9 Jul 2015 @ 5:48am

    Why?

    Because its imposible to prove something is NOT true. That's why.

    reply to this | link to this | view in chronology ]

  • identicon
    AJ, 9 Jul 2015 @ 5:49am

    They, like big media, just can't fathom the concept that they've lost absolute control. You can bet that this will pop up every so often until they figure out a way to get what they want, however impossible it may be. They've had a taste of the drug that is full access and they will never settle now for anything less.

    In their mind, laws and privacy don't exist. They are at the point now where they truly believe that it would be better to sink all the ships coming to port rather than let them dock not knowing whats inside of them.

    They won't ever stop, even if it means destroying the internet.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 5:55am

    "FBI's James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It's Because They Haven't Really Tried"

    We havent all tried murder yet.......shall we all try it tomorrow and see if we like it or not?!

    There are just somethings you KNOW Mr Comey.........the fact that you dont makes me question your morality, your agenda and ponder whether it is fucking wise to have you hold the position you have

    reply to this | link to this | view in chronology ]

  • identicon
    theOtherDude, 9 Jul 2015 @ 6:06am

    fun with words

    I thought "backdooring" was one of the NSAs enhanced interrogation techniques?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous, 9 Jul 2015 @ 6:21am

    The purpose of encryption is to keep information private.

    Handing over keys to the government defeats that purpose.

    Even if I somehow lost my mind and trusted the thieving, torturers and killers with my information - I wouldn't trust them to keep it safe.

    reply to this | link to this | view in chronology ]

  • identicon
    David, 9 Jul 2015 @ 6:34am

    Jurisdictional issue

    Despite it being brought up multiple times, he still hasn't talked about the jurisdictional issues. If the US has a backdoor, other countries will either have their own back door. If they can't have their back door, they simple will not allow the US products into their country knowing the US has a backdoor.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 6:35am

    "A whole lot of good people have said it’s too hard … maybe that's so.... But my reaction to that is: I’m not sure they’ve really tried."

    It is not "too hard" ... it is hugely stupid.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 6:51am

    I think Comey is stuck in a Moebius loop of ignorance and grandstanding. I have no other reasons to explain his continued crusade in this. I'd cite issues like the OPM breach, his lack of cases where encryption hindered investigations or anything credible, but you can't engage someone like this. Not with verifiable facts it seems

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 6:58am

    "I know all the experts insist shooting yourself in the face is a bad idea, but maybe it's because they haven't really tried it". -Jame Comey

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 6:59am

    and so he ignores all the effort of the NSA in backdooring encryption

    reply to this | link to this | view in chronology ]

  • identicon
    Crusty the Ex-Clown, 9 Jul 2015 @ 7:20am

    D'oh!!

    Paging Dunning-Kruger, Dunning-Kruger. Would Mr. Dunning-Kruger please call FBI headquarters? Your assistance is urgently needed.

    Sheesh.

    reply to this | link to this | view in chronology ]

  • icon
    Josh (profile), 9 Jul 2015 @ 7:39am

    Drinking

    I'm Mormon and don't drink. I have seen what happens when people get drunk off their rocker and think it's a bad idea. Do I need to hammered to make sure it is?

    Advise would be helpful.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 7:46am

    Mathematicians have been trying for over 2,000 years to find a better way to do prime factorization of very large numbers and no one has found the better mouse trap. In the U.S., more than 50% of mathematicians are employed by the government. Mr. Comey has all of the resources he needs in order to backdoor encryption.

    Methinks Mr. Comey is a moron.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 9 Jul 2015 @ 10:18am

      I thought there was a quantum solution

      This is where I get to reveal my ignorance on this subject.

      I know the current quantum computers on the market can't do this fast large-number factorization yet but we have a quantum algorithm -- Shor's Algorithm -- to do it once we can make such a computer.

      ...And guess who wants the first one off the block...

      ">Here we go. Tick tock tick tock tick tock...

      To be fair, I think perfect forward secrecy serves as a workaround for the problem, but still miles to go before the internet sleeps.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 9 Jul 2015 @ 10:19am

        Re: I thought there was a quantum solution

        reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 9 Jul 2015 @ 10:42am

        Re: I thought there was a quantum solution

        I did not expect a Robert Frost reference in an FBI surveillance story. :-)

        reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 9 Jul 2015 @ 3:41pm

        Re: I thought there was a quantum solution

        Yes, but the other side of that coin is that quantum computers also theoretically allow new forms of encryption that are prohibitively difficult for quantum computers to break.

        This sort of thing has been going on for the thousands of years of crypto history. It's always a back-and-forth where strong crypto is developed, then a stronger way of breaking it is developed, then even stronger crypto, and so forth and so on.

        reply to this | link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 10 Jul 2015 @ 12:52am

          Re: Re: I thought there was a quantum solution

          I think the advantage to quantum-only encryption / decryption is that the early computers will be prohibitively expensive for small-time criminal enterprises. Only large governments and larger corporations will be able to afford to run a quantum mainframe, or gain access to one.

          Some of the time of the Google / NASA D-Wave is made accessible to students worldwide who have jobs that require quantum computing, so it's possible for the public to get some access to the quantum machines we have.

          It's going to be a while before our phones or personal data are encrypted with technology that requires quantum manipulation, however we may find non-quantum encryption that still can stump quantum cryptanalysis.

          But the current asymmetrical encryption that we rely upon for secure data exchange on the internet is going to fold once we develop a device that can quickly factor large numbers. And we don't have another asymmetrical scheme yet in place to replace it when that happens.

          reply to this | link to this | view in chronology ]

  • icon
    Peter (profile), 9 Jul 2015 @ 8:10am

    Can you keep America safe without destroying people's right to privacy and due process of law?

    "A whole lot of good people have said it’s too hard … maybe that's so.... But my reaction to that is: I’m not sure they’ve really tried."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 8:23am

    Proof, or it didn't happen!

    See that is the really big whopping evidence for me that they really don't need the powers they have been granted, or anymore power for that matter. If they had just once done something great with things like torture, mass surveillance and all those filthy ways they use, then they wouldn't be reluctant to share their achievement. They would post it in big letters with a huge show of bragging and justification.
    They have released information about cases that were disproven, they have lied and they have told scary stories.
    I very much suspect that is the only things they have at all. If they had anything more, at all, they would have released it to hold over our heads every single time anyone tried to oppose them.
    The single greatest proof is the very lack of proof.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 8:43am

    I don't think James Comey understands what the word "expert" means.

    All the medical experts seem to agree that self inflicted gunshot wounds to the head are a bad idea. Comey needs to put a gun to his head and see if those experts are right, before ignoring those other experts on backdoors.

    Is there no one out there who will rid us of this troublesome director?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 8:51am

    James Comey is the guy who binge watches "Scorpion" because he thinks it's realistic.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 9:00am

    what about this idea?

    how about the FBI send up some spy satellites on a $100us budget and a pack of gum? It should be possible just very very hard to do, right? What he fails to realize is that some things are just flat out impossible to do.

    reply to this | link to this | view in chronology ]

  • icon
    nasch (profile), 9 Jul 2015 @ 9:20am

    Then why?

    Even when pushed on this, he noted that when the FBI comes across encrypted communications, they move on to other avenues to investigate those individuals. Which sounds a lot like encryption really isn't that big of a problem.

    Then why is Comey so obsessed about it?

    - he's just stupid (simple answer but probably too simple)
    - this is a smokescreen (for what?)
    - encryption makes bulk collection useless
    - he wants everyone to think the FBI can't deal with encryption so they feel safe using it

    Put on your foil hats and come up with some other reasons!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Jul 2015 @ 9:36am

      Re: Then why?

      Then why is Comey so obsessed about it?
      In the case of someone like New York County District Attorney Cyrus R. Vance (yesterday's testimony before Senate Judiciary), it's reasonable to presume that he just doesn't have enough foreign policy or economic affairs experience to have really thought through the various factors.

      But, in contrast to Mr Vance, FBI Director Comey has a counterintelligence mission for his agency. In addition, Mr Comey's agency is also tasked with intellectual property cases, and with corporate espionage case, so that his brief includes some matters of economic affairs.

      If one really starts speculating why Mr Comey would advocate destroying American technology's competiveness in the world market...

      reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 9 Jul 2015 @ 9:54am

        Re: Re: Then why?


        If one really starts speculating why Mr Comey would advocate destroying American technology's competiveness in the world market...


        Go on...

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Jul 2015 @ 10:00am

          Re: Re: Re: Then why?

          If one really starts speculating why Mr Comey would advocate destroying American technology's competiveness in the world market...
          Go on...
          If Mr Comey is acting as an agent of influence for a foreign power, then we should probably expect to be able to find two things:

          • A means of communication with the foreign power or individuals.
          • A motive: money, ideology, compromise, or ego.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Jul 2015 @ 9:41am

      Re: Then why?

      Then why is Comey so obsessed about it?

      Because he is a politician, and anything that limits what he can do is abhorrent.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 9:49am

    FBI wants to backdoor all shredders, as well

    The FBI wants to put a wifi scanner into every shredder, so that the bad guys can't shred stuff w/o the FBI getting a copy.

    reply to this | link to this | view in chronology ]

  • identicon
    Maryanne k Snyder, 9 Jul 2015 @ 11:25am

    He's a "privacy denier"

    He knows exactly what he's doing. It's the same political and rhetorical trick developed by the cigarette companies of "keeping the controversy alive." disregard the experts, deny the science, insist its an open question, keep repeating he just wants a conversation, repeat. We see it used by the the creationists, the anti-vaxxers, the climate deniers.

    reply to this | link to this | view in chronology ]

  • icon
    tqk (profile), 9 Jul 2015 @ 2:06pm

    I hate dumbth.

    American ingenuity is great, so I don't really believe all these computer science experts who say that it's "too hard" to give the government access. I think they haven't really tried.

    Sigh. Hasn't every high tech startup geek heard that from his (nominal) superiors? "Boss: I have this brilliant idea! All we need to do is $Something_Magical_Happens_Here, and we'll all be rich and famous!"

    Oh, and I (tech geek) need to figure out what $Something_Magical_Happens_Here means.

    Comey's a twit.

    reply to this | link to this | view in chronology ]

  • icon
    Wyrm (profile), 9 Jul 2015 @ 2:09pm

    It's a kind of magic

    Sounds to me like this guy expects developers to do magic.
    He doesn't want to do work, as he (more or less) proved that he can arrest terrorists without backdoors. He just has to actually do work and he doesn't like it.
    What he wants is a magical button on his computer "press here to arrest terrorists" and the terrorists get magically teleported in prison.
    On second thoughts, no, he doesn't want that. He wants a magical button "press here to arrest terrorists" and FBI agents are teleported to the terrorists (along with a TV crew) to show how much the FBI is needed.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 8:56pm

    James Comey demonstrates the faith-based approach to cryptography.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jul 2015 @ 9:06pm

    The debate is over. It's been over since the 1990's with the last Crypto War. Director Comey is just a sore loser.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Jul 2015 @ 4:03am

    Have you asked your pig to flap its legs really really hard to see if it can fly?

    Have you tried making it grow wings?

    "I just want to start a conversation", isn't that how you get shanked or is it just before you start shanking people.

    reply to this | link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 11 Jul 2015 @ 8:15am

    Next up, Comey insists that American chemists can turn lead into gold and American doctors can resurrect the dead if they'd just try harder.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 11 Jul 2015 @ 8:31am

      Re:

      Next up, Comey insists that American chemists can turn lead into gold...

      Not chemists, but I think maybe nuclear physicists could do it.

      reply to this | link to this | view in chronology ]

      • identicon
        GEMont, 11 Jul 2015 @ 1:28pm

        Re: Re:

        And indeed they would turn lead into gold except for that simple problem - the one that led directly to the end of the use of Nukes in war - Radioactive Gold is a bitch to spend.

        reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Copymouse
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.