
The FBI’s Approach to the Cyber Threat - akerro
https://www.fbi.gov/news/speeches/the-fbis-approach-to-the-cyber-threat
======
corysama
> One of my children described to me what our problem is in recruiting. She
> said, “Dad, the problem is you’re the man.” I thought that was a compliment,
> so I said, “Thank you, I really appreciate that.” She said, “Dad, I don’t
> mean that in a good way. I mean you’re the ‘Man.’ Who would want to work for
> the ‘Man’?” I think she’s right. But I said to her, “You know, if people saw
> what this ‘Man’ and ‘Woman’ of the FBI was like, and what we do, and the
> challenges we face, I think they’d want to come work for us.”

Given that even after his daughter explained the term to him, he still doesn't
know that 'The' is part of the phrase, I'm not sure if The Director of the FBI
knows what the phrase 'The Man' means...

~~~
hawkice
This was when I decided to never work for the FBI:

[http://fortune.com/2015/04/06/fbi-agent-fitness-
test/](http://fortune.com/2015/04/06/fbi-agent-fitness-test/)

It's important to note that this means handicapped people are no longer
allowed desk jobs as analysts at the FBI. Missing a limb? You can't fight
crime anymore!

That's not my primary concern, though, per se. My concern is that firing and
disqualifying people who are otherwise talented MUST reduce clearance rates.
It's can't NOT do that. If FBI employees looking fit is more important to Mr.
Comey[1] than arresting murderers, I have absolutely no interest in his
organization.

[1] “I want you to look like the squared-away object of that reverence,” Comey
wrote in a memo to agents. “I want the American people to be able to take one
glance at you and think, ‘THERE is a special agent of the Federal Bureau of
Investigation.’” [http://www.vanityfair.com/news/2015/04/fbi-fitness-
test](http://www.vanityfair.com/news/2015/04/fbi-fitness-test)

~~~
DannyB2
The FBI fitness test: hire people who have a higher statistical possibility of
being narcissistic. (Wikipedia: "Narcissism is the pursuit of gratification
from vanity or egotistic admiration of one's own attributes.")

Respect my authority. Bow and be reverent when I question you. Be glad I don't
beat you to a bloody pulp right here when nobody is looking.

~~~
hawkice
This sounds like way too much, but the sibling comment is a bit too little.
Saying fatsos don't get a badge and a get a shittier title IS a deliberate
status punishment. Reminds me of strong negative opinions I have about high
school, where push-up ability translates into pecking order position.

Comey's statement does seem at least slightly vainglorious. He certainly has a
high opinion of how the FBI should be viewed (exceeding, for instance,
'professional' or 'public servant's), and believes it should be obvious who
FBI agents are, which will annihilate their undercover operations. So he is
sacrificing a lot in order to get big(ger), dumb(er, due to firing and not
hiring good investigators) jocks.

But I don't think it is meant to engender obedience or fear in civilians. I
think it is just a Bad Decision.

------
ramblenode
The tri-letters seek more and more access to personal data, yet their own
transparency worsens and their operations are increasingly classified or
confidential, even to members of Congress. We have more reason to be concerned
about the dark areas of government than Mr. Comey's "dark room" of civil
privacy. Defending civil liberties is an uphill battle because their
importance is not as immediately apparent as the security predicament of the
day. On the other hand, once the government gains a new mandate and new
authority it's rarely willing to relinquish this power once the cause for the
mandate has been resolved or the solution demonstrated unworkable. So we
should be cautious about granting broad authority to solve today's problems;
we'll have to live with the consequences tomorrow and days to come even if
it's realized the cure was worse than the disease.

~~~
themartorana
The end game of government is all dark-room. Bills are written in secret by
lobbying groups, treaties are negotiated and signed in secret, the TSA can
arrest people through secret laws, more and more government lawsuits are in
secret, we can withhold prisoners indefinitely in secret, the fact that a
secret organization contacted you and demanded secret information is secret.

This isn't just TLAs, it's the entirety of government. Some bits and pieces
are farther along than others, but it's all heading that way (same with local
governments).

Edit: did I mention starting/conducting wars through secret re-interpretations
of existing laws?

Edit 2: did I mention you can be prosecuted with secret evidence you and your
lawyer aren't allowed to see?

------
gjdjcjdnxnvjd
Brought to you by the same agency you know and love who also gave you previous
favorites such as " _Trying to Make MLK Jr. Commit Suicide_ " and " _Planning
to Execute Occupy Protesters With Sniper Teams_."

~~~
alexandercrohde
In case anybody assumes these two accusations are too wild to be true, here
are sources:

Sources:

[1]
[https://en.wikipedia.org/wiki/FBI%E2%80%93King_suicide_lette...](https://en.wikipedia.org/wiki/FBI%E2%80%93King_suicide_letter)

[2]
[https://en.wikipedia.org/wiki/Occupy_movement](https://en.wikipedia.org/wiki/Occupy_movement)
[Paragraph #2 Under Lawsuits]

~~~
lern_too_spel
The FBI uncovered a plot to assassinate OWS leaders in Houston. Claiming that
they were planning to do this themselves completely changes the story.
[http://www.courthousenews.com/2015/02/06/fbi-gets-ok-on-
alle...](http://www.courthousenews.com/2015/02/06/fbi-gets-ok-on-alleged-
murder-plot-info-cache.htm)

------
Animats
None of the threats they mention involve encryption much, not in the sense of
the FBI having access to the content. Ransomeware and phishing attacks, which
are the high-cost items now, don't need that.

Anti-terrorism might, but US terrorism today is a family affair. Since 2010,
almost all US terrorism attacks have been by individuals. The Las Vegas
shooting, Boston marathon bombing and the San Bernardino massacre were by
family members. The Garland, TX shooting was three guys from Phoenix who lived
together. In no case was any encrypted communication involved.

------
wtbob
> Even our memories are not absolutely private in the United States. Even our
> communications with our spouses, with our lawyers, with our clergy, with our
> medical professionals are not absolutely private. A judge in certain
> circumstances can order all of us to testify about what we saw or remembered
> or heard.

And that's a problem. Communications with spouses, lawyers, clergy and
physicians ought to be absolutely privileged. The disadvantages of doing so
are outweighed by the advantages.

Frankly, I don't think _anyone_ should be compelled to give testimony for the
prosecution (I _am_ okay with the defense being able to compel testimony). If
someone has knowledge of a crime, but disagrees that it should be a crime, he
should be free to keep his mouth shut.

> It is seductive when I hear someone say, “Absolute privacy is the paramount
> value. Our devices are designed to ensure that privacy is absolute in
> America.” Then, I stop and I step back and I realize, “You know, we’ve
> actually never lived that way. That is a different way to live.”

It's a _better_ way to live.

> That’s criminals not caught, that’s evidence not found, that’s sentences
> that are far, far shorter for pedophiles and others because judges can’t see
> the true scope of their activity.

That is a price to pay, but it is IMHO worth it, Those of us who support
strong encryption shouldn't be disingenuous and deny that it exists; rather,
we should be forthright about it.

Frankly, strong encryption is out of the bag. You can roll a secure cypher by
hashing a key with 0, then 1, then 2, and XORing that stream with your
message.

~~~
themartorana
What's most frustrating is that every person that pushes for further
intrusions and further dismantling of privacy and liberty hold themselves
exempt for any number of reasons.

I'd also like to know where they draw the line? What's _too_ invasive? At what
point _are_ they willing to (cringe) let pedophiles get lighter sentences,
because a privacy intrusion is _too_ extreme? As we march ever forward down
the road of always-on blanket surveillance, we might need to start asking this
question so we know exactly how far elected leaders are willing to go (and if
they believe themselves to be exempt from such intrusions).

------
jsnathan
Just a brief note for those coming late to this thread that this originally
pointed to (and made it to the frontpage as) [1], which is a discussion of
only the part of this speech by Comey which pertains to encryption and
privacy, and which starts with "A brief word, because I can’t resist, to talk
about encryption", which you can grep for.

A basic summary, not using the same words: They want backdoors, and they
propose that still counts as 'strong encryption', only, well, with a backdoor.
Also, they intend to make a push for this next year.

[1]:
[https://www.wsws.org/en/articles/2016/09/05/encr-s05.html](https://www.wsws.org/en/articles/2016/09/05/encr-s05.html)

------
mrsteveman1
Having the director of a law enforcement agency wading so far in to public
policy (and in a lot of ways _far_ beyond) seems odd to me, is this typical of
the position, historically?

------
kakarot
This is one of the most disgusting and hypocritical things I've ever read. The
level of doublespeak, fear-mongering and appeal to emotion is insane.

------
whorleater
> "First, we can reduce vulnerabilities. We in the government can equip you in
> the private sector to understand actors and cyber criminals and their
> techniques, their tactics, and their procedures." \- From [1]

I realize the alphabet soup agencies don't have much communication between
each other, but isn't the NSA hoarding vulnerabilities? Doesn't that go
against this "let's work together" shtick?

> "We have gotten good at minimizing your disruption, minimizing disruption
> and pain to your employees, and protecting your privacy and your legitimate
> concerns about competitive advantage. We will not share your data about
> employees or operations. We will have adult conversations constantly with
> you to tell you what we’re going to do with the information you give us, so
> that you can make risk-benefit decisions about what information to give us.
> We will not allow you to be blindsided, because we understand that if we do
> that, you’re not going to talk to us anymore...We need to make sure you
> understand how important it is to your competitive advantage to integrate
> the FBI into your risk-assessment plan. You spend a lot of time, no matter
> where your facility is, making sure the fire department has a basic
> understanding of the layout your building, so that in the event of a
> disaster they can save lives. I suggest you do the same with respect to your
> cyber threat and your risk-assessment plan." \- From [1]

This is absolutely nuts. Assuming they're even true about "minimizing your
disruption" \- which once they start they'll slam a gag order on you anyways
so you can't even cry wolf about their "disruption" \- the parallel to the
fire department is completely unfit. The FBI's interests are not aligned with
yours, he even admits as much in the article! Furthermore, the role of the
fire department, in the case of a fire, is to save as many lives as possible.
The FBI's role in response to an attack is to not save your data, nor is it to
save your business, it's to find and punish the actors responsible. The fire
department doesn't go after the arsonist, they're there for a fundamentally
different reason. Giving the FBI "backdoor" access is akin to letting the FBI
be the judge, jury, and executioner in your case.

> "We believe in the FBI that we need a conversation. If at the end of the day
> the American people say, “You know what, we’re okay with that portion of the
> room being dark. We’re okay with”—to use one example—“the FBI, in the first
> 10 months of this year, getting 5,000 devices from state and local law
> enforcement and asked for assistance in opening them, and in 650 of those
> devices being unable to open those devices.” That’s criminals not caught,
> that’s evidence not found, that’s sentences that are far, far shorter for
> pedophiles and others because judges can’t see the true scope of their
> activity." \- From [1]

That could also easily be 650 regular American citizens who've done nothing
wrong. The absence of evidence is not evidence, and this argument bears a
striking similarity to the "nothing to hide" argument.

[1]: [https://www.fbi.gov/news/speeches/the-fbis-approach-to-
the-c...](https://www.fbi.gov/news/speeches/the-fbis-approach-to-the-cyber-
threat)

~~~
kabdib
> > "First, we can reduce vulnerabilities. We in the government can equip you
> in the private sector to understand actors and cyber criminals and their
> techniques, their tactics, and their procedures."

They are worse than useless at this. They actually have very little to offer
in this area.

Just more lies and grandstanding.

~~~
phaus
There's a lot wrong with some of the things Comey said, but this simply isn't
true.

Its a pretty common occurrence for a large company to find out that they've
been hacked only when the FBI notifies them. There are small teams at the FBI
that have a ton of experience dealing with enterprise intrusions.

------
gragas
> The Sony attack was an attack aimed at free expression. It was the act of a
> bully looking to silence speech in the United States, and around the world,
> by intimidation and harassment, in that case, of Sony Pictures.

What? Can anyone provide me some concrete evidence that that's what the Sony
attack was about? In the Wikipedia article on the event, I found this
sentence:

> This followed a message that several Sony Pictures executives had received
> via email on the previous Friday, November 21; the message, coming from a
> group called "God'sApstls" [sic], demanded "monetary compensation" or
> otherwise, "Sony Pictures will be bombarded as a whole". [1]

The key phrase I see here is _monetary compensation_ , not _silence of speech
in the United States_. To me, Comey and the FBI (and of course the NSA, CIA,
etc.) have a history of stripping the rights of citizens to protect America.
Everything in this speech leads me to believe that that is continuing to
happen.

I just hope that the strategic footholds we gain are worth the costs we pay as
citizens.

1\. Seal, Mark (February 4, 2015). "An Exclusive Look at Sony's Hacking Saga".
Vanity Fair. Retrieved February 4, 2015.

~~~
lern_too_spel
An email to the Sony Pictures from the GoP said it was about The Interview,
which makes sense. It was the only movie that GoP obtained that they didn't
release. [http://money.cnn.com/2014/12/19/media/insde-sony-hack-
interv...](http://money.cnn.com/2014/12/19/media/insde-sony-hack-
interview/index.html)

------
faunzy
> We are not to bean bags and granola and a lot of white boards yet. But we’re
> working very hard at marching in that direction

[https://cdn.meme.am/instances/500x/71522909.jpg](https://cdn.meme.am/instances/500x/71522909.jpg)

------
electic
All he is doing is helping the "stack" win. With weaker encryption and weaker
security it puts the very thing he is trying to protect at further risk.

"Victory at the expense of the innocent, is no victory at all."

\-- King T'Chaka of Wakanda

------
corysama
It seems to me that be most bang-for-buck way the FBI could counter the cyber
threat is to contribute security reviews and patches to popular open-source
software. "Get paid full time to do security patches for Open Source" seems
like a good recruiting call as well.

In a round-about way, this letter indicates that they are doing some of that.
But, I'm not clear how much.

~~~
dimino
That's not their role, though. _Someone_ has to be actively tracking and
apprehending hacker groups operating within the US.

Sure, they can find and help fix holes, but the US needs a government
organization tracking cyber threats, and stopping them when they can.

------
JumpCrisscross
Do we have a better source than the "World Socialist Web Site"?

~~~
neffy
This is the actual text of his speech:

[https://www.fbi.gov/news/speeches/the-fbis-approach-to-
the-c...](https://www.fbi.gov/news/speeches/the-fbis-approach-to-the-cyber-
threat)

I must admit, I'm impressed the old stalinist organisations are still being
funded. That's almost making his point for him.

~~~
lern_too_spel
It's Trotskyist, not Stalinist, but yes, primary sources are preferred,
especially when they're short and self-contained as in this case.

~~~
neffy
I stand corrected, thanks. Is there any way to know where they're getting
their funding from? I poked around a little but couldn't find anything.

~~~
bobwaycott
The WSWS is published/funded by the ICFI, and appears to solicit and accept
public donations. Here's what Wikipedia has to say on the ICFI:

[https://en.m.wikipedia.org/wiki/International_Committee_of_t...](https://en.m.wikipedia.org/wiki/International_Committee_of_the_Fourth_International)

------
SolarNet
And this is the problem with choosing lesser evils.

~~~
jonlucc
The other option is to choose the greater evils, right? There's a choice to be
made: pick the lesser or greater evil.

~~~
SolarNet
No the other option is to pick a good option. Rather than accepting corruption
and cronyism.

