FBI Director Still Won't Say Which Encryption Experts Are Advising Him On His Bizarre Approach To Encryption

from the perhaps-there's-a-reason-he-won't-say... dept

For the past few months, we've talked about how FBI Director Chris Wray has more or less picked up where his predecessor, James Comey, left off when it came to the question of encryption and backdoors. Using a contextless, meaningless count of encrypted seized phones, Wray insists that not being able to get into any phone the FBI wants to get into is an "urgent public safety issue."

Of course, as basically every security expert has noted, the reverse is true. Weakening encryption in the manner that Wray is suggesting would create a much, much, much bigger safety issue in making us all less safe. Hell, even the FBI used to recommend strong encryption as a method to protect public safety.

Last month, we wrote about a letter sent by Senator Ron Wyden to Wray, simply asking him to list out the names of encryption experts that he had spoken to in coming to his conclusion that it was possible to create backdoors to encryption without putting everyone at risk.

I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.

Technically, Wray still has a week or so to answer, but earlier this week during an open Senate hearing involving the heads of various law enforcement and intelligence agencies, Wyden asked Wray when he might get that list and Wray sidestepped the question entirely, other than saying he'd discuss it later (in a closed session):

If you can't see that, here's my quick transcript (though I do recommend watching the video just to see the smartass smirk on Wray's face through much of it).

Wyden: On encryption. Director Wray, as you know, this isn't a surprise because I indicated, I would ask you about this. You have essentially indicated that companies should be making their products with backdoors in order to allow you all to do your job. And we all want you to protect Americans and at the same time, sometimes there are these policies that make us less safe and give up our liberties. And that's what I think we get with what you all are advocating which is weak encryption. Now this is a pretty technical area, as you and I have talked about it. And there's a field known as cryptography. I don't pretend to be an expert on it. But I think there is a clear consensus among experts in the field against your position to weaken strong encryption. So I have asked you for a list of the experts that you have consulted. I haven't been able to get it. Can you give me a date this afternoon when you will give me... this morning, a sense of when we will be told who are these people who are advising you to pursue this route. Because I don't know of anybody who is respected in this field who is advising that it is a good idea to adopt your position to weaken strong encryption. So can I get that list?

Wray: I would be happy to talk more about this topic this afternoon. My position is not that we should weaken encryption. My position is that we should be working together -- the government and the private sector -- to try to find a solution that balances both concerns.

Wyden: I'm on the program for working together. I just think we need to be driven by objective facts, and the position you all are taking is out of sync with what all the experts in the field are saying and I'd just like to know who you all have been consulting, and we'll talk more about it this afternoon.

So, a few points on this. First, Wray doesn't answer the actual question of when he'll be giving Wyden a list, but rather suggests he'll discuss this topic in the closed session. But the question of when he'll be delivering his list of experts he's consulted shouldn't be a classified piece of information. It's just a date. Second, Wray immediately misrepresents the issue, by saying he's not asking to weaken encryption. Because he has to realize by now that that's exactly what he's asking to do. If he doesn't recognize that then it's clear he doesn't understand the first thing about how encryption actually works. Third, he's incorrectly talking about "balancing both concerns." But there's no balancing question here. It is not a "balance" between "security" and "civil liberties" as some keep trying to make it out to be. This is a concern between good security and bad security that makes everyone less safe (oh, and also has the potential to violate civil liberties).

It does not inspire confidence to have Wray have trouble answering such a basic question and then totally misrepresent how this all works, even in his two sentence answer.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • icon
    Anonymous Anonymous Coward (profile), 15 Feb 2018 @ 9:28am

    Do the Hand Jive

    Or, it's a matter of embarrassment. How does one introduce sock puppets in an open forum? Doing so in a closed session would preclude those with clearances to attend those session from disclosing sock puppetry. How many shades of red can Wray turn?

    reply to this | link to this | view in chronology ]

    • identicon
      Machin Shin, 15 Feb 2018 @ 10:44am

      Re: Do the Hand Jive

      I am betting he is trying to stall because if he did somehow find someone to agree with him they probably demanded their name not be mentioned.

      Anyone even close to an "expert" would know that being named on that list means your career in cryptography is done.

      reply to this | link to this | view in chronology ]

      • identicon
        David, 16 Feb 2018 @ 1:35am

        Re: Re: Do the Hand Jive

        I am betting he is trying to stall because if he did somehow find someone to agree with him they probably demanded their name not be mentioned.

        More likely he wants to protects his sources. Imagine someone kidnapping his pet rock.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2018 @ 9:49am

    because he is trying to use BS to baffle brains but finding it dont work! there are no 'experts' available, let alone to him! all he will accomplish is the 'IRONHAND' program that Dewy had in Jason Bourne, everyone watched all the time but instead of making everyone safer, putting millions at risk because NO ONE SHOULD HAVE THAT ABILITY OR POWER!!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Feb 2018 @ 10:01am

      Re:

      how about this Wray: have your techies create a new encryption scheme (with a master key held by the FBI) to put on all FBI phones as a pilot. Lets see how long it lasts before its hacked or the key is stolen.

      reply to this | link to this | view in chronology ]

  • icon
    NeghVar (profile), 15 Feb 2018 @ 10:02am

    Stick with an open-source encryption. A lot harder to sneak a backdoor into them.

    reply to this | link to this | view in chronology ]

  • identicon
    jim, 15 Feb 2018 @ 10:10am

    Bookmakers used to keep their records on flimsy paper that could be incinerated in seconds, if the police showed up. I don't recall the FBI demanding that the production of flimsy paper be outlawed.

    reply to this | link to this | view in chronology ]

    • identicon
      Machin Shin, 15 Feb 2018 @ 10:39am

      Re:

      Flash paper is really really fun to play with. Used in magic stuff mainly, but creates a pretty fireball and doesn't even leave ash behind. It would do well for writing things you want to be able to destroy in an instant... Just make sure to keep far from any sparks or flames till ready to destroy.

      reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 15 Feb 2018 @ 11:11am

    He's just protecting the identity of his best advisor... The Great Gazoo.

    reply to this | link to this | view in chronology ]

  • icon
    Rapnel (profile), 15 Feb 2018 @ 11:15am

    The entire premise is so fatally flawed on so many levels that it seems no different to me than the flat earth "argument".

    A refusal to believe in reality does not a new reality make.

    So, fuck math and science, I guess.

    reply to this | link to this | view in chronology ]

  • icon
    Ryunosuke (profile), 15 Feb 2018 @ 11:36am

    Hey Mike, here's the ultimate irony about that entire debacle. Earlier in that very same session, one of the senators... either King or Wyden (I forget which one.) asked everyone present whether they would recommend using Hwawei equipment. NONE of them would recommend it. The Irony is that the intelligence community (in general) doesn't like foreign companies spying on Americans, but the FBI director wants EVERYONE to spy on Americans

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2018 @ 12:23pm

    This sounds like the FBI should also work on "responsible gravity".

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2018 @ 12:24pm

    Wray: I have top men working on it right now.

    Wyden: Who?

    Wray: Top. Men.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 15 Feb 2018 @ 1:10pm

    For those that may not know..

    Some of you may not know this..
    But to update, modems, its required of the ISP to send the data to your modem.
    This requires little of you, and is done when major updates are needed. It does not give access to your systems. ANd should not.
    CHANGE the hardware abit, and you would have a PERFECT backdoor..except passwords, and Bypass ARE NOT GOOD THINGS.

    NOW, with the right equipment ANYONE can change the programming in the modem, and not access your computer..They can even TURN IT OFF..
    NOT saying that they CANT get into your computer, but that requires a few other things..VIRUS/SCRIPTING, MALWARE..and you allowing it to happen.
    KNOW your system..HOW its SUPPOSED to work, how fast it works, and how it ACTS...IF that changes, SCAN EVERYTHING until you find the problem..
    USE your own scanner, and MALWAREBYTES has a lazy scanner that does not work, until you ASK IT TO...Then a few other programs to clean up windows(I wont name them, as that would be MY CHOICES..)

    You are running SOFTWARE that you didnt not create, and ANY OF IT, can do ANYTHING they want...IF you allow it. If you get a warning, LEARN what the problem is..and WHY its happening..

    BROWSERS are not safe..LERN HOW to restrict them..

    reply to this | link to this | view in chronology ]

    • icon
      Ryunosuke (profile), 15 Feb 2018 @ 2:33pm

      Re: For those that may not know..

      I feel this should not be said, but we still have to. I think Ublock Origin, Ghostery, and HTTPS Everywhere should be mandatory on all browsers.

      reply to this | link to this | view in chronology ]

  • icon
    OldMugwump (profile), 15 Feb 2018 @ 1:13pm

    Is this the same FBI that doesn't want us to buy Chinese phones?

    ..because CCP might have installed backdoors in them?

    https://www.theverge.com/2018/2/14/17011246/huawei-phones-safe-us-intelligence-chief-fears

    So, we're not supposed to buy phones from Huawei or ZTE, but instead buy them from trusted American manufacturers who the FBI has backdoored?

    From my viewpoint as an American, I have a lot more to fear from the FBI than I do from the Chinese government.

    reply to this | link to this | view in chronology ]

    • icon
      OldMugwump (profile), 15 Feb 2018 @ 1:17pm

      Re: Is this the same FBI that doesn't want us to buy Chinese phones?

      ...hey, maybe the reason we're not supposed to buy Chinese phones is because the Chinese haven't backdoored them.

      At any rate, I'm not worried about getting SWATted by the People's Liberation Army.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2018 @ 1:36pm

    How often do we wake up to headlines regarding new severe vulnerability conveniently placed?

    It's time to stop mincing words. The FBI has already done it. The talking point is desperate effort to justify what they've already done before it comes to public light.

    Our existing options are swiss cheese blend of vulnerabilities from different intelligence/law-enforcement entities across the globe.

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 15 Feb 2018 @ 2:53pm

    FBI Director Wrong Wray on Encryption

    So I have asked you for a list of the experts that you have consulted. I haven't been able to get it. Can you give me a date this afternoon when you will give me... this morning, a sense of when we will be told who are these people who are advising you to pursue this route. Because I don't know of anybody who is respected in this field who is advising that it is a good idea to adopt your position to weaken strong encryption. So can I get that list?

    Rather than answer Senator Wyden's question in public during open session FBI director Wrong Wray has decided to hide his answer behind the pitch-dark veil of national security.

    reply to this | link to this | view in chronology ]

  • icon
    Get off my cyber-lawn! (profile), 15 Feb 2018 @ 2:55pm

    I'm not interested in weakening the Dam

    I just want to build a door from the wet side to the dry side which I can walk through at will. I know you are smart enough to build a single door that will hold back all that water, not let any through when I open it and still work just as well once it is closed again! You just aren't trying hard enough!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2018 @ 3:14pm

    Nostalgia 2 - The remake!

    I watched some video and the person said that back in the good ol' days that after getting into a PC first thing people did was fixing the backdoor/bug they exploited and all others, basically ran all the latest patches, while keeping their access open.

    So if the secure-backdoor-by-law is active, who is to say the same thing won't happen again? Giving full access to the first person in but cutting everyone else out? You can't advertise and run an honest DDoS botnet if someone/500 other ppl access the same systems.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2018 @ 3:22pm

    Weak vs Strong crypto

    Either crpyto works or it doesn't. If you are talking about "weak" or "strong" crypto, you are on Wingdings (imo strong crypto) territory.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 15 Feb 2018 @ 3:28pm

    Lies, damn lies, and statements by the FBI director

    It does not inspire confidence to have Wray have trouble answering such a basic question and then totally misrepresent how this all works, even in his two sentence answer.

    He's not having trouble answering it, he's refusing to because he knows he doesn't have anything to answer with.

    His 'experts' are figments of his imagination and I imagine both he and Wray know it, with his attempt at answering in a 'closed session' likely a mix of stalling for time and/or setting the stage to later claim that he did answer it, but since it was in a closed session of course he can't repeat it, and why is the senator continuing to bother him over it?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Feb 2018 @ 3:31pm

      Re: Lies, damn lies, and statements by the FBI director

      Closed session statement:
      "I read on the internet so it must be true"

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2018 @ 8:59pm

    Quirks and trickery in technical categorical nomenclature.

    Ring -3 hardware allows functional backdoor access with 'working' encryption. It's a trick of language- allow me to explain:

    Cryptographers cannot secure hardware or networks they have no access too, therefore is is unreasonable to say the encryption is 'broken', even though in a real world sense- it is. **it's not the encryption security that's broken, it's the device security** Think of it like this- a barred window on a house with a weak front door- when someone smashes down the door, you can't blame the window bars.

    The fbi know this- they're not stupid- these topics are presumably mired in NS issues... They literally CANNOT make their arguments in an completely honest way, because it would inform adversaries, and reveal capabilities and methodologies that are limited to the upper echelon's of intelligence agencies.

    The arguments they present further the agenda of gaining 'legitimate' access to such techniques (to reduce the need for parallel construction) and engaging in useful propaganda, while avoiding conflict with intelligence agencies.

    I implore anyone reading this to learn about ring -3 hardware, and read Ken Tompson's 'reflections on trusting trust' to begin to gain an understand on how complex and deep running the 'backdoor' problem really is.

    reply to this | link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 16 Feb 2018 @ 8:04am

    Once Wray is done balancing encryption concerns…

    he can then tackle balancing the lascivious proclivities of pedophiles against the desire for children to not be raped.

    reply to this | link to this | view in chronology ]

  • identicon
    Dave P., 16 Feb 2018 @ 10:57am

    Experts are generally correct.

    Following all this kerfuffle from across the pond (with one ear cocked to see if the lovely Mrs. May or the equally delectable Rudd might also be making similar noises), I find it incredible that these technically-ignorant politicians (with the exception of Mr. Wyden, who seems like a GOOD GUY) are more-or-less calling the experts liars. I can't recall any person in the encryption industry stating that safe back-doors can be implemented. Are they just plain brain-dead, or what? Just how many times do they have to be told that if the good guys can get in, so can the bad guys. I wonder if they would like their OWN correspondence or bank accounts hacked? It seems as if they have their fingers in their ears....."I can't hear you! Nah Nah Na Nah Nah".....Total idiots.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 16 Feb 2018 @ 11:57am

      "If you REALLY tried I'm sure you could make 2+2=5"

      Admitting that they've been calling for something that would be a disaster for security, and would put millions at risk is something they'd rather avoid. Much better to double-down and continue to insist that those experts are just lazy and focused on money, and don't really care about protecting the american public unlike the paragons and patriots who know full well that it can be done if the security hacks just nerd harder.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Feb 2018 @ 6:29am

    FBI Director Still Won't Say Which Encryption Experts Are Advising Him On His Bizarre Approach To Encryption

    I'm gonna go with MyNameHere and out_of_the_blue...

    reply to this | link to this | view in chronology ]

  • identicon
    Lawrence D’Oliveiro, 17 Feb 2018 @ 3:34pm

    I Can Give You A Likely Name

    How about Dorothy Denning. Way back in the (Bill) Clinton era, she defended the Skipjack algorithm, saying “The 5 of us who reviewed the algorithm unanimously agreed that it was very strong”.

    Only when it was later declassified (and the Clipper chip abandoned), it turned not not to be so strong.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2018 @ 6:25pm

    Secret experts, after secret courts in the "land of the free".

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.