
CIA Director John Brennan Pretends Foreign Cryptography Doesn't Exist - CapitalistCartr
https://www.schneier.com/blog/archives/2016/06/cia_director_jo.html
======
chopin
As commented somewhere in the Schneier thread:

Presumably Brennan refers to the big players, Apple, Google, Microsoft,
Facebook, Intel (ME) et al. These companies are delivering crypto and/or
hardware for the masses and could be subverted maybe with small short term
effect.

Of course, the terrorists will switch. And Mr. Brennan knows that. This is the
revealing part: It's about mass surveillance of people who are _not_
terrorists by any means.

~~~
peteretep
What's the motivation for mass surveillance of people who aren't terrorists in
the US?

~~~
TheCondor
Money. It's all subcontracted out. It costs tons to do a full nation the size
of the US and it's dramatically cheaper than a foreign nation.

There are also the conspiracy type reasons but I think it's just a jobs
program for white upper middle class men.

~~~
pdkl95
The commercial surveillance complex is just a special case of the military
industrial complex. No conspiracy is necessary to explain the greed in
traditional defense contracting; surveillance tech is just the latest
variation.

Also, the current obsession with machine learning is amplifying the problem.
It's easy to misuse data analysis (e.g. overfitting the model until it says
what you want it to say). Data is seen as valuable on it's own even if it
isn't useful "now". This produces an effect similar to tulip-mania where
everybody wants as much data as possible even if it isn't currently useful.

Finally, add in bad incentives where failure is rewarded with more contracts.
As Mudge (Peiter Zatko) gave a very good description[1] of this problem which
he called "game theory is a bitch". The solution is to make retaining data
toxic with liability.

[1]
[https://www.youtube.com/watch?v=h9wXq6oRBnI#t=1173](https://www.youtube.com/watch?v=h9wXq6oRBnI#t=1173)

------
yarper
Interestingly it seems that GPG is originally from Germany [0] (a headline act
from the first crypto war, I expect there are many other examples!)

[0]
[https://en.wikipedia.org/wiki/GNU_Privacy_Guard](https://en.wikipedia.org/wiki/GNU_Privacy_Guard)

~~~
rurban
Practically all public visible encryption had to come from overseas during the
crypto wars, because US crypto was not allowed to be exported. So everybody
used european or australian crypto, and we still do. gpg, openssl, gnutls,
truecrypt, ssleay, ...

~~~
nxzero
Calling it a "crypto war" is missing the point - and the solution for that
matter.

~~~
Afforess
"Crypto Wars" is a historical term, not slang or embellishment:
[https://en.wikipedia.org/wiki/Crypto_Wars](https://en.wikipedia.org/wiki/Crypto_Wars)

~~~
nxzero
Yes, I know, and it is an embellishment if you believe crypto was/is the
solution.

Calling it a crypto war is missing the point and the solution; in fact, the
link you provide shows that the focus on crypto was a mistake.

------
Rathor1
He is not dumb, he is deliberately lying.

~~~
nxzero
Always possible that he is dumb and deliberately lying.

~~~
mikro2nd
"Never ascribe to malice that which is adequately explained by stupidity"?

~~~
shapov
Sounds like a quote from someone who is engaged in malicious activity.

~~~
nxzero
Sounds like a something said by someone that understands people, that being
"misunderstandings and neglect create more confusion in this world than
trickery and malice. At any rate, the last two are certainly much less
frequent."

------
Bromskloss
> US companies dominate the international market as far as encryption
> technologies

When do people turn to "companies" for encryption instead of using publicly
available libraries or applications?

~~~
lb1lf
-Most people(tm) probably couldn't care less and definitely wouldn't be willing to put up with the hassle of making their friends switch from iMessage, Google Talk, Skype, Facebook Messenger or whatever it is called - in order to use an encrypted solution.

If end-to-end crypto is going to become the norm, it needs to be supported by
the clients people have chosen to use - not by some obscure (to Joe Q.
Average) app.

Brennan obviously knows this - it doesn't matter all that much if .01% of the
web population use a client outside US control if the remaining 99.99% do use
crippled, US-controlled apps.

Heck, it would probably save them lots of time, as being among the .01% would
immediately flag you as a crank, terrorist or both.

------
frandroid
At this point, Brennan knows that there are no consequences to lying to
Congress, so why wouldn't he do it?

------
e12e
Really strange. Surely Keccack (SHA-3, among other things) is "foreign"
encryption? Although, I suppose it might be a bit theoretical in the sense
that no one yet has a _product_ that uses it in a configuration for
encryption, rather than just hashing?

I suppose SSH doesn't exist, and isn't from Finland either.

[http://keccak.noekeon.org/](http://keccak.noekeon.org/)

------
nxzero
Really depends on the requirements for encryption. Unbreakable encryption is
easy to do with basic math.

~~~
lb1lf
Surprisingly tough to get a good implementation of basic math going, though.

It is irrelevant if your cipher is sound and for all intents and purposes
unbreakable if you, say, leave the key vulnerable to some side-channel attack.

------
golergka
Well, if he's talking about consumer products, he's absolutely right —
Telegram is about the only widely popular non-US consumer product offering
encrypted communication I know.

~~~
sudocarbon
Isn't Open Whisper Systems Signal open to foreigners as well?

------
vaadu
This is SOP for this administration. If you deny a problem exists it does not
exist. The same state of denial exists when they refuse to use the words
Islamic terrorists.

~~~
0xfeba
The limited use of the words Islamic Terrorism is more of Obama walking a
tight-rope than denial. It may be futile, but it's not malicious.

> Obama and his secretary of state, John Kerry, have said that they don't use
> terms like "Islamic extremism" or "radical Islam" because they believe doing
> so would grant undeserved religious legitimacy to terrorist movements such
> as the Islamic State. Citing Islam as a factor risks framing
> counterterrorism as a war between the West and Islam, they have said.

> "They are not religious leaders -- they're terrorists," Obama said in
> February. "And we are not at war with Islam. We are at war with people who
> have perverted Islam."

[http://www.nbcnews.com/storyline/orlando-nightclub-
massacre/...](http://www.nbcnews.com/storyline/orlando-nightclub-massacre/why-
won-t-obama-say-radical-islam-n591196)

~~~
mikeyouse
This hysteria about Obama not saying the correct incantation to defeat
terrorism is pretty amusing coming from the anti-PC crowd.. Or don't they
realize that forcing someone to say a certain phrase is a perfect mirror image
of forcing people to avoid certain phrases?

~~~
0xfeba
Yep. That and the willingness of some people to abandon parts of the Bill of
Rights to 'solve' this problem is frightening. Not subtle, mass surveillance,
arguably constitutional things, but massive profiling and harassment.

"The government is totally inept and can't be trusted, but if we granted it
all these absurd powers to interpose it between a man and his religious
beliefs, it won't at all be abused."

