Just As FBI Looks To Undermine Encryption, Federal Government Searches For Better Encryption
from the left-hand,-right-hand dept
One of the most bizarre points that became clear in yesterday’s Senate hearings on encryption was that many Senators are so focused on the big bad threat of theoretical ISIS violence in the US, that they don’t understand the very real (and not at all theoretical) threat of our personal data that is being hacked into and exposed on a regular basis, often due to a lack of encryption. The ACLU’s Chris Soghoian summed it up nicely with the following tweet:
Congress: OPM should have encrypted federal employee data.
Congress: Apple has blood on its hands for encrypting user data.
Got it?
— Christopher Soghoian (@csoghoian) July 8, 2015
Congress: OPM should have encrypted federal employee data.
Congress: Apple has blood on its hands for encrypting user data.
Got it?
Indeed, there has been plenty of talk, including from Congress, over the fact that the Office of Personnel Management, whose computers were hacked to reveal all sorts of information on government employees (past and present), didn’t use encryption, in part because their computers were too old. To be fair, there are indications that encryption might not have mattered that much, since the hackers allegedly got working credentials to access the system, and thus may have been able to decrypt anything anyway.
However, it does seem quite telling that at the same time Congress is freaking out about the supposed evils of encryption, the National Institute of Standards and Technology (NIST) is trying to design a better system for encrypting emails via end-to-end encryption — the very thing that the FBI and some Senators have been complaining about.
The National Institute of Standards and Technology is designing a ?security platform? to authenticate mail servers using crytographic keys. The platform would let individual users encrypt emails.
The system aims to ?provide Internet users confidence that entities to which they believe they are connecting are the entities to which they are actually connecting,” according to a NIST draft report on the topic. A subpar system, the draft said, could result in “unauthorized parties being able to read or modify supposedly secure information, or to use email as a vector for inserting malware into the system,” among other consequences. The draft report is open for comment until Aug. 14, 2015.
NIST soon plans to issue Federal Register notices to vendors developing individual parts of the end-to-end system.
In other words, as clueless Senators and FBI officials demand ways to undermine end-to-end encryption, the folks who actually understand technology (NIST) are asking for stronger end-to-end encryption. Perhaps, instead of letting FBI director James Comey prattle on about how he doesn’t actually understand this stuff (as he said repeatedly), the Senators could have someone from NIST explain why end-to-end encryption is so important.
Filed Under: encryption, fbi, nist, privacy, security
Comments on “Just As FBI Looks To Undermine Encryption, Federal Government Searches For Better Encryption”
Entire US infrastructure is currently vulnerable to attack,
so the FBI wants to further weaken encryption?
Wake up & smell the bacon (oops, not a good thing to say in front of Congress)!
Forget about ISIS on Facebook; we’re at far greater risk from ISIS in our power plants, communications networks, banking networks, etc.
Re: Entire US infrastructure is currently vulnerable to attack,
Critical infrastructure has no business being connected to the internet. The only reason this is being done is because some people are lazy, stupid and cheap.
Almost right.....
The quote makes perfect sense if you include the missing part.
There, does that help?
Congress is all for encryption that they can use to keep them safe.
On the other hand Congress is against encryption when it it used by others and thwarts their ability to run roughshod over the Constitution.
The government had mostly unencrypted access to everyone’s data, as long as they followed the Constitution and did so legally. Since they have demonstrated that they can’t help themselves, now they have to deal with mostly encrypted access to everyone’s data.
It’s their [the governments] own short sightedness that has caused this problem. No amount of;
Is going to be believed…. nor should it be.
I don’t know how this can be explained to the FBI more easily than either you let people use encryption or you ban encryption. There’s nothing in the middle.
I’m sure FBI agents use off the shelf Apple and Android phones. Are they comfortable with China having a means to decrypt those phones? Because if one government can demand access, then every government can and going forward, China may very well be a more important market than the US.
They aren’t saying it, but I think the government wants either key escrow or to have all messages encrypted with their public key. They think it’s as easy as convincing Apple and Google to cooperate, but the reality is that this is all just mathematics. And it isn’t terribly difficult to create new secure communication apps. Once you exchange a secret key (and this can be demonstrated to school children or FBI administrators with finger paints), secure communication is relatively easy. Since the FBI can’t force rogue developers to include escrow or the FBI public keys, the only option is to make it illegal to use encryption.
Body of idiots
Congress would debate the wisdom of using toilet paper if there was hay to be made over it. Never underestimate the avarice of a politician, they make prostitutes and con men seem shy.
NIST… not a very good example, considering they’ve been successfully undermined by the NSA before (with regard to encryption tools).
Re: Re:
I remember NIST was mortified when that came out. They retired their own “standard” upon learning it was intentionally broken (aka. back doored).
Co mey stupid or what?
What I really don’t understand is how this FBI guy could even _mention_ the idea of banning crypto. I totally understand that some fuckwit like Cameron (like his predecessor Fox who likes to play into the hands of tyrants and features the same spine) is babbling somesuch nonsense.
But I’d actually expect the head of the FBI to at least get informed by its own department that this is a very bad idea, and prevented from making himself the laughing stock of security and law-enforcement professionals.
Since the bright guys at the FBI couldn’t manage to keep their boss from blathering such nonsense, and couldn’t have him removed immediately after he did it, I can only surmise that a) he’s either convinced it’s really a good idea, which put him on par with people that think the odds of winning in russian roulette are quite good, or b) he knows exactly how bad this is and supresses any sane voice within the FBI, because he’s actually craving for the next Führer.
Henlons razor states that you should never attribute malice for things that can adequately explained by stupidity, so I must assume Mr. Comey is not a fascist, but instead must conclude that he is is just utterly, abysmally, stupid.
Isn’t obvious to congress that the people (as in We The People) don’t want backdoors in their encryption? Isn’t the recent drive for encryption because the government has violated the trust of the people (We The People)? Are they going to pass a law that says you can not use any encryption except backdoored encryption and would that law pass constitutional muster?
Why is it so hard to understand that any backdoored encryption can be accessed by those other than whom the back door is intended for? Hasn’t recent history made that obvious?
Re: Re:
Just presume that FBI Director Comey does indeed understand that. The FBI is the leading domestic counterintelligence agency. So then, where does that train of thought lead you?
Why would our head of counterintelligence urge us to deploy defective defenses?
Re: Re: Re:
“Why would our head of domestic counterintelligence urge us to deploy defective defenses?”
You dropped something there. Fixed. Guess who that makes Comey’s adversaries. He’s not focusing on defending the citizenry. He’s annoyed he can’t yet find a way to put you in jail.
Re: Re:
Wrong people
Not to be pedantic or anything, but the tweet’s completely inaccurate. Members of Congress have said all sorts of things, but that’s not the same thing as Congress itself doing things. Also, it was the Executive Branch that was testifying at the hearing yesterday.
Really, really sloppy thinking.