FBI Director Complains About Encryption, Offers To Sacrifice Public Safety In The Interest Of Public Safety
from the an-argument-divided-against-itself dept
FBI Director Christopher Wray offered testimony to the House Judiciary Committee at a hearing entitled “Oversight of Federal Bureau of Investigation.” Not much in terms of oversight was discussed. Instead, Wray took time to ask for a reauthorization of Section 702 before using several paragraphs of his prepared comments to discuss the “going dark” problem.
It picks up where Wray left off in October: offering up meaningless statistics about device encryption. Through the first eleven months of the fiscal year, the FBI apparently had 6,900 locked phones in its possession. Wray claims this number represents “roughly half” of the devices in the FBI’s possession. The number is meaningless, but it serves a purpose: to make it appear device encryption is resulting in thousands of unsolved crimes.
That number has been updated in Wray’s latest comments [PDF]:
In fiscal year 2017, the FBI was unable to access the content of approximately 7800 mobile devices using appropriate and available technical tools, even though there was legal authority to do so. This figure represents slightly over half of all the mobile devices the FBI attempted to access in that timeframe.
This number will always grow. And it will always be meaningless. There’s no context provided by the FBI, nor will there ever be. The FBI needs us to believe every locked cell phone contains evidence crucial to investigations and prosecutions. It needs us — and our Congressional representatives — to believe thousands of criminals are roaming the streets thanks to device encryption. But it should make people wonder how the FBI ever managed to complete investigations successfully before the advent of cell phones.
Wray goes on to make familiar complaints. Metadata isn’t enough to generate evidence needed for convictions. (But Wray still believes every uncracked phone is loaded with just such evidence. Nothing provided by the FBI shows how many times accessing phones fails to produce prosecution-worthy evidence.) Hacking into phones isn’t a solution that scales. (This is dubious as well. If hacking into phones can’t scale, then the ongoing existence of companies like Cellebrite is a mystery. The solution must work often enough, across several models of phones, to justify the millions being spent by US law enforcement agencies.)
Finally, Wray again presents a intellectually dishonest equation.
Some observers have conceived of this challenge as a trade-off between privacy and security. In our view, the demanding requirements to obtain legal authority to access data—such as by applying to a court for a warrant or a wiretap—necessarily already account for both privacy and security.
“Some” observers may say this, but they’re not the sort of observers worth observing. The real tradeoff is personal security versus government access. The FBI is willing to trade away citizens’ personal security for easier access — something only the FBI benefits from. (And as to how often access is truly a benefit, we’re deliberately left in the dark. The FBI is unwilling to divulge how many accessed phones are dead ends and how many cases it closes despite the presence of a locked device.)
This willingness to make personal device use less safe for millions of phone owners is inserted directly into heartwarming statements about public safety. According to Wray, the existence of devices the FBI can’t access is a public safety issue. This is said despite no evidence being provided there’s been a correlating rise in criminal activity. We continue to live in an era of unprecedented safety — even with the threat of worldwide terrorists organizations being supposedly omnipresent. The spikes in homicide rates experienced in a few cities do not indicate a new era of lawlessness being ushered in, led by criminals emboldened by device encryption.
If Wray gets his way, the public will be less safe. Encryption will either be backdoored or no longer an option. For years law enforcement asked cell phone providers to give their users more protection against device thieves. Encryption prevents thieves from doing much more than stealing a phone. They can’t harvest personal info or directly access sensitive services accessible from a stolen phone. Now that companies are offering this, the FBI is complaining about its lack of access.
The numerous leaks of hacking tools from the CIA and NSA show the government can’t be trusted with encryption backdoors. If the FBI truly values public safety, it would drop the anti-encryption arguments and continue working with companies to make cell phone use safer. Instead, it takes its misguided complaints directly to Congress, dropping hints that it would like a legislative “solution” — mandated backdoors or an encryption ban — rather than the tools it already has.
Filed Under: backdoors, christopher wray, encryption, fbi, going dark
Comments on “FBI Director Complains About Encryption, Offers To Sacrifice Public Safety In The Interest Of Public Safety”
LEO has been complaining about encryption since its inception. Is there any reason to believe any real changes are on the horizon?
Re: Re:
Is it true that the Romans complained about rot13?
Re: Re: Re:
Decrypt unto Caesar what is his (but don’t use his cipher; despite his claims, not everything is his).
What if WWII London had used such 'logic?'
Imagine the London authorities, or those of any other target city, had used the same ‘logic.’ People turning out lights or covering windows with blackout curtains would be suspect. After all, if authorities can’t look in from the streets, those people might be committing nefarious acts. So, what’s the solution? Why have all people required to keep windows open and rooms lit, of course.
Dishonest comparisons
When clamoring about the number of crimes that could additionally be solved given weakened encryption, law enforcement conveniently forgets to mention the number of crimes that could additionally be committed given weakened encryption.
And that’s quite relevant even without looking at crimes committed by law enforcement (for which laws and the constitution, its own convictions notwithstanding, are not optional).
Re: Dishonest comparisons
” the number of crimes that could additionally be solved “
LOL – like any crimes have been solved due to the ridiculous number of cameras everywhere, why would enc back doors be any different … these people are blowing smoke
Re: Re: Dishonest comparisons
Oh they do, and no-one is saying backdooring encryption wouldn’t get some bad guys.
The problem is the price and the non-existent evidence of it’s effectiveness. Oh and the potential for and history of abuse.
fantasy conversation
“In fiscal year 2017, the FBI was unable to access the content of approximately 7800 mobile devices using appropriate and available technical tools, even though there was legal authority to do so.”
“Can you tell us more about this legal authority?
“Uh… no.”
“Were these devices in your custody?”
“I’d… rather not say.”
“Was encrypted data on all of these devices?”
“I cannot comment on that.”
“Did you, in fact, gain access to any of these devices?”
“I cannot comment.”
“You do understand that strong encryption cannot be broken after the fact, right? It must be broken before it’s installed.”
“I’m not sure that we– I think we should not jump to–“
“Let’s say that some of these devices are in your possession and are encrypted in such a way that you cannot read them, can we suppose that?”
“Yes, we can suppose that, that is a–“
“Then why are you holding onto them?”
“That’s all the time we have.”
Re: fantasy conversation
This was my initial thought. If they still possess the devices, either they already are or have pursued charges against someone, or else they’re holding personal devices of people who they don’t have sufficient evidence against. If they’ve already gotten convictions, cracking the phones are unnecessary. If they haven’t gotten convictions, the phones should be returned to their owners.
They seem to be imagining James Bond scenarios where they need to crack a phone in order to stop a bomb from going off in the next five minutes.
Re: Re: fantasy conversation
“They seem to be imagining James Bond scenarios where they need to crack a phone in order to stop a bomb from going off in the next five minutes.”
Not surprising. A lot of people defended torture not so long ago by apparently confusing reality with an episode of 24, so why not Bond as well?
Re: Re: Re: fantasy conversation
That 24 show was soooo stupid at first, but then it became sorta like a snuff film.
Re: Re: Re:2 fantasy conversation
I did love the first few seasons, as it got progressively sillier trying to find new ways to keep Jack Bauer away from his main mission and create a new cliffhanger every episode. It lost me when I recognised that all the scenarios were variations on the same themes, but it was fun while it lasted.
Snuff film? Not really, but when politicians are literally using its plotlines as justification for real-life torture, and don’t seem to understand that it’s highly unrealistic fiction? That is very concerning.
Re: Re: Re:3 fantasy conversation
Big deal. Look at the Star War movies.
No more Jedi, then a new one comes around. The Empire builds a big ass weapon and the alliance blow it up.
Isn’t that the plot line for about 4 of the movies?
Re: Re: Re:4 fantasy conversation
Well, in space you obviously have to cover at least blowing it up, down, left, right, fore, and aft. Stopping at blowing it up would make for biased gravity.
Re: Re: Re:3 fantasy conversation
“Snuff film? Not really,”
I guess snuff does not include torture, same idea though.
Re: Re: Re:3 fantasy conversation
I think the second nuclear bomb explosion was a shark jumping moment.
Re: Re: Re:4 fantasy conversation
If you are bored by nuclear explosions, try a supernova. Fun fact: exploding a hydrogen bomb right on your face does not give you a billionth of the radiation replacing the sun with a supernova would.
They are, like, really bad for the neighborhood.
Re: Re: Re:5 fantasy conversation
If a hydrogen bomb explodes right on my face, I don’t think I will care one way or another how much stronger a supernova would be.
Re: Re: Re:6 fantasy conversation
I can only think about a very quick barbeque round…
Current encryption of phones is directly attributable to the use of those phones. As everyone from banks to ISPs and the cell phone manufacturers to the Operating Systems offer financial applications, they must, at the same time, also offer the requisite safety.
If the police can bust into my phone through a back door, then so can anyone else. The Fourth Amendment is not just a bunch of words.
Re: Re:
This is not just about mobile phones. It’s about all encryption.
Until it becomes illegal to talk in code, I can’t see how they will ever prevent encryption – just make it harder to obtain by the people who will be more at risk.
Re: Re: Re:
Some fools think it should be illegal to speak in foreign languages
Re: Re: Re:
“I can’t see how they will ever prevent encryption”
They can’t. They can make it more difficult for non-criminals to use effective encryption, and they can make it impossible for people to offer legal off-the-shelf solutions. Encryption itself will be alive and well.
Hence, the concerns about the skewed effects on the general population. You can’t force a dedicated terrorist to use a government-approved encryption system, but you can certainly introduce a way for criminals to be able to access everybody else’s sensitive data more easily.
Re: Re: Re:
Encryption is achieved by mathmatical algorigthms. It’s quite easily implemented through a few lines of code.
Although device encryption can be weakened by their manufacturers, 3rd party encryption can always be added on top of it.
Simply adding a strong password on an application to encrypt it’s data is enough to foil these ham-fisted attempts to peer into general public’s private data.
The question here is that most people is unaware and as long as they have their iPhones, Alexas and Starbucks they don’t actually give two flying flocks about it.
And governments all over the world are taking advantage.
Personally, I don’t mind that the government look into my porn folders nor anything else, I do tend to overshare my life nonetheless. But for key individuals, like company CEOs, engineers etc, it may open a hole for Government Sponsored corporate espionage.
We’ve all heard this before, about systems like Prims and Echelon being used to steal proprietary information from EU companies and feed them to US companies.
Anyway, if you want unrestricted access, if we are nothing more than sheep, at least tell us so, and don’t hide behind excuses as “Public Safety” or “Crime Fighting”.
Re: Re: Re: Re:
“Encryption is achieved by mathmatical algorigthms. It’s quite easily implemented through a few lines of code.”
One does not need to write an algorithm inb order to encrypt something. In addition, writing the code is not as easy as one may think – just look at all the bugs and associated exploits.
Re: Re: Re:2 Re:
Writing code is not as hard as one may think. I do it on daily basis. If you have a sense of logic you can code. Programming languages are a matter of sintax. If you have the logic skill, you can code if you want.
Is the FBI an actual illegal entity?
We see them being non-responsive here, they stonewall or just plain refuse to give congress information (who has oversight.)
There are reports of the FBI having an internal culture of sexual harassment and actually use information of agents having affairs as blackmail.
An FBI Director whining about encryption isn’t news.
one order of the usual please.
As usual, the new law or regulation will be bringing about the very thing they “claim” it would prevent.
“Public Safety” has always been the altar where liberty is sacrificed.
Re: one order of the usual please.
The question is – whose public safety?
Certainly not the general public.
1984
Everytime I read about this lack of respect for personal rights, such as privacy, I remember this lyrics from a Tim Minchin’s song.
“It’s just like 1984, well,
Even the late Georgey Orwell
Would surely think he was hearing a fiction
If you tried to describe how far this shit’s gone
Would presume you were taking the piss
Being happy with technology like this
Where you can sit n watch Jimmy on the Big Fat Quiz
Whilst peering into the letterbox of that swanky flat of his.”
You go first, Mr. Wray
I have yet to see the FBI or any part of the government approach Apple or Google and ask if they can have a special version of iOS or Android for government employees only that features breakable encryption.
If they are confident that this can be done, then there is nothing stopping them from leading the way and showing everyone else how safe it can be.
I wonder what the Vegas odds would be if the FBI or any part of the U.S. government did exactly that. I just guessing that the odds would be infinity:1.
Re: You go first, Mr. Wray
∞ x ∞:1
It’s like an angry toddler demanding what can’t be achieved.
Shhh. The adults are having a conversation about security.
Re: Re:
Speaking of angry toddlers… I’ve heard that the real reason for this push is that Mueller’s investigation has gotten stuck because of smartphone encryption. Pass it on!
Not hardly
The FBI is willing to trade away citizens’ personal security for easier access — something only the FBI benefits from.
Nonsense, far more than the FBI benefits from crippled encryption, think of all those hackers, identity thieves, stalkers, terrorists and various other criminals who would massively benefit from such an action.
Take them into account and the FBI is actually only a small slice of the total that would benefit from crippled security measures.
” FBI apparently had 6,900 locked phones in its possession. Wray claims this number represents “roughly half” of the devices in the FBI’s possession.”
And they cant count the rest?? They are all sitting in piles with no TAGS..
https://www.kanda.com/blog/programming/copying-serial-eeproms/
This is a basic link, of tings WE DID YEARS AGO, and what should be able to be DONE NOW..
But I dont think our INTELLIGENCE AGENCY is very smart..
Get a Dummy phone, with a removable ram…COPY the original CHIP DATA(not the OS) AND DUMP it onto a CHIP and plug it in..
And even if it cant be read.. The OS programing has been on the net for years..and they could PAY someone to RE-DO/OVERWRITE/create another OS that would read any data ON THAT CHIP.. At least REMOVE the part that Encrypts the data..
An Encrypted chip, MUST have the DECRYPTION in the RAM..so that it can be changed/passworded..
Re: Re:
I’m sorry if this sounds harsh, but you seem to have some serious misconceptions about how cryptography works.
Re: Re: Re:
30 YEARS dealing with them and I think I have a good idea..
Unles syou want it hard coded and use an internal encryption, based on hardware serial numbers..Or you want a rotating one(which would kill your battery in a week, and 2/3 of the people would forget it..)
Finger encryption,, Dont make me laugh..Face ID…not really, unless you know a few tricks..KEY/FLASH CARD..maybe(but you need to remember to REMOVE IT)..
If you want a few more tricks I could give you a few you may not know..BIO-METRICS SUCK..because you CANT CHANGE YOURS..(can be augmented, IF you know how)
But they all must be stored in RAM..And it can be found..
Re: Re: Re: Re:
As Han Solo so eloquently put it…
“That’s not how The Force works!” (But change The Force with Encryption”.
You can encrypt data and keep the key off memory. That the purpose of both symmetric and assymetric encryption.
And you don’t actually keep a copy of your Key in your locks at home, do you? That would basically render the “Lock” concept useless.
Basically if you encrypt data with a passphrase or pin, it will generate a hash based on that PIN and use that Hash as an encryption key. This using Symmetric encryption will allow you to use the same PIN or Passphrase to re-hash the key and decrypt the data.
So, no, you do not store the Key. Not in RAM, not in ROM, not in Disk, not in paper. That would defeat the whole purpose.
Re: Re: Re:2 Re:
“And you don’t actually keep a copy of your Key in your locks at home, do you? That would basically render the “Lock” concept useless.”
tHE ENCRYPTION IS in THE LOCK..and can be bypassed very easily..in MOST cases..I can show you the videos..
But, without the hash, the system crashes,..,and there is no recovery.
the LOCK is the program..and you insert the KEY..and its decrypted AS NEEDED using only the key. There is no pattern except the KEY. Which requires no HASH.
BUT if you know HOW Algorithm WORKS, you can look for the Password in the DATA…unless someone SPREADS the KEY across the WHOLE of the DATA, its very easy to find..
Like the key to a LOCK, if you take the Tumblers and spread them ALL OVER THE HOUSE, you wont get the lock OPEN, its in parts..
ANd there is a difference in OPENING a door, and encryption.. Just using a password to OPEN the device/door is little or nothing..Encryption requires that the Key be used to READ the data..and this can Slow a machine down to a CRAWL. And does NOT tell you that OTHER encryption is NOT used for other programs..
A Keyt to open the door lets you in, but Even individual encryption on EACh protected file could cause ALLOT of havoc..
But it is enough to be worth killing people over (see various Snowden leaks regarding the NSA targeting drone strikes based on presence of particular phones at the site, rather than obtaining definitive evidence confirming that the intended target is present).
Alternately, if it isn’t generating conviction-worthy evidence, why does the government have such a problem with increasing the barrier to obtaining metadata (see the extensive efforts to use Stringrays without accountability and proper informed authorization)? According to this, they aren’t usefully using the metadata anyway, so they should surrender it freely.
Imagine If You Had A Constitutional Amendment Enshrining Your Right To Bear Encryption ...
… would you even be having such a debate?
“Encryption doesn’t kill people! People kill people!”
Legal authority!
Maybe if they keep repeating this phrase enough times it will make everyone forget that encryption is partly a response to all the illegal access carried out by law enforcement agencies.
Gesture of goodwill ...
Maybe, to demonstrate his good intentions and show that the new FBI can be trusted, Mr Wray could go ahead and publish all National Security Letters the FBI has issued so far, and instruct his agency to wave the use of the ‘National security’ catch-all defense the FBI likes to use when it prefers to not have its own conduct scrutinized by third parties.
You know, just to show that the new FBI accepts the constitution as paramount and respects the authority of the courts.
"If hacking into phones can't scale, "
They say it doesn’t scale. The problem is actually that they are unwilling to become an institution, where it doesn’t have to.
Creative numbers?
“…the FBI was unable to access the content of approximately 7800 mobile devices…”
Nothing here mentions encryption. A phone that was lost or destroyed would count as being unable to access content. What – if any – creativity was employed in this number?
Nuts!
FBI Director Complains About Encryption, Offers To Sacrifice Public Safety In The Interest Of Public Safety
Isn’t this special after FBI is finished destroying people’s lives "playing" the 302 perjury trap game FBI director Christopher Wray would like to give his tax-feeders the ability to peruse every American’s personal data at leisure by having the worthless fractions of American turd stains in congress legislate an end to data encryption.
There is only one reply to such an authoritarian power grab on behalf of the US government, quoting Brig. Gen. Anthony C. McAuliffe’s reply to the Nazi’s at the Battle of Bastogne 22Dec1944:
Nuts
Gen McAuliffe’s reply in full:
"December 22, 1944
To the German Commander,
N U T S !
The American Commander"
Every American citizens reply to such an egregious/unconstitutional power grab by the US government and it’s various pliably supine lickspittles should be as follows:
"December 11, 2017
To the US government,
N U T S !
The American Citizens"
https://www.army.mil/article/92856/the_story_of_the_nuts_reply
Nuts! In using our sons/daughters as poverty draft cannon fodder in your elective wars based wholly upon lies.
Nuts! In creating the total surveillance state.
Nuts! In hiding your many crimes behind bogus national security exemptions.
Nuts! In creating a fraudulent health insurance scheme (ie America Cares Act) that aptly named would be titled: No Health Insurer Left Behind.
Nuts! In stealing trillions of dollars in bailing out you banker buddy criminals.
Nuts! In allowing lobbyists and corporations to write their own legislation.
Nuts! In bankrupting an entire continent in you vain glorious quixotic quest for world domination.
Nuts! In your tax and deficit spend schemes.
Nuts! In completely abdicating your oaths of office.
Nuts! In allowing the use of torture.
Nuts! In allowing torturers and those that ordered torture to walk free and retire comfortably and collect pensions.
Nuts!
Cast off the repressive yoke of a criminal US government.
Torture works.
Metadata
> Metadata isn’t enough to generate evidence needed for convictions.
It is, however, enough to kill according to Michael Hayden.