
FBI director says companies should ditch encryption - mmarx
http://www.wired.co.uk/news/archive/2015-12/10/fbi-director-calls-for-encryption-end
======
sandworm101
>>> FBI director James Comey has called on tech companies to stop "by defaut"
end-to-end encryption -- so that the FBI can monitor communications again.

Note the "by default". That suggests the FBI isn't interested in spying on
smart people. They only want to go after the dolts who cannot be bothered to
enable encryption. Mr Comey obviously doesn't think much of his adversaries if
he assumes they won't bother trying to hide.

Either that, or they want to spy on the population generally for purposes
other than the prevention of crime. Which is it? Does be believe terrorists
are not tech savvy, or does he not care about clever terrorists and instead
wants to monitor the plebs? I doubt he has any coherent answer beyond beyond
'More data = good'.

~~~
csense
I hypothesize the FBI wants to expand its credit card fraud division, and the
way to accomplish that is make it possible for a thief to simply open his Wifi
at Starbucks, run the right script and snatch unencrypted CC's out of the air.

The resulting influx of credit card theft would do wonders for the headcount
and political importance of the credit card fraud investigation department...

~~~
commentzorro
I get your point. But, tangentially, I believe the Secret Service handles more
of the credit card fraud stuff. There was just some discussion in the news the
other day about the Secret Service being stretched too thin because of all the
time they spent on investigating financial "cyber crime" vs. guarding the
president and such.

Anyway, here's a couple links on what to report to which:

Secret Service:
[http://www.fraudaid.com/solution_center/jurisdictions/usfed-...](http://www.fraudaid.com/solution_center/jurisdictions/usfed-
secretservice.htm)

FBI:
[http://www.fraudaid.com/solution_center/jurisdictions/usfed-...](http://www.fraudaid.com/solution_center/jurisdictions/usfed-
fbi.htm)

------
mindcrime
Great Mr. Comey, so you won't mind providing a public feed of all of your
personal audio / video / text communications, and your Internet traffic,
right? I mean, if nobody needs privacy, I'm sure you'll be standing at the
front of the line to surrender yours...

~~~
bitwize
Senators Feinstein and Schumer would sooner race to the front of the line to
turn in their guns...

~~~
jmspring
Feinstein the hypocrite. She has a conceal carry permit yet many in CA are
unable to get such.

I'm really done with her being one of CAs senators. Of the two, I don't like
either, at least I can respect Boxer for not being the overwhelming hypocrite
and self aggrandizer that Feinstein is.

~~~
gozur88
I'm tired of being lectured on guns by people who have concealed carry permits
and armed security. Sulzberger from the NY Times is another - he has the paper
in full-throated support for gun control while at the same time he has a
concealed carry permit hardly anyone in NYC can get.

~~~
jeremysmyth
It's generally rational for people who campaign against bad policy to make use
of those policies while they exist and are advantageous.

Mayday.us is a superpac designed to end superpacs. This is not hypocrisy. See
also signatories to the nuclear non-proliferation treaty.

~~~
gozur88
It's not hypocritical if you think Sulzberger intends to give up his permit
after he gets the gun control he wants. Personally, I don't believe it for a
second.

I don't blame him for wanting to be the only guy with a gun. I just don't
think he should be allowed to arrange that through the government.

------
aniro
Chief of Police encourages businesses to remove all locks from their doors in
case police forces need to enter the building in the instance of an emergency
such as a break-in.

Furthermore, all business owners are encouraged to stop locking their cash and
recipes in a safe, as this prevents police from ensuring none of it has been
stolen.

~~~
rakoo
There's a very important difference that we "people-in-the-know" forget every
time this topic comes up:

\- When doors are locked and police want to go inside, they can still break
the lock or the door. It will only take some time.

\- When a safe is locked, it doesn't prevent it from being opened. It will
only take some time.

What the FBI ultimately wants is not necessarily ban encryption, or give them
an additional key; what they _really_ want is breakable encryption so they can
decrypt the content. Much like a lock is not unbreakable but is defined in
terms of security by how much efforts it takes to break it, and much like a
KDF is defined to take a given amount of time, they want to have breakable
encryption -- ie, encryption that only takes, let's say 1 M$ to break (the
figure is just to have clear ideas).

Of course, as we all know, if it takes 1 M$ to break, everybody with 1 M$ can
break it (not only the "good guys"). This is further exacerbated by the fact
that it's online (contrary to a physical lock, for which you need the
appropriate tools _and_ physical access to the lock).

So the equivalent is not "Comey wants us to remove all locks", it is "Comey
would like us to use locks that can't resist a 1 M$ attack". That is still
undesirable (we've grown extremely accustomed to almost-infinity $-resistant
crypto), and looks very much like a call back to exports-grade crypto. If the
quality of a crypto cipher doesn't decline too fast, I think I'd be happy that
LEO could decrypt the messages _provided they have all the required legal
provisions_.

~~~
aniro
I am guessing you missed the snark, either intentionally or not.

~~~
rakoo
Oh I perfectly understood the snark, but it's not exactly correct. It's like
mocking something over a trait that is not correct; a straw man, if you will.

~~~
aniro
A joke should always be EXACTLY correct.. otherwise it creates opportunity for
ill-humored pedantry.

------
marssaxman
No thanks, I'd sooner ditch the FBI director.

------
maerF0x0
The old ways of controlling people are going to need an update. Once upon a
time violence was a sufficient tool to inhibit or dissuade criminal activity.
The new paradigm is that you cannot use violence and your knowledge of
criminal activity to dissuade actions, instead one must remove the desire to
perform them in the first place.

IMO this looks like: \- Stop bombing/attacking/interfering in Islamic nations.
\- End the most grievous forms of poverty world (such as lack of opportunity)
such that increasing numbers of people have nothing or little to gain by being
criminal \- Stop utilizing violence as a protected means, only allowed by some
(ie the government). By universally outlawing violence, it becomes morally
clear that no amount is valid.

~~~
oldmanjay
How does one outlaw violence?

~~~
maerF0x0
That, of course was the whole thrust of the comment. That removing the
incentive to use violence is the most effect means to lessen / discontinue its
use. Conversely there situations which basically leave little other choice
than the use of violence (extreme poverty or abuse for example). Therefore by
removing the sources of those things, we can stem much use of violence.

------
rrggrr
I expect USGOV to lose the keys argument, but not without extracting vast sums
from Congress for projects that promise to work around the obstacle of strong
encryption. I'm also hearing less and less about cues missed that could have
prevented the recent CA attack, and hearing more and more about the encryption
debate. Good PR and understandable given the thankless and impossible task
DHS/FBI has of getting it right every time. One right/freedom I wish we had in
the US was that our leaders could be free to admit imperfection and mistakes
without Congress and the Press piling on.

------
yqoa1r0jb0p0
The headline is misleading. Comey wants providers to control the keys, not the
end users. Providers can be compelled if needed. In many cases, end users have
5th amendment protection.

EDIT: The headline on the Wired website is more accurate, the HN headline is
sensationalized.

~~~
thephyber
Your characterization of the protections users have is misleading. There has
been no definitive nationwide court case which has settled the issue.

In one case, a citizen was protected from giving over the password to their
phone, but was compelled under penalty of contempt of court to unlock the
phone for investigators to analyze. In other cases, courts have compelled
defendants to hand over the passwords.

Providers can be compelled, but that is because companies have no strong
desire to protect the civil liberties of their customers (or in the case of
social media -- their products), but _do_ have a strong desire to prevent
financial punitive damages or legal defense fees from being incurred.

The FBI wants providers to be able to unlock data because that can be done
without the notification to users that there is an investigation about them
(which serves multiple purposes).

~~~
yqoa1r0jb0p0
>There has been no definitive nationwide court case which has settled the
issue.

You're right, there has been no supreme court case. Which is why I did not
make a definitive statement. However, recent cases support 5th amendment
protection more often than not.

[0][http://www.washingtonpost.com/news/volokh-conspiracy/wp-
cont...](http://www.washingtonpost.com/news/volokh-conspiracy/wp-
content/uploads/sites/14/2015/09/Huang.pdf)

Are there any cases where the 5th amendment did not serve as protection where
the forgone conclusion doctrine was not applied?

------
randyrand
You'd think in a democracy freedom would take precedent over control. But
nope.

------
throwaway1120
So after "109 messages with an overseas terrorist" which they _can 't
decrypt_, they don't bother to place that suspect under immediate
surveillance?

So we're supposed to believe that this happens every day, their systems detect
it, but because they don't _know the contents of the messages_ they're unable
to do anything...

Sounds to me like they should be working on their meta-data collection.

------
merpnderp
I'm guessing he's never heard of the pidgin OTR plugin which puts encryption
keys back in the hands of even the least technical.

~~~
pdkl95
There is a tendency - especially among highly-technical crowds like HN - to
assume ignorance or stupidity whenever a topic like this comes up. This is
_dangerous_. Hanlon's Razor is a good heuristic when _all else is equal_ ,
which is absolutely not the case with these attacks against encryption. All
else is _not_ equal.

James Comey has been attacking crypto since the _first_ crypto wars 15+ years
ago. There is no way he is ignorant of how crypto works or how easily
available it is. His rhetoric is an attack on the power that Silicon Valley
has been acquiring, and tech companies better start treating as an attack.
This latest push is trying to paint tech companies as "being unreasonable" in
the public eye, so legislation can be pushed outlawing encryption _wherever it
is inconvenient_ (finance can always have an exception carved out). It need
not be _effective_ \- it's just another tool that can be selectively enforced.

So where are the "full-page ads" and other media blitz form tech companies
countering these attacks? Where are the counterattacks accusing Comey of
trying to undermine American Businesses Interests? Well, far too many of those
businesses use surveillance as a business model, and actual security would
undermine their interests as well. I hope they like the future they are
creating.

For everybody else, the time to start fighting against these political attacks
was "yesterday". Better late than never?

~~~
merpnderp
Wish I could upvote your response twice.

------
rubyfan
I'll paraphrase here... "Stop encrypting so that we can break the law by
spying on our own citizens."

------
TrevorJ
I think they see opt-in encryption as an important filtering signal they can
use to determine who to target. The assumption they work under seems to be
that law-abiding people won't need to use encryption. Either way, this is
pretty disgusting.

------
kbart
While were are at that, let's ban whispering and in-person conversations
altogether. I bet a lot of bad deeds and terrorism acts are planned using
these methods.

------
jdc
I think the techincal issue is guaranteeing the that the backdoor, whatever
form it takes, can only be used in the service of a lawful court order.

~~~
chadillac83
Putting even the most secure and resilient backdoor should be considered a
failure of freedom, privacy, and politics.

At the end of the day backdooring encryption does nothing but weaken
everyone's security without actually helping intelligence agencies, at least
in the face of serious actors.

Fine, agree to a global backdoor or all crypto with a handful of trusted key
holders, how long until the algo or key is leaked, how long until a flaw in
it's implementation is found, how long until some TSA agent is photographed
with the password blinking on his screen in a news article.

All this will do for bad actors is ensure they assume whatever service
provider isn't to be trusted in their implementation and just use a 3rd party
process and/or open source tool chain to produce encrypted messages that will
be routed over already encrypted networks. Great, your backdoor got you to a
second layer of ciphertext that you still can't make heads or tails of,
meanwhile you've weakened the security of literally every person on earth.

A backdoor is unacceptable, no matter it's perceived strength, value, or
safety.

~~~
jdc
I understand the aversion to backdoors and am quite sympathetic to the view
that all encrypted communication should be revealed only to the sender's
intended recipient(s). However, the choice is not always ours to make.

~~~
oldmanjay
How do you propose to remove that choice from me?

