
FBI director Comey backs new Feinstein push for decrypt bill - pearlsteinj
https://techcrunch.com/2017/05/03/fbi-director-comey-backs-new-feinstein-push-for-decrypt-bill/
======
grandalf
From his perspective as the head of the FBI whose job it is to achieve
outcomes within the law, of course Comey advocates encryption backdoors. He
would likely also advocate allowing the FBI to suspend the bill of rights for
any suspect during the duration of an investigation, and he'd quite likely
prefer that the FBI be legally allowed to torture suspects if extreme
techniques were viewed as likely to result in useful information. To law
enforcement, the rights of a suspect are a barrier to many convictions.

How did we get to this point? Nobody would reasonably argue that extreme
surveillance measures, patriot act, etc., is necessary to stop the vast
majority of crimes from occurring, so why is it so easy for seemingly
serious/intelligent people to think this nonsense is reasonable?

Members of our government are so indoctrinated about stopping "terrorism" that
they have lost all sense of perspective. Terrorism is a political word to
describe political enemies of the state, yet the patriot act and surveillance
machinery has been used in enforcement of many other kinds of (less serious)
crime.

I am surprised anyone can still use the word "terrorism" with a straight face
anymore after it's become so clear that there is no large existential threat
(merely the occasional zealot who acts out due to his/her own mental health
issues). And in spite of a historically unprecedented global surveillance
system there have been no attacks thwarted.

Comey is a symptom of the kind of cowardly, authority-respecting society we've
become. I look forward to the day when our FBI director is not someone whose
gaffes and judgment calls we read about in the newspaper on a regular basis.

~~~
aub3bhat
Oh please whatever your opinion might be saying

""" surprised anyone can still use the word "terrorism" with a straight face
anymore """

Is quickest way to shut down conversation. Especially given horrific events in
France, Ohio, Florida. Your argument is not only ridiculous its counter
productive to anyone offering a balanced saner approach.

~~~
aswanson
You're more likely to die from a lightning bolt than a 'terrorist' attack.
You're thousands of times more likely to die from bad driving habits or being
overweight, so why is the terrorist bogeyman given so much concern in the
political conversation?

~~~
hyperdunc
Because a lightning bolt is a much more random occurance. It doesn't have
agency, an agenda or a trajectory within society. A lightning bolt isn't
looking to instigate more lightning bolts.

In 10 years time the death stats for lightning bolts will be similar and for
road accidents will probably have declined. Which way do you think the
terrorists stats will go?

~~~
aswanson
Given the trends and the fact that it's a low probability event, I'd expect it
to stay about where it is, about one death per year, or about as much as a
chance as I have of getting killed by a piece of furniture:
[http://uk.businessinsider.com/death-risk-statistics-
terroris...](http://uk.businessinsider.com/death-risk-statistics-terrorism-
disease-accidents-2017-1?r=US&IR=T) [http://www.globalresearch.ca/the-
terrorism-statistics-every-...](http://www.globalresearch.ca/the-terrorism-
statistics-every-american-needs-to-hear/5382818)

~~~
hyperdunc
Terrorism is less likely to remain a low-probability event because it contains
the intention of death spurred by a toxic ideology that wishes to spread.

The comparisons given are accidents and happen through negligence or plain bad
luck.

~~~
aswanson
If your premise is true that it will grow because it wishes to spread, then
why has it empirically remained constant? Why isnt it more successful every
year as it pushes growth?

~~~
hyperdunc
It has the strong potential to grow but right now there are enough people
opposing its spread.

Even so, terrorism may have cumulative political and social effects. People
don't like to know there are others out there who wish them harm. Once a
certain threshold of resentment is reached within an affected society then
suddenly massive unrest could erupt.

Some politicians are trying to mitigate this by suggesting we should just get
used to the occasional terrorist attack and treat it like a lightning strike
or a piece of heavy furniture falling over.

~~~
aswanson
You must not live in the us. Every politician here is hyping the threat well
beyond proportion to the life loss potential. But humans are irrational and
scare prone, so why not exploit the cognitive bug, for votes and profit?

~~~
hyperdunc
Yes, it's hardly surprising that some people use the threat of terrorism for
personal gain.

------
dhfhduk
I'm confused about this. I'm hurried at the moment, but this seems to a bill
that orders tech companies to provide a solution to encryption without having
a backdoor?

Isn't this like legislating a violation of mathematics or something?

~~~
rietta
As I just put it in my open letter: "Let me be clear. This distinction that
the Director makes has no basis in fact or science. Any imaginable key escrow
system that would by design provide routine access to encrypted data is a
backdoor that will be able to be hacked. Any such system of so called lawful
intercept is an unfixable, mandated security vulnerability that will make
Americans less safe both at home and abroad."
([https://rietta.com/blog/2017/05/03/americans-access-to-
stron...](https://rietta.com/blog/2017/05/03/americans-access-to-strong-
encryption-is-at-risk/))

~~~
ghughes
I wrote a similar letter: [https://medium.com/@flukes1/my-letter-to-amber-
rudd-on-encry...](https://medium.com/@flukes1/my-letter-to-amber-rudd-on-
encryption-19afd4834ae5)

~~~
rietta
Excellent read. Thank you for sharing.

------
FullMtlAlcoholc
So, the NSA and the CIA were recently hacked, yet these numbskulls think we
can create a system that will only be accessed by "the good guys" How many
hacks, leaks etc will it take for them to understand that if this passes, that
will be the end of online security?

New Rule: If you want to propose cybersecurity legislation, you need to pass
the fizz buzz test.

~~~
pavement

      they think we can create a system only available to them
    

Because there are civilian consumer systems, and state apparatus systems. The
civilian consumer systems just leave shit out in the open, all over the place,
and make a mess, with no obligation to common, clueless people.

Everyone knows that no effort is made to retain military operational security
for sloppy, undisciplined non-combatants.

Anyone with clearance to actual hardened systems, sees a clear difference from
the other side of the wall, and questions why the charade must go on, when
it'd be so much easier to dispose of the pretense that there's "privacy" to be
had, and see investigations forced to prosecute with so much parallel
construction.

The state apparatus systems, in their minds, deserve preservation of secrecy,
because it puts the owners at an advantage. They seek advantage by crippling
consumer civilian systems. This is the line of reasoning from their
perspective. Render outsiders defective. Create real systems for themselves.
Maintain authority by denying useful systems to unknown quantities.

------
peterwwillis
_> "What nobody wants to have happen is something terrible happen in the
United States and it be connected to our inability to access information with
lawful authority."_

But they're not asking for that. They're asking for the ability to force
companies to grant them access to information _without_ something terrible
happening.

The only way you could _prevent_ something terrible happening, and have that
_prevention_ be "connected to [their] ability to access information with
lawful authority", is to have the ability to inspect private data. And the
only reasonable way they would do that is to do it _surreptitiously_.

They could try just asking the user to unlock their iPhone, or demand it with
a court order (where I assume they can plead the 5th), but either would tip
the suspect off. So they have to do it without the user's knowledge. And the
only way to do that is if the company has a backdoor, or makes it so
incredibly insecure as to no longer guarantee privacy at all.

The only logical way to give the FBI what it wants is to compromise user
privacy.

 _> During the session, Comey also made repeat plays for expanding the scope
of national security letters (NSL) — arguing that these administrative
subpoenas were always intended to be able to acquire information from internet
companies, not just from telcos._

The FBI claims that they would always get permission from a judge for invading
user privacy. In the next breath, they want to expand NSLs, which is invading
user privacy without requiring a judge's approval.

Both Lavabit and Silent Circle have had to close down their businesses after
Lavabit was unreasonably demanded by the government (in a gag-ordered search
warrant) to give up its private TLS keys, exposing all its users' privacy. But
no law enforcement agency gives a shit about privacy; only secrecy.

------
mgleason_3
Unbelievable. Just happened to see a clip today
([https://goo.gl/F9XeQU](https://goo.gl/F9XeQU)) where Feinstein was
"grilling" Comey about announcing the investigation into Clinton right before
the election.

When Feinstein totally let him off the hook I was floored?!? He interfered
worse than the Russians - how does he still have a job?

Ahh, she wants his support for the decrypt bill. I'll never understand why the
Democrats have zero interest in protecting personal privacy.

~~~
kasey_junk
Some Democrats are fairly strong proponents of protecting personal privacy, as
are some Republicans. Conversely members of each party are down right anti
privacy. When standagainstdpying.org was still active you would see very
little correlation between party and score.

Our 2 party system leads to widely erratic results on issues like this, as we
are seeing with this Comey Feinstein partnership.

------
feld
“I don’t think Congress intended that distinction but what it does do us is in
our most important investigations it requires us that if we want to find out
the subscriber info to a particular email to go and get an order from a
federal judge in Washington as part of the FISA court. An incredibly long and
difficult process. And I’m worried about that slowing us down — and I’m also
worried about it being a disincentive for our investigators to do it at all.”

Hurdles to protect privacy are important. If it's not an arduous process we
have a problem.

~~~
bogositosius
>and I’m also worried about it being a disincentive for our investigators to
do it at all

How "important" can the investigation possibly be if this serves as a
"disincentive"?

------
utternerd
> saying such legislation would be “better from a public safety perspective”

According to whom, we the people or a bunch of authoritarians who'd like to be
able to access every nook and cranny of our personal lives?

~~~
omginternets
Forgive me, as this is completely tangential to your point, but it should be
"according to whom". A simple explanation:
[https://www.grammarly.com/blog/who-vs-whom-its-not-as-
compli...](https://www.grammarly.com/blog/who-vs-whom-its-not-as-complicated-
as-you-might-think/) :)

Call me silly, but I think grammar is important. I hope you don't take this
the wrong way!

Edit: lol, I _thing_ I made a typo earlier.

~~~
bamurphymac1
I thing so too, friend.

~~~
thaumasiotes
Thing of this as the logical extension of the analysis "you've got another
thing coming". ;D

------
DarkKomunalec
Would it be okay to mandate spy microphones in all cars, spy cameras in all
rooms, and make it illegal to remove or disable them, as long as only the
'good guys', with a warrant, could access the info?

What if doing this would save N people/year from terrorist attacks?

What other rights should we sacrifice for a 'safer' society? Surely we
shouldn't let terrorist recruit people, so there goes free speech. We also
shouldn't let them gather together to plot their wicked plots, so there goes
freedom of association. And if we could bar people at risk of committing
terrorist acts, from vulnerable locations, such as subways, airports, parks
with a lot of people in them, well, I'm sure that would save a few lives too.

------
adrr
Putting in backdoors is sure fire way to kill US based mobile phone producers.
Criminals will just use foreign produced phones and only way to counteract
that is to outlaw those phones. Can't wait till they criminalize having
certain firmware on your phones.

~~~
jjawssd
It's already a violation of the law to import and sell routers with unlocked
firmware

~~~
mnw21cam
Um. So, if I have a laptop, running Linux, with a built-in ethernet port, and
plug in a USB ethernet adaptor, it is suddenly illegal to import it?

Crazy.

~~~
jjawssd
No

------
pgodzin
> We all love privacy, we all care about public safety and none of us want
> backdoors — we don’t want access to devices built in in some way. What we
> want to work with the manufacturers on is to figure out how can we
> accommodate both interests in a sensible way

How is this possibly reconcilable?

~~~
white-flame
It's not, but notice his wording. He has no clue if it's possible or not, he
wants a mandate for the tech companies to "figure it out".

There have been voices from the tech industry saying it's impossible, but
Comey doesn't want to hear that. He's literally called that response
"emotional" and believes tech lovers simply are clinging to encryption and
privacy irrationally.

He's not going to stop until he can hear what he wants to hear. I think the
only thing that will satisfy him is a beltway bandit lying to him about their
technology.

------
ardit33
Diane Feinstein is old and needs to retire. She is completely out of touch
with the needs of her constituency, and comes off more like an old guard
republican rather then a democrat that she is supposed to be.

~~~
sidlls
> comes off more like an old guard republican rather then a democrat

This is true of most Democrats these days, except when they want to pander to
minorities or other disadvantaged groups who could use real, actual allies
instead of the panderers. I am amazed and humbled by these folks' perseverance
in the face of a two party system in which one party apparently hates them and
the other thinks so little of them that their best efforts at being allies
generally consists of terrible pandering.

~~~
favorited
Maybe many minorities and members of disadvantaged groups don't like being
told that the pressing issues which affect their communities are just
"identity politics," which seems to me to happen a lot lately.

~~~
sidlls
Of course; it's insulting to have these issues reduced to a phrase like that.
It's also insulting to have these issues reduced to a plug on the campaign
trail and then ignored for the next year or two until the next big campaign​,
or used as a weapon by one rich old white lady against an affluent old Jewish
guy to score political points (for example).

You want to see the typical Democratic interaction with minorities on a
political level? Look at Flint, during the Primaries and general election, and
compare it to now.

------
rdxm
geeeez, how long is Cali going to foist Feinstein on the rest of the country.
The level of idiocy is just beyond painful...

Edit to add: of course the same could be said about the remaining 49 states
and their reps/sens as well...

~~~
pdelbarba
Yea, here is Colorado we have Cory Gardner. Rank and file republican in an
increasingly deep blue state. Currently leading the pack as most hostile to
his constituent's interests:

[https://projects.fivethirtyeight.com/congress-trump-
score/](https://projects.fivethirtyeight.com/congress-trump-score/)

~~~
nathancahill
Can't wait to vote him out. Incredible that he won't hold town halls. He knows
what's coming for him.

------
thegayngler
I don't know why California Democrats elected Diane in the first place. Were
there not any real liberals in California to choose from preferably with some
expertise in Californias most valuable export?

------
rietta
I was watching the hearing during lunch, had to attend to work meetings, and
then saw this article which is what spurred me to post my open letter to
Congress tonight and share it here on HN at
[https://news.ycombinator.com/item?id=14261423](https://news.ycombinator.com/item?id=14261423).
We have to get this information out there in a format that Congress and our
non-techie friends and family understand.

------
RichardHeart
Law enforcement is tasked with putting people in jail, not so much preventing
future abuses of bad laws by governments. This is why checks and balances must
be maintained, for when all you have is a hammer everything looks like a nail.

------
bdamm
"The high profile court battle ultimately ended after the FBI paid a third
party company to gain access to the device via an exploit in the security
system."

Why isn't this an acceptable solution?

~~~
neuland
It cost a lot of money, basically (AFAIK on the order of a million dollars to
Celebrite).

One funny outcome of the San Bernardino iPhone cracking debate was the
Government double speak:

To Apple ...

> We only want to force you to build a custom iOS so we can get into this
> iPhone.

To DA's across the country ...

> Send us all your iPhones for ... reasons.

But comedy aside, they really do care about the cost / time of un-encrypting
things. They're position seems to be that anything outside of your brain (5th
amendment and all) should be available with a court order in a reasonable time
and at reasonable cost.

I don't agree with that, because manufacturers should be able to produce
whatever software they damn well please. But, they have a logical position if
you look from the right angle.

~~~
mlindner
> They're position seems to be that anything outside of your brain (5th
> amendment and all) should be available with a court order in a reasonable
> time and at reasonable cost.

I'm looking forward to the first court cases that deal with somebody who
implanted a memory chip into their body and are storing information in it
(only accessible through a wirelessly sent password) that the court wants to
access. Could the court order surgery to remove it.

------
AJ007
Can someone call out these alleged encryption back doors for what they are?
Junk science.

If Apple and Google aren't legally able to build as secure as devices &
infrastructure as possible, the DOJ, FBI, NSA, and CIA sure as hell won't be
secure. Merry Christmas to Assange.

~~~
0xfeba
"Backdoor" is such a loaded term. But it could be done relatively securely
with a dual key system. Apple (or you/your device), has one key; the
government has some other key. Either one unlocks the phone.

But then you need the government to securely store a few master keys. Given
the latest CIA, NSA and OPM leaks I doubt this is possible long-term. However,
maybe changing the devices keys based on year of manufacture is a reasonable
step to have some sort of safeguard.

------
benevol
If you want to lose all of your tech monopolies, then go ahead with your
backdoors (the ones whose existence will be _publicly known_ , that is).

------
microcolonel
> We have to figure out a way to optimize those two things: privacy and public
> safety.

Given how safe the public is, you'd think that this would mean "we need to
focus on privacy". That is the _public_ 's priority. The FBI, whose mandate is
abviously _not_ to protect the _privacy_ of citizens, is obviously going to
advocate for the _public safety_ , or more specifically his organization's
degree of visible success in ensuring it.

Obviously the director of the FBI is not who you should be asking for a
balanced recommendation regarding safety and privacy.

------
JustSomeNobody
What are the tech companies he has been having a "growing consensus" with? I
want to boycott them.

------
jacquesm
Nice bill. Maybe they should finally get around to declaring Pi to be 3 too,
two birds with one bill.

~~~
markvdb
[https://en.wikipedia.org/wiki/Indiana_Pi_Bill](https://en.wikipedia.org/wiki/Indiana_Pi_Bill)
always makes me smile...

------
Mendenhall
Is there any good information on what has been accomplished through such
access etc ?

What have they stopped using such methods? I think if they wanted to get
anything like this moving forward they need to show results. Not too many
trust the government these days.

I do not like the idea of "backdoors" but I can see realistic need for such
things. I think many are against such things "until" some massive WMD type
attack then the tune will change.

~~~
AnimalMuppet
If it worked, they probably wouldn't tell us (don't want your targets to wise
up).

And if it didn't work, they probably wouldn't tell us (just in case it might
sometime...)

~~~
Mendenhall
Thats my thinking as well, but I dont think they will change anyones minds if
they dont show some sort of results.

------
scardine
There is another big problem with mandatory decryption laws.

If someone want to incriminate you, they don't need to plant a file with child
porn anymore: they just need to plant a file composed of random bytes and
acuse you of having encrypted child porn there.

Now good luck providing the court an encryption key that does not exist.

------
nathan_long
Your device has private data on it. Who has _final_ say on whether someone can
access it?

\- Option 1: you \- Option 2: somebody else

Those are the only two options.

Option 1 protects people from criminals and tyrants, but impedes law
enforcement.

Option 2 enables law enforcement but makes people vulnerable to criminals and
tyrants.

Any suggestion that we can get the best of both worlds is confused or
disingenuous. We have to choose.

Do you get final say on who can access your device's data, or does somebody
else?

------
cprayingmantis
If you're wondering how it got to this point I'd like to remind you that you
(If you live in the US) don't own this country. The people in charge don't
care about you. They care about money, power, and stability of their system.
It's hopeless to resist because they own your home, your bank account, and all
your money. The only way we'll ever change it is getting scientists, nerds,
and engineers into congress. I don't know how we'll do it but we have to do it
to ensure freedom for everyone in the USA.

------
unityByFreedom
Ridiculous. When will these numbskulls understand that you can't regulate
people's use of encodings? It's right there in human language. You can't force
everyone to use the same one.

------
jjawssd
Why do California Democrats vote this person in year after year?

~~~
mahyarm
Because they vote for their party, and california is a blue party state.

~~~
jjawssd
Is it possible to effectively publicize what candidates stand for and have
historically voted for? Or is this impossible?

------
cmdrfred
Why is someone who is 83 years old and likely has to call her grandson for
help paying a bill online writing law about encryption?

------
phkahler
I still don't understand. They want to be able to have a court order a device
maker to decrypt data, but today they can already get a court to order the
device owner to decrypt it. The device owner actually has the password or key.
The truth is that they want to do this without the device owner knowing it's
being done.

~~~
panzer_wyrm
Passwords so far are somewhat protected under the fifth. And you have to go
trough contempt of court. Firmware signing keys that belong to a third party
are not.

~~~
phkahler
So what's your point?

~~~
panzer_wyrm
That it is easier to mandate mandatory decryption to the vendors than to power
trough the fifth and get password from a defendant.

All writs on steroids.

------
bsder
Right after the Intel security disclosures.

Hmmmmmm.

------
Esau
Color me surprised.

