James Comey's New Idea: An International Encryption Backdoor Partnership

from the let's-all-share-the-pain-equally dept

FBI Director James Comey is still pitching encryption backdoors, despite there being almost no one -- from the Intelligence Community to legislators around the world -- interested in what he's selling. Comey claims to be sitting on a pile of encrypted devices the FBI can't get into, even with help from outside contractors.

His latest backdoor idea was floated at a national security symposium at the University of Texas. Knowing any legislated backdoors might result in US device customers turning to overseas suppliers, Comey thinks he can minimize domestic fiscal damage by getting the rest of the world to fall in line with an idea most foreign governments still find unpalatable, even as they suffer terrorist attacks with a far greater frequency than we do at home. Michael Kan has more details at ComputerWorld:

Speaking on Thursday, Comey suggested that the U.S. might work with other countries on a “framework” for creating legal access to encrypted tech devices.

“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said on Thursday.

Comey doesn't say how he plans to set this in motion. He's had no luck on the domestic front, so hoping for an "international framework" to spring into existence is, at best, inordinately hopeful. He directly addressed one of the many concerns device makers have about encryption backdoors, stating he had no desire to "chase innovation" out of the US. But that doesn't mean he's not interested in harming US innovation. He simply believes every country in the partnership should suffer equally.

As always happens when Comey opens his mouth about encryption, plenty of experts in the field are on hand to criticize his comments.

“I don’t think it makes sense,” said Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California Berkeley.

Comey’s idea means that all countries will essentially agree to weaken the security in their vendors’ tech products, Weaver said. However, other countries will balk, fearing that the U.S. might exploit the cooperation for spying purposes.

“Would you still use a U.S. product, even if you know the NSA (National Security Agency) could have the rights to it?” he said.

Most of our allies around the world are still stinging a bit from multiple national security leaks -- some of which have exposed nearly as much intrusiveness of their own security agencies as they have about the NSA's reach and grasp. With the NSA heavily-involved in diverting hardware shipments to implant backdoors, no one's in any hurry to add their country to the list of "buyer beware" electronics.

Even if most of Europe agrees to weaken encryption to make law enforcement easier, there's no preventing non-partner countries from taking advantage of security holes to engage in greater domestic spying and civil rights abuses.

And, as is always the case when Comey opens his mouth about encryption, it's again suggested the nerds of the world are simply not applying themselves when it comes to "safe" backdoors.

[O]n Thursday, Comey said the tech industry can find an approach that creates government access, while keeping malicious actors out.

“I reject the, ‘it’s impossible’ response,” he said. “I just think we haven’t actually tried it.”

Counterpoint from Nate Cardozo of the EFF:

“It’s childish to stomp your foot, and say, ‘nerds you have to try harder,’” Cardozo said.

That's Comey all over: insisting he's right despite nearly no one else in the world agreeing with him. The phones he can't get into are apparently viewed as a personal insult -- a middle finger from device makers to the feds. He claims device makers shouldn't "decide how [their customers] live" by providing default encryption. He feels it should be left up to customers whether or not they want that level of security.

He makes this claim while pitching backdoors that remove that choice, allowing the FBI to tell Americans how to live: less securely, because criminals and terrorism. Again, classic Comey -- who handles every discussion of encryption like a child. He's not guileless, not by far. But he so deeply believes in the inherent "rightness" of his arguments that he's unable to see their inconsistency and incoherence. Or worse, he does... but just doesn't care.

Filed Under: backdoors, encryption, fbi, going dark, james comey

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 30 Mar 2017 @ 2:42pm

    Re: Why Don’t The NSA Do It?

    This is a very good question.
    Nobody needs to get the full source code for programs or OS' in order to come up with a basic overview of how this could be achieved. Just a crude description or drawing would go a long way to prove his point, so why is it that he hasn't even shown that? It is not because they don't have access to the people, but because everyone he has gone to has said the same thing: "It can't (and shouldn't) be done!".
    I refuse to believe that he hasn't gotten the message 1000 times by now, so what I imagine he is doing now, is trying to get a good old regular backdoor without any regard for the consequences.
    It is almost as if you could believe that he were working for terrorists as hard as he is trying to create chaos and destroy the infrastructure.
    (As a note: No I don't really believe that... he is just a power-hungry, greedy, and stupid person)

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.