FBI Boss Chris Wray: We Put A Man On The Moon So Why Not Encryption Backdoors?

from the yeah-ok-then dept

Despite the FBI finally admitting it had greatly exaggerated the number of encrypted devices it can't get into, FBI Director Chris Wray keeps pushing the "going dark" theory to whoever will listen. This time it was NBC's Lester Holt. In an interview during the Aspen Security Forum, Wray again hinted he was moving towards an anti-encryption legislative mandate if some sort of (impossible) "compromise" couldn't be reached with tech companies. (Transcription via Eric Geller.)

I think there should be [room for compromise]. I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear.

The "compromise" Wray wants is simple: if law enforcement has a warrant, it gets access. The solution isn't. To weaken or backdoor encryption to serve law enforcement's needs makes everyone -- not just criminal suspects -- less safe. If a hole can be used by good guys, it can be used by bad guys. And even the best guys can't prevent their tech tools from making their way into the public domain. Just ask the NSA and CIA. In the case of the NSA, leaked exploits resulted in worldwide ransomware attacks.

Wray pitches an impossibility by portraying it as a lack of effort by the tech industry. The tech industry -- the one with all the "brightest minds" -- have been consistent in their stance. A hole for one is a hole for all. There's no such thing as securely-compromised encryption. Wray's response has also been consistent: they're just not thinking hard enough. The only "compromise" pitched by members of the tech sector is basically re-skinned key escrow -- the thing that went out of fashion with the death of the Clipper Chip.

Wray's pitch now includes an appeal to the modern wonders of the world, as if these examples change the equation at all:

We're a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can't solve this problem as a society -- I just don't buy it.

First off, bringing the space program into this is ridiculous. All it does is demonstrate the government has access to some of the best minds, but Wray expects the private sector to provide, maintain, and bear the expense of a law enforcement-friendly encryption "solution." (And if it fails to deliver, Wray's more than willing to ask the government to force the private sector to play ball.)

Second, putting a man on the moon was the side effect of a Cold War cock-measuring contest with the USSR. While the nation has derived many benefits over the years from the space program, the "man on the moon" mission was a way of expressing superiority and implying that our weaponry was similarly advanced. The US government showed the world how powerful it was. I don't think that's the analogy you want to make when discussing personal device encryption.

And third, the whole "putting a man on the moon" analogy was solidly mocked on John Oliver's program two years ago when he quoted cryptography expert Matt Blaze accurately saying, "When I hear 'if we can put a man on the moon, we can do this' I'm hearing an analogy almost saying "if we can put a man on the moon, surely we can put a man on the sun.'" Not every issue is the equivalent of putting a man on the moon.

While the others listed are private sector achievements, they're simply not good comparisons. Encryption methods continue to advance in complexity and ease-of-use. This is innovation, even if it's innovation Chris Wray doesn't like. Each of the innovations listed solved problems and created markets. In this case the problem is device security. Encryption solves it. Who wants secure devices? Everyone who buys one.

The rise of smartphones has seen users replace their houses with handheld devices as the primary storage for a life's-worth of documents, along with access to a great deal of financial and personal info. Device makers want to ensure a stolen phone doesn't mean a stolen life. Wray (and others) don't want to do anything more than obtain warrants to scrape the digital innards of devices they seize. In other words, when the FBI encounters a locked safe in someone's house, Wray would believe it's the manufacturer's fault for the safe failing to unlock immediately in the presence of a search warrant.

Still, Wray believes society as a whole would be better off with weaker encryption because sometimes terrorists and criminals use encryption.

Because to the extent that the bad guys have shifted more and more to living their whole lives through encrypted devices and encrypted messaging platforms, that if we don't find a way to access that information with lawful process, we're in a bad place as a country.

Default encryption has been around for a few years now and there's no evidence we're less safe as a nation. Very few prosecutions have been dead-ended because investigators couldn't get into a phone. The problem is presented as swiftly-growing and inevitable, but there's been nothing delivered as evidence of these claims. The FBI has continually pointed to its growing pile of locked devices as Exhibit A in the War on Encryption, but has never presented anything at all to give these claims of diminishing public safety any credence. All we know for sure at this point is the FBI can't count. It used a wrong number (~7,800) to push the narrative and still expects us to believe it after it admitted this count was nearly four times higher than the actual number of devices in its possession.

Wray needs to stop complaining about the tech sector until his own agency can demonstrate its ability to approach the issue with facts, verified numbers, and intellectual honesty.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • icon
    hij (profile), 25 Jul 2018 @ 8:02am

    Corporations are people too?

    Corporations have first amendment rights when it comes to giving money to political campaigns, but they have no rights to make their own decisions when it comes to obeying arbitrary commandments from law enforcement. That seems awfully convenient.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 25 Jul 2018 @ 8:24am

    "FBI Boss Chris Wray: We Put A Man On The Moon So Why Not Encryption Backdoors?"

    We put a man on the moon surrounded by several layers of equipment to allow them to keep breathing securely. Life encryption since we are at it with bad analogies.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 9:38am

    I say let him have ALL the back-doors he wants to MS and Apple. That will give geeks all the more reason to switch to and use Linux.

    reply to this | link to this | view in chronology ]

    • identicon
      bob, 25 Jul 2018 @ 9:49am

      Re:

      But what about my games!!!

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 10:43am

      Re:

      And what about those who aren't geeks?

      Also, what about when the law that applies to MS and Apple gets made to apply to Linux distros as well? Regardless of the infeasibility of forcing this type of thing on Linux, it would make life just that much harder for everyone involved in it.

      Better for it to never happen at all.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 26 Jul 2018 @ 2:07am

        Re: Re:

        "And what about those who aren't geeks?"

        Use Ubuntu or some other desktop-focussed distro. For many tasks, some are easier than Windows, especially if you wish to avoid Metro interface crap. The only problems the average user will have is they just *have* to play AAA games or use X proprietary software title rather than accept the stuff that's natively available on the platform.

        "Also, what about when the law that applies to MS and Apple gets made to apply to Linux distros as well?"

        Well, that's the obvious flaw in the plan. Yes, the open source nature of the OS means that people could easily bypass the restrictions, but once it becomes illegal on there, then we're back to a minority using it.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 9:41am

    I'm sitting down here in the comments section after reading the article and the only thing I can think of "Is this the first time the term 'cock-measuring' has been used on Techdirt?"

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 25 Jul 2018 @ 9:43am

    THATS_NOT_HOW_ANY_OF_THIS_WORKS.GIF

    reply to this | link to this | view in chronology ]

  • identicon
    bob, 25 Jul 2018 @ 9:48am

    FTFY

    We're a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can't solve this problem of appointing people with the ability to think logically and be technically inclined in public office -- I just don't buy it.

    reply to this | link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 25 Jul 2018 @ 9:49am

    As a society

    "[T]he idea that we can't solve this problem as a society -- I just don't buy it."

    As a society the problem is easy to solve. Respect people, respect privacy, respect the Constitution.

    For authoritarian's working on authoritarianism the problem is society. That is what is so hard to solve, we are in their way.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:01am

    We put a man on the moon, so why can't we make 1+1=3?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 11:51am

      Re:

      We put several competent men on the moon, so why can't we put a few in Earth-based positions of leadership?

      reply to this | link to this | view in chronology ]

    • icon
      ShadowNinja (profile), 25 Jul 2018 @ 1:23pm

      Re:

      But we've done it over 7 billion times. How else do you think babies are made?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 7:44pm

      Re:

      We put a man on the moon, so why can't we make 1+1=3?

      Just make a law declaring 1+1=3. Easy peasy, the FBI way.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 11:52pm

      Re:

      I'm guessing the Apollo missions used little to no encryption.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 26 Jul 2018 @ 3:25am

        Re: Re:

        True, but unless you knew the order and meanings of the values being transmitted, the telemetry was pretty meaningless, as there was no markup, just framing markers and streams of data.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 26 Jul 2018 @ 4:03am

          Re: Re: Re:

          Good old security through obscurity. Maybe we all need to go back to speaking in code, you know, just in case:

          "Warrant came through boss, we can now access their communications"

          "Great! what are they saying?"

          "Not sure boss.. they keep saying Yeet."

          "That has to be drugs. Call the SWAT team!"

          (Disclaimer: I'm so not down with the kids)

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 26 Jul 2018 @ 5:10am

            Re: Re: Re: Re:

            Good old security through obscurity.

            More a case of what was by modern standards extremely limited computers. Like you phone has far more computing power than the control room had to route and display all the incoming data. Marking up the data was not an option, never mind encrypting the data.

            The Apollo program happened at the tail end of the era where a room full of computers meant a room full of human with paper, pencil and slide rule, and they were used by the program.

            reply to this | link to this | view in chronology ]

    • icon
      Jeremy Lyman (profile), 26 Jul 2018 @ 4:48am

      Re:

      Yes, it's not just that the math doesn't work out, it's that the philosophy of the request doesn't work. He might as well ask "why can't we put the sound of one hand clapping on the moon?"

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:02am

    Very few prosecutions have been dead-ended because investigators couldn't get into a phone.

    Even this is conjecture. We have no way of knowing whether "getting into a phone" would have resulted in a successful investigation. Chances are they still would have dead-ended.

    reply to this | link to this | view in chronology ]

    • icon
      SteveMB (profile), 25 Jul 2018 @ 12:44pm

      Re:

      If any significant (i.e. involving a real threat to public safety rather than an arbitrary technical violation) criminal case had been blocked by encryption, the news would have been blasted all over the place like the latest antics of Paris Hilton or the Kardashians in their heyday.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:03am

    Wray's arguments (as presented in this article) are just as valid for arguing that we need to backdoor human brains.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:05am

    Chris Wray doesn't understand

    that none of putting a man on the moon, flying, or autonomous vehicles involving violation of mathematical principles. In fact, if we attempted to do any of those listed activities using math as Chris seems to envision it, then we would have failed.

    reply to this | link to this | view in chronology ]

  • icon
    stderric (profile), 25 Jul 2018 @ 10:06am

    Wray needs to stop complaining about the tech sector until his own agency can demonstrate its ability to approach the issue with facts, verified numbers, and intellectual honesty.

    If they could do that, there wouldn't be an issue to discuss. They'd just shut up and move on.

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 25 Jul 2018 @ 10:06am

    It seems so simple

    Why can't we simply have secure systems that are insecure?

    And why can't we have insecure systems that are secure?

    But in typical government fashion, why can't black be white while still being black?

    And up can be down, but still be up.

    When you're up, you're up.
    When you're down, you're down.
    When you're only halfway up
    [_] You're neither up nor down
    [_] You need a different pull up resistor
    [_] Your flip-flop is broken
    [_] You're using base 3
    [_] Is a superposition of two states
    [_] You haven't had enough to drink
    [_] Viagra or Cialis
    [_] Is a topic of ongoing study and research not yet sufficiently explored
    [x] You're like an orange clown

    When you're neither up nor down is when your winnings equal the amount you've spent betting so far.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:08am

    Once again, with feeling

    You can have the most advanced tech possible, you can fuck around with math as much as you want - but what it will not do is be idiot-proof for Wray and his goons to use without inevitably leaking where they don't want leaks.

    Wray is a child throwing a tantrum because his parents won't let him buy a unicorn-powered atomic bomb.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 10:11am

      Re: Once again, with feeling

      Great. Now I really want a unicorn-powered atomic bomb.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Jul 2018 @ 6:56pm

        Re: Re: Once again, with feeling

        Funny as those prospects are, it does underscore the danger of what Wray is asking for.

        What Wray wants is not only something that he and his mooks lack the responsibility for, a trait he has demonstrated repeatedly - but also something under conditions that flat out don't exist.

        Worse still, his reasoning is literally "I believe Mommy and Daddy can do anything and them refusing to give me my weapon of mass destruction is just thing being big fat meanies".

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:13am

    I think there is two or three other arguments to be made other than "If a hole can be used by good guys, it can be used by bad guys".

    A: If access is supposed to need a warrant, what is preventing access when there is no warrant? logicly a system could be implemented to check for one. Yet I don't think any law enforcement or government agency would be happy about that. If such a system was implemented, people would find ways around it.

    On a similar note, this brings a problem when courts rubber stamp warrants. Given that information, it undermines the warrant requirement.

    B: most likely, for this kind of change to take effect phones are going to need to be updated. Meaning the change is arguably useless on the phones the FBI already has, as they are locked out and thus can't update them.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 11:11am

      Re:

      A: Like every other thing that requires a warrant, only the legal permission to access said thing requires the warrant, the physical ability to access it is an entirely separate thing. Doors do not respond to the physical presence of a warrant any more than phones will.

      Similarly, if the warrant process is no longer doing it's job, then there are much broader systematic issues than this particular one. If the courts are not enforcing warrant requirements, then there is no reason they would be enforcing Habeus Corpus requirements either and we are thus actively living in a police state. At which point these legal and political fights are no longer particularly relevant.

      B: You have misread law enforcement's argument. The FBI is not saying "We need this change made so that we can get into this big pile of phones," they are saying "We need this change made so that this pile of phones won't continue to increase in size in the future."

      reply to this | link to this | view in chronology ]

      • icon
        SteveMB (profile), 25 Jul 2018 @ 12:47pm

        Re: Re:

        Given how fast the "pile of phones" shrank from about 7000 to about 1000, there's no need to do anything; the problem is vanishing all by itself.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 26 Jul 2018 @ 4:36am

          Re: Re: Re:

          The problem isn't these reported numbers constantly changing and making no sense to us here (See also: two people throwing one rock in the general direction of 6 ICE officers = 12 incidents)

          It's why they do it (money) and who actually listens to it (the people giving them money)

          reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 26 Jul 2018 @ 2:12am

      Re:

      "A: If access is supposed to need a warrant, what is preventing access when there is no warrant?"

      Nothing. But, just because authorities can enter my home if they get a warrant, that doesn't mean I shouldn't be able to use the strongest locks available to deter burglars.

      "B: most likely, for this kind of change to take effect phones are going to need to be updated."

      They are. Constantly. Which is actually why we're having this argument to begin with - Apple changed to strong encryption by default in the OS, whereas before it either needed an app or was an optional OS feature.

      reply to this | link to this | view in chronology ]

  • icon
    Blaine (profile), 25 Jul 2018 @ 10:13am

    We do have Secure Encryption Backdoors!

    But we accidentally left them on the moon.

    Oh, and they can only be retrieved by the current FBI Director, in person.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:15am

    We're a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can't solve this problem as a society -- I just don't buy it.

    And in all those enterprises there was no backdoor requirement which went counter to what the technology was aiming at. Encryptions is meeting its objectives if only the sender and receiver, or owner of the device can get at the contents, it is compromised if anybody else has a key to get at the contents.

    Besides which, all this going dark is returning law enforcement to the situation that existed before all these computers came along, and that is nobody stored incriminating evidence for law enforcement to gather.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:43am

    We're a country that has unbelievable killing powers.

    We're a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can't solve this problem as a society -- I just don't buy it.

    We're a country that has unbelievable killing powers. We kill animals. We sometimes kill humans. We even can kill time. [T]he fact that we can't kill this escrow idea as a society -- I just don't buy it.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 10:47am

    Man on the Sun

    "..."if we can put a man on the moon, surely we can put a man on the sun."

    Now, THAT analogy is actually quite good for broken cryptography. Backdoored encryption would be very much like putting us ALL on the sun. It CAN be done but with a similarly low projected survival factor.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 11:37am

      Re: Man on the Sun

      All law-abiding citizens of the United States (and Australia and New Zealand and Britain and some others but not all countries) including all law-abiding citizens in legislation, law enforcement, courts, government, military, finance, power plants, traffic, hospitals - in those countries.

      All devices manufactured or sold (legally) in those countries.

      All law-abiding people abroad who still travel to those countries. And all their communications with law-abiding people in those countries.

      That backdoor would be one hell of an espionage target if there were any spies who do not abide by the law.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 25 Jul 2018 @ 6:32pm

        Re: Re: Man on the Sun

        That backdoor would be one hell of an espionage target if there were any spies who do not abide by the law.

        Thankfully as everyone knows spies a scrupulous in obeying any and all laws, even laws in other countries, and even when violation of them would provide a previously unthinkably large treasure-trove of intel that could be used for countless things like blackmail, corporate espionage and/or political gain.

        reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 25 Jul 2018 @ 12:19pm

      Re: Man on the Sun

      From Wray's perspective that's simple, just go at night.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 12:03pm

    "We Put A Man On The Moon So Why Not Encryption Backdoors?"

    Because one is possible while the other is not.

    reply to this | link to this | view in chronology ]

  • identicon
    Patrick, 25 Jul 2018 @ 12:34pm

    They'd rather sit on their thumbs and hope for a precedent setting ruling (like they did with Apple) instead of buying something like Grey Key that can unlock most phones including newer iPhones.

    reply to this | link to this | view in chronology ]

  • icon
    crade (profile), 25 Jul 2018 @ 12:35pm

    "[T]he idea that we can't solve this problem as a society -- I just don't buy it"

    We can solve this problem as a society. We have solved this problem as a society. People can communicate privately, law enforcement can enforce. Stop pretending something has changed and suddenly you can't enforce the law and allow the possibility of private conversations at the same time.

    There, Problem solved. Now you we can discuss all the great ways technology has made forensics better and more reliable.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 12:51pm

    According to the NASA page, 9 Apollo missions (27 people) got to lunar orbit or thereabouts.

    According to Quora, the Apollo program cost 25.4 billion 1973 dollars, and a project dollar then is about 4 project dollars now.

    So if Mr. Wray can pony up 3 or 4 billion dollars per person I'm sure that we can get something that meets his requirements set up, especially if some of that goes to paying people to use it.

    reply to this | link to this | view in chronology ]

  • icon
    Darkness Of Course (profile), 25 Jul 2018 @ 1:28pm

    Comey the Crypto Clown, V2

    Quote:
    Wray needs to stop complaining about the tech sector until his own agency can demonstrate its ability to approach the issue with facts, verified numbers, and intellectual honesty.


    Well, first off that ain't gonna happen at our FBI. Comey the Crypto Clown (aka C2CC) started blowing this particular trumpet and Wray must feel the need to perpetuate the lies. Possibly these are signs that it's a systemic infection and only excising the offending organisms will allow the FBI to consider honoring their oaths.

    reply to this | link to this | view in chronology ]

  • icon
    lars626 (profile), 25 Jul 2018 @ 1:44pm

    If is is so easy why doesn't he have the NSA create a system to make it work. Said system would need to be open source so that it can be inspected and verified by all parties. Simple, right?

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 25 Jul 2018 @ 2:07pm

      Re:

      Couple of problems with that. NSA does not report to Wray, he could ask, but the laughing would be louder than the laughing here. Second, NSA making open source code? Right.

      Please share. We all want some of what you are taking/smoking/inhaling. Well, some of us do, that is some of us might. There are certain AC's that might benefit, though they might benefit more if they listened to actual doctors (a.k.a. psychiatrists, who can prescribe where as psychologist cannot).

      reply to this | link to this | view in chronology ]

      • identicon
        Thad, 25 Jul 2018 @ 2:47pm

        Re: Re:

        Second, NSA making open source code? Right.

        https://en.wikipedia.org/wiki/Security-Enhanced_Linux#History

        reply to this | link to this | view in chronology ]

        • icon
          Anonymous Anonymous Coward (profile), 25 Jul 2018 @ 3:22pm

          Re: Re: Re:

          OK, they do participate in Open Source development, at least so long as it helps them.

          Then they do other things that may or may not be Open Sourced:

          The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements. The reference implementation included a general-purpose security policy configuration designed to meet a number of security objectives as an example of how this may be done. The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.

          There is still much work needed to develop a complete security solution. Nonetheless, we feel we have presented a good starting point to bring valuable security features to mainstream operating systems. We are looking forward to building upon this work with other developers and users. Participation with comments, constructive criticism, and/or improvements is welcome.

          I bet there are many other things that they do that are not Open Sourced, and they won't confirm or deny that, though those who know how will find out...eventually. I do not expect them to give any hints.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 2:05pm

    The final solution

    Wray seems to think if he lies long and loud enough it will become true. The final solution is to put Wray on the moon and leave him there to ponder the issue.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jul 2018 @ 11:23pm

      Re: The final solution

      "The final solution is to put Wray on the moon and leave him there to ponder the issue."

      No, no - put him on the sun. He'll work out his answer MUCH faster.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 2:24pm

    Looking past the various problems (and there are thousands) with backdoors, "golden good guy secondary front doors", "unicorn a-holes", "alternative front-back doors", or whatever they want to call it right now; I simply do not trust those people to act within the bounds that would be set for them or to be able to keep any access from leaking.
    Here is a question: If this is such a manageable problem to keep information secure with backdoors, how come you suck so badly at security without them?
    You can freaking start by cleaning up your own crap first and then we'll talk.
    Here is another demand: All law enforcement in the country must agree to having their passwords logged at every point... that includes your home devices. When none of you use passwords in the top 100 of the easy to guess and break list, then we can start to give an ounce of trust towards that you might be educated enough to handle such powerful tools without 1. Sharing accounts. 2 Using admin as username and Admin123 (or similar) as password for accessing deeply private information about us. 3. Writing passwords down on sticky notes on monitors. 4. Having two-factor authentication turned off on your account because it is annoying. 5. Leaving work devices open for all to see and peruse. 6. Using common secure ways to access and store data.
    I know any system would hopefully be more secure than just a login, but if they cannot even handle the basics, then it means nothing.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 25 Jul 2018 @ 2:29pm

    The "going dark" discussion should be tabled...

    ...until law enforcement agencies have a long running record of few-to-no violations of the rights of the public. So long as the FBI continues seeking to entrap (literal) retards in terrorist-gaslighting sting-ops, it doesn't deserve the trust of the public. So long as ICE and the DEA are active, they are an enemy to the public, seeking only to do damage for direct gain of their agents.

    They can have our crypto keys when they pry them from our cold, dead brains.

    Incidently it's infinitely more likely we develop that technology than we do crypto that is backdoored and secure. Divide-by-zero and all.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 25 Jul 2018 @ 5:07pm

      Re: The "going dark" discussion should be tabled...

      "We'll think about giving you new toys when you can demonstrate responsibility with the ones you already have"?

      Makes sense, though in that case they'd be waiting a long time for any new toys to come their way if recent history is anything to go by.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 25 Jul 2018 @ 2:30pm

    Not know for sure..

    Im not to sure about something..
    But I DO KNOW that encryption SLOWS things down allot.
    If you Tottally encrypt a device, everything must run threw decryption Before it can be run.
    Our smart phones are NOT the most powerful things int he world. And even with Windows you would add about 2-3 times the startup times of games and programs.

    Even if its an hardware inclusion, and the Chip does all the work, its still NOT a fast thing to do.
    But if its PART of the hardware process, then its NOT REAL encryption. Its part of the programming, and PROBABLY fairly simple. because you DONT want to lsow things down. Esp when you answer the phone.

    there are 3rd party programs that have little to do WITH the main builder/maker/Cellphone corp/Apple/Android..So WHY are they bitching at these folks to FIX IT??
    Its easier to Encrypt only certain things on your phone, WHY do it all, it just Slows everything down if you need to read/see/run it..

    General password protection Should not be encrypting anything. Its just a password to allow access.. are these folks messing up the words on purpose??
    I can see that IF' you mess up on the password, that the phone gets LOCKED DOWN HARD, but beyond that, full encryption would take time and effort...unless you did it on the cheap, and just SHIFTED the blocks 1-2 bits just to complicate things..WHICH still takes abit of time.

    And abit of tech will tell you that we CAN copy the ram/roms inside to another phone to see what we can do, even to another device that has little or NO security..

    So what is the problem here??

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 2:45pm

    Surely we put a man on the moon BECAUSE we understood basic child-level maths and common sense?

    Apparently the CIA and FBI are now run by actual functionally sub-normal, dangerous idiots who can't even grasp very basic simple facts a 10year old could see.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 5:32pm

      Re:

      I'm pretty sure it takes a bit more math than you allude to.

      reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 25 Jul 2018 @ 6:31pm

      Good math skills may have narrow application

      A relative of mine is one of the great astronavigators of the 20th century, called upon to plot the paths of missions like Pioneer, Galileo and Voyager...

      And today he's a Trump true-believer. When it comes to government and civilization, he cannot think past his own wallet, even knowing full well his own career was government sponsored. He's a supergenius who has mastered sophisticated mechanics mathematics, and yet takes Trump at his word.

      I don't get it, given he taught me a lot about thinking critically. It breaks my heart.

      Oh yeah, he also helped put up several of our climate-study satellites. He totally gets the rising existential risk of global warming. Doesn't faze him that Trump is a total denier. The cognitive dissonance, it burns us!

      reply to this | link to this | view in chronology ]

  • identicon
    any moose cow word, 25 Jul 2018 @ 2:59pm

    "We Put A Man On The Moon So Why Not The Sun?"

    FIFY

    reply to this | link to this | view in chronology ]

  • identicon
    John, 25 Jul 2018 @ 3:30pm

    Two issues to back dooring encryption.

    1: Any company the complies with the "back door" requirements will demand full indemnity from the demanding authority - Federal, State, County, Municipality, etc.
    a: The encryption will be broken - by definition the hackers will spend tons of effort to break it.
    b: Once broken the original manufacturer will be required to re-engineer a new encryption with a new back door - expensive.
    Once re-created the software must be distributed to the entire user base - expensive.
    Then the clock starts again.
    This chase the tail scenario will continues until the "entity" finally realizes that a "back door" is not worth the time, expense nor hassle.
    ---
    2: Encryption is not a secret, there are MANY ways to build an encryption software, and they ALL are designed from some mathematical algorithm.
    Most if not all are already in the hands of mathematicians in most if not all nations. What is to prevent some software maven from creating a encryption software application with out a back door - nothing. Once built and offered to the populous anyone can buy and use it. Proof - PGP! There is really no way to prevent this from happening.
    ---
    So much for Back Door!

    reply to this | link to this | view in chronology ]

  • identicon
    Ed, 25 Jul 2018 @ 3:33pm

    Let's get this straight

    If I put a document in a safe, and Wray suspects me of a crime, he wants to get a warrant for the safe company - not me?

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 25 Jul 2018 @ 4:39pm

    "And don't even get me started on closed windows!"

    Because to the extent that the bad guys have shifted more and more to talking in person and using forms of communication that don't rely on encryption, that if we don't find a way to access that information with lawful process, we're in a bad place as a country.

    Among the many problems with his rampant incompetence and dishonesty(I don't believe for a second that he's had the job longer than a week and doesn't understand what he's actually asking for), what he's really demanding is that the companies be required to cripple a security feature that protects millions, just so his buddies with badges can snoop around easier.

    They have never had access to everything, and even trying to give them what they're childishly demanding stands to put millions at risk, causing vastly more crime than it would ever prevent while at the same time doing enormous damage to privacy.

    If they can't deal with having limits then they can quit and let someone competent and who actually does care about public safety and security take the job.

    reply to this | link to this | view in chronology ]

  • identicon
    Warr, 25 Jul 2018 @ 6:15pm

    The industry will deliver encryption that can only be broken with a valid warrant as soon as law enforcement arms their agents with bullets that can only shoot criminals.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 25 Jul 2018 @ 6:26pm

      'If shot by law enforcement = Criminal.'

      That's easy enough, just a matter of tweaking the definitions and making them official rather than just assumed/implied.

      Since clearly law enforcement would never shoot a non-criminal it stands to reason that anyone shot by them is a criminal. Therefore they already have guns that only shoot criminals.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 25 Jul 2018 @ 7:49pm

        Well, that leads to a horrifying analogy...

        ...Anyone shot by [law enforcement] is a criminal...

        If your data is encrypted, it's illegal.

        Of course then there's the matter of proving its actually encrypted rather than a bunch of random numbers.

        At that point our surveillance-state-minded friends might take it one step further:

        If your data looks encrypted, it's illegal.

        PS: any plain text of length or blank medium might be steganography, thus, illegal.

        reply to this | link to this | view in chronology ]

  • icon
    Atkray (profile), 25 Jul 2018 @ 6:22pm

    "We put a man on the moon."

    I have some co-workers that would argue that is not true.

    Maybe we should have Wray prove that to their satisfaction before discussing further.

    Like minds and such.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 25 Jul 2018 @ 6:56pm

    "We put a man on the moon, why can't we put screen doors on submarines?"

    What with global warming and all, it sure would cool things off inside.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jul 2018 @ 8:07pm

      Re:

      "We put a man on the moon, why can't we put screen doors on submarines?"

      We could. But like back-doored encryption, it just wouldn't be a very good idea.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jul 2018 @ 8:01pm

    But, it's easy

    ... Encryption backdoors are trivial to implement, that was never the issue.

    Implementing encryption backdoors that actually work and are secure, that's pretty much nearly impossible.

    It's like asking why we haven't put a man on Pluto yet if we can get them to the moon.

    reply to this | link to this | view in chronology ]

  • identicon
    bshock, 25 Jul 2018 @ 8:18pm

    "We put a man on the moon, why can't we instantaneously teleport ourselves to the Andromeda Galaxy?"

    Because it's physically impossible, idiot.

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 25 Jul 2018 @ 9:32pm

    I still say that someone needs to confront such people and frame the problem in terms of a physical lock and key on an impenetrable door. Ask them how to ensure that only the homeowner and the police can unlock a person's home.

    They've been using locks their entire life, they know how they work, there's no nerd-mystery surrounding their operation. So surely they can propose a foolproof method of ensuring that the police can open them while still keeping out the bad guys. Unless of course they want to admit that they're not smart enough to know how locks work.

    reply to this | link to this | view in chronology ]

  • icon
    Berenerd (profile), 26 Jul 2018 @ 5:16am

    But we got dead people to support killing net neutrality, why can't we do this?

    reply to this | link to this | view in chronology ]

  • identicon
    Digitari, 26 Jul 2018 @ 8:50am

    great idea

    let it be tested first on FBI computers and phones, what could go wrong?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Jul 2018 @ 10:18am

    Let me check an antonym for "backdoor" in the dictionary... Yep, it's "security".

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 26 Jul 2018 @ 1:00pm

    It only works..

    It only works if both sides have it..
    If you send something from your phone, the data cant be encrypted, unless the other person has a key to open it.

    I dont think they are using the correct wording.
    I think all they want is the password to get into the device.
    Facial ID isnt that good, and when it works, it isnt safe..Just hold the person in position and CLICK..open.
    Finger print?? Just as bad..(great to give them the finger)

    iF iM CORRECT, i THINK they have a Tech problem

    reply to this | link to this | view in chronology ]

  • identicon
    Dave P/, 28 Jul 2018 @ 10:19am

    Idiots.

    They just won't listen, will they? I'm sure all these do-gooders would be very pleased to have a back-door that empties their bank accounts!

    reply to this | link to this | view in chronology ]

  • identicon
    Mats Svensson, 30 Jul 2018 @ 4:10am

    And then...

    - Whycome you nerds could put a backdoor into encryption, but now you cant make a toupee that looks good and is cheap?

    reply to this | link to this | view in chronology ]

  • icon
    DerekCurrie (profile), 30 Jul 2018 @ 7:50am

    Willful Computer Security Ignorance Is Not Acceptable Mr. Wray!

    Stop inspiring my hashtag #MyStupidGovernment. Learn what you're talking about. Stop sitting in a position of authority and speak outright nonsense that demonstrates your unwillingness to understand the subject.

    Computing 101: Start there. Then learn about the ongoing abominable state of computer coding security. There's something to rely upon.

    Privacy is our right. We have no evidence to believe it won't be abused by government and law enforcement as well as criminals and murderous authoritarians.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jul 2018 @ 6:41pm

    We put a man on the moon. Can we put Chris Wray into a black hole?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.