HideTechdirt is off for the long weekend! Looking for something to read instead? Check out our new Working Futures anthology »
HideTechdirt is off for the long weekend! Looking for something to read instead? Check out our new Working Futures anthology »

White House Takes The Cowardly Option: Refuses To Say No To Encryption Backdoors, Will Quietly Ask Companies

from the ridiculous dept

Last month, we wrote about a document leaked to the Washington Post that showed the three "options" that the White House was considering for responding to the debate about backdooring encryption. The document made it clear that the White House knew that there was zero chance that any legislation mandating encryption backdoors would pass. But the question then was what to do about it: take a strong stand on the importance of freedom and privacy, and make it clear that the US would not mandate backdoors... or take the sleazy way out and say "no new legislation for now." As we said at the time, option 1 was the only real option. You take a stand. You talk about the importance of encryption in protecting the public.

However, it appears that the White House has taken the cowardly approach. Yesterday, the leading voice in favor of mandating encryption backdoors, FBI Director James Comey, announced that the administration would not push for legislation to mandate backdoors... for now. But it will still push for backdoors quietly behind doors with companies.
After months of deliberation, the Obama administration has made a long-awaited decision on the thorny issue of how to deal with encrypted communications: It will not — for now — call for legislation requiring companies to decode messages for law enforcement.

Rather, the administration will continue trying to persuade companies that have moved to encrypt their customers’ data to create a way for the government to still peer into people’s data when needed for criminal or terrorism investigations.

“The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James B. Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.
This is a totally bullshit response. Of course the administration isn't asking for legislation: because everyone knows (1) it couldn't pass and (2) it would be a really, really stupid thing to ask for. In that leaked document last month, the administration noted that with this option public interest groups "would likely see this outcome as a solid win." They're wrong. This option is bullshit. It's one notch up from literally "the least they could do." It doesn't help anyone. It provides cover to countries that do want to undermine the tech industry and mandate backdoors. It leaves open the ways to pressure tech companies to secretly include backdoors that undermine everyone's safety. And, worst of all, it takes away any and all "high ground" positions for the administration to point out that it doesn't want to undermine the safety and security of the American public.

In short, the administration didn't take the strong stand when the strong stand was the only feasible path. There are enough people within the administration who know this is the stupid choice, and yet they still took it. A very weak move from an administration that should know better (and does know better), just to please some technologically-clueless law enforcement folks.

Filed Under: cybersecurity, encryption, encryption backdoors, going dark, james comey, obama administration, white house


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 9 Oct 2015 @ 7:35am

    "Safety? Please, our ability to spy on you trumps your right to privacy and security."

    “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James B. Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.

    One more time with feeling:

    The 'conversation' is over, and has been for decades.

    They're asking for the impossible with 'secure' broken encryption. Not 'difficult', not even 'extremely difficult' but flat out impossible. Encryption with a baked in vulnerability is by definition not secure. They know it, the tech companies know it, anyone with even the slightest bit of knowledge regarding any form of security knows it.

    That they continue to push for breaking encryption like this is just another piece of evidence showing that they don't give a damn about the public's safety, all they care about is that they be able to do whatever they want with the least amount of interference. Put the public at risk by intentionally sabotaging the security that protects their private information, from emails to banking? Why should they care, it's not their data at risk, and so long as they can grab as much data as they want, so what if others do the same?

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 9 Oct 2015 @ 10:59am

      Re: "Safety? Please, our ability to spy on you trumps your right to privacy and security."

      Oh but you just need a bit of magic and you'll get a perfect golden key, surely the bright technical minds can do it!

      Remember, magic!

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Oct 2015 @ 8:21am

    time to burn my windows machine and start trying to find microchip developers who don't bake vulnerabilities into their firmware

    reply to this | link to this | view in chronology ]

    • icon
      Aaron Walkhouse (profile), 9 Oct 2015 @ 8:40am

      Almost anything that predates Vista [2005?] should be safe,
      and they're not too slow for most uses other than the newest
      games. Look for ACPI motherboards without UEFI, max out the
      RAM and the CPU speed and it should last you quite a while.

      reply to this | link to this | view in chronology ]

      • icon
        Aaron Walkhouse (profile), 9 Oct 2015 @ 8:43am

        And if you use Windows stick to XP pro or Server 2003.
        Anything after that is not as trustworthy.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Oct 2015 @ 10:00am

          Re:

          Nothing is safe. Not Windows XP (still better then 8 & 10, do to the lack of DRMed software and spyware), not Linux, no Mac OS X, not anything. The NSA as security vulnerabilities on all popular operating systems, whether, they wore put the on purpose or not. There more, they have a program that brute forces anything they don't have vulnerabilities for.

          reply to this | link to this | view in chronology ]

      • icon
        techflaws (profile), 9 Oct 2015 @ 10:28pm

        Re:

        Almost anything that predates Vista [2005?] should be safe

        Really?

        reply to this | link to this | view in chronology ]

        • icon
          Aaron Walkhouse (profile), 10 Oct 2015 @ 8:06am

          That NSAKEY oddity never amounted to anything.

          My point is that pre-UEFI motherboards are far
          less vulnerable to BIOS infection and offer no
          obstructions to installing an operating system
          of your choice and your choice alone; even if
          you built it from scratch.

          It's a bonus that they still perform well enough
          for most uses, partly why PC sales are down lately. ;]

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Oct 2015 @ 8:37am

    Let's hope we can get Bernie Sanders to kill any left-over attempt to backdoor American technology when he becomes president - and this time for good (by supporting legislation that achieves that, too, not just new policies - right now Obama/NSA/FBI/DEA/etc are all actively fighting against any serious privacy/anti-spying legislation).

    reply to this | link to this | view in chronology ]

  • identicon
    Ben Dover, 9 Oct 2015 @ 8:44am

    Are you suffocating there James?

    James B. Comey - I know you're all about putting it to the backdoor, but seriously, pull your head out of your ass before you die from asphyxiation. You've already had your head there so long that you're nearly brain dead. If you want to continue to "exist" as a mental vegetable then do yourself a favor and remove your head from your ass.

    The entire world KNOWS that there is absolutely no way to backdoor encryption without breaking it.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 9 Oct 2015 @ 9:07am

    In other words, "we tried having a public debate, but we disagreed with the public, so moving forward, we're going to exclude the public from the debate."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Oct 2015 @ 9:12am

    Obvious Obama Administration Position

    And the American people will pay the backroom bribes for the backdoors to their stuff.

    reply to this | link to this | view in chronology ]

  • icon
    NeghVar (profile), 9 Oct 2015 @ 9:49am

    open-source

    Don't expect the open-source communities to comply

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Oct 2015 @ 11:42am

      Re: open-source

      Yes, and this means now more than ever you can no longer trust anything closed source from America.

      reply to this | link to this | view in chronology ]

    • icon
      art guerrilla (profile), 9 Oct 2015 @ 3:33pm

      Re: open-source

      you are assuming the 'open source' hive mind would know...
      they may very well not, for all kinds of reasons...

      moles, social engineering, bribery, threats, or other means of injecting the alphabet spook's code could/would be used...
      how would 99.999% of have any knowledge of such sophisticated attacks ? ? ?

      zey haf vays uf maching you sprech...

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 9 Oct 2015 @ 3:56pm

        The Open Source Hive Mind has been pretty forthright before.

        When the NSA was pushing the Eliptic Curve Random Number Generator (allegedly at the time to improve crypto strength), plenty of people saw that it could be a flawed algo that might have an exploitable weakness. Jokes were even made about the NSA baking in a backdoor.

        So the Open Source sector has detected these things before, and were distracted by social politics within the project. Now they have cause to be paranoid about it. I suspect they'll jump on any discovered exploit like Americans on a disruptive airline passenger.

        reply to this | link to this | view in chronology ]

  • identicon
    Adrian Lopez, 9 Oct 2015 @ 10:36am

    Initially, in a democracy, the government looks out for the people. In the end, the government looks out for itself.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 9 Oct 2015 @ 11:33am

      Jerry Pournelle's Iron Law of Bureaucracy

      In truth it applies to specific agencies, not the government as a whole (as it's too big and will go through changes and reforms).

      But yeah, future administrations are going to have to be engineered to curb this problem.

      But long before Bush and Obama have our administrations been looking out for themselves, or their plutarch masters before their alleged bosses, the American People.

      reply to this | link to this | view in chronology ]

  • identicon
    Anon, 9 Oct 2015 @ 11:01am

    Also...

    How secret will a secret back door be? After all, it only takes one person in the know to blab. Unless the backdoor software is handed to by the NSA, there will be a decent sized contingent of people who know of the project. All it takes is one to blab - and what are the odds one will develop a conscience, or find themselves with cancer and 4 months to live, or move home to and willingly tell the world since they can't be punished. Once the cat is out of the bag, the hunt will intensify for the elusive code. Plus, if there's a technique for "unlocking" then the key code will be platinum - would make a good basis for a spy thriller, no doubt.

    Plus, any critical code is obviously torn apart by every major country's version of the NSA, just looking for such back doors. Suggesting they may appear will simply make those foreign agencies more paranoid.

    I don't give the white house credit for this being a clever fake-out to make foreign agencies work overtime looking for nothing. More likely, I expect it to be a version of the old Law & Order tactic - "you can give us what we want, or we'll call the Health Inspector and every other regulatory agency and tie you up in knots for the next 5 years..."

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 9 Oct 2015 @ 11:40am

    This is how it's going to go down.

    Someone is going to say yes, and bake in their secret backdoor and probably get paid big bucks.

    Someone within that company is going to leak that there is a secret back door, and probably a couple of clues as to how to crack it.

    Someone will crack it. If they're smart, since whitehats get prosecuted these days, they'll go totally blackhat and use it for their own exploits.

    Someone will realize they got hacked

    The company will dismiss it as a aberration, probably human error.

    More people will get hacked. The backdoor will seep into the cracking community.

    At that point, with no way to trace it back to the leaks or the original cracking research, the backdoor will go public. Whitehats will quickly determine the back-door is not an exploit, but was willfully baked in.

    The company will lose all its user trust, as will the United States. As will any software exports from the US.

    reply to this | link to this | view in chronology ]

  • icon
    Will-INI (profile), 9 Oct 2015 @ 1:07pm

    This looks like a punt to me. They're trying to keep the FBI and NSA happy so they'll do this. But it's obvious they don't really care about it.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Oct 2015 @ 2:48pm

    State Actors

    Don't forget everyone they are no longer 3rd parties once they begin working with the government to circumvent your rights.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Oct 2015 @ 4:52pm

    Bend over America, the Chinese have found your back door.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Oct 2015 @ 3:18pm

    Backdoor access to cellphones is what everyone's after. The government administrations wants to be able to defeat cellphone encryption so they can spy on voice and text conversations.

    Cellphones will never be secure so long as the baseband radio transceiver's processor remains a black box full of secret closed-source backdoor exploits.

    The best privacy advocates can do is to connect separate hardware devices to their cellphones for handling the encryption process. Hardware encryption devices such as JackPair (http://www.jackpair.com).

    This way cellphones can be completely compromised and it doesn't matter. The cellphone is simply being used as a modem to the internet. Leaving the end-to-end encryption task to the uncompromised hardware device running free software.

    reply to this | link to this | view in chronology ]

  • icon
    sam1am (profile), 12 Oct 2015 @ 11:21am

    People are already looking for alternatives to American companies for anything where data security is essential. If a company is subject to national security letters, they can't be fully trusted. Now, this. This move will only ensure that security companies under the jurisdiction of the US government suffer while overseas companies increasingly secure American business.

    reply to this | link to this | view in chronology ]

  • identicon
    GEMont, 13 Oct 2015 @ 1:28am

    Predictable as flies finding turds

    "Rather, the administration will continue trying to persuade companies that have moved to encrypt their customers’ data to create a way for the government to still peer into people’s data when needed for criminal or terrorism investigations."

    An excerpt from my response to the techdirt article:
    Former NSA Directors Coming Out Strongly *Against* Backdooring Encryption - October 8

    "Tell the public that back doors are not cool and that we're dropping that whole idea in the waste basket, then secretly add back-doors to everything the public touches, using public money to bribe companies where possible, and when necessary, secret legislation to force the issue with the companies that balk at the idea."

    Looks like the Admin has decided to go back to doing things the old way, like the spy bosses want - secretly, behind the backs of Americans, using tax payer money for bribes and secret laws to make the criminal activities of the agencies legal and to force the companies that refuse to play ball, to assist in the crimes, or pay the price.

    Its obvious that the "persuasion" is already underway.

    Wonder if the secret legislation is already in effect.

    ---

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 13 Oct 2015 @ 2:24am

      Re: Predictable as flies finding turds

      It does make for a fantasy that open source options will get better funding, because there won't be any secret back doors in code you compile yourself.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 13 Oct 2015 @ 5:28am

        Re: Re: Predictable as flies finding turds

        To be technical, it is less likely that there is a backdoor in code you've personally examined, but there's no guarantee of it. It's possible to backdoor things in a way that requires so much examination to find that it can remain effectively hidden.

        The canonical example is Ken Thompson's login hack: http://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a/

        reply to this | link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 13 Oct 2015 @ 12:17pm

          Compilers that are compiled by the previous iteration

          This is a really dangerous practice, using the previous compiler to compile the next. What stops bugs from endlessly being inserted during compilation this way?

          I'd think if you wanted a clean compile you'd need it run by an original, assembler-written compiler, yes?

          And then the base compiler is sustained on its own and used only to compile the C-Compiler.

          A really bad case scenario: The NSA inserts their backdoor scheme into a commonly used C-compiler, and gets away with it for years. Then China gets a hold of the backdoor scheme (which is now in everything used in the US and much of Europe) and disseminates it to black-hat channels for maximum damage.

          Then, not only is everything exposed, but it can't be easily fixed without going back to a way outdated iteration.

          It's pretty scary.

          reply to this | link to this | view in chronology ]

        • identicon
          GEMont, 13 Oct 2015 @ 2:32pm

          Re: Re: Re: Predictable as flies finding turds

          "...less likely that there is a backdoor in code you've personally examined..."

          And it will behoove the snoop and scoop agencies to use more secret laws and whatever amount of tax-payer and drug-sale money necessary to insure that open source is at least partially compromised, since it will soon be the only choice left.

          What good is paying/forcing companies to put back-doors in their communications devices if the public can just switch to open-source coded devices?

          I see a huge agency-driven anti-marketing scheme in the future - a massively covered media scandal - where a well known open source product line will be "discovered" to be "evil".

          The best way to prevent open source from becoming the choice of a nation, is to scare folks away from it and make it look dangerous or criminal.

          A cheaper method than trying to find ways to add hidden back doors in user compiled software and a tried and true means of misdirection that has regularly proven effective in making Americans avoid something beneficial in the past.

          ---

          reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.