All or Nothing
The FBI most likely has every intention of keeping the master keys to our encrypted data safe, but the possibility they could leak is far too great. Microsoft demonstrated that brilliantly last month when it accidentally leaked the encryption key for the Windows Secure Boot feature, giving potential hackers what they need to bypass security measures designed to keep malware and spyware off user’s computers.
With that “golden key” in the wild, criminals, rogue governments, or hackers can code malware that appears legit to Windows.
Microsoft’s mishap was an egg on the face moment, but also shot down the FBI’s claim that companies could keep the backdoor keys and decrypt devices when requested by the government. Even Microsoft wasn’t able to keep its own keys secure.
Director Comey and the DOJ don’t seem willing—or aren’t concerned with—the binary nature of encryption: either you have it, or you don’t. Encryption where a third party has the means to decipher your data is encryption in name only because if someone else has the ability to decrypt your files, then encryption becomes little more than theater where it seems your data is secure.
The FBI argues, however, your data will be safe and encrypted—unless they really need to see it. That’s no consolation when major technology companies can’t prevent their encryption keys from leaking, and when the government thinks data is safe, secure, and private when third parties have government-mandated access to files and conversations.
Oh, Grow Up
Director Comey said next year, after the Presidential election, he plans to revisit the encryption back door discussion as an “adult conversation.” That sounds reasonable and mature on its face, but is actually painfully condescending to encryption and cryptology experts. The message Director Comey sent was that anyone who disagrees with the FBI’s encryption stance is foolish and irrational.
What Director Comey is either unwilling or unable to see is that the adult discussion already happened when the FBI pushed for a hackable iOS. The discussion even included a Congressional hearing where Director Comey, Apple’s general counsel Bruce Sewell, and other law enforcement and security experts testified.
The testimony distilled down to law enforcement saying tech companies can create encryption back doors so they should, and security experts saying if that happens the integrity and security of everything from private conversations to credit card transactions is lost.
Director Comey is really looking to craft a conversation that serves his purpose: crafting legislation or regulations requiring companies to ensure easy government access to private and encrypted data. Alternately, as Dave Hamilton posited on TMO’s Daily Observations podcast, Director Comey is orchestrating a scenario where the FBI backs down from the fight while he saves face.
Hopefully the Director is going for the latter. If not, we could face a scenario where U.S. based encryption tools are hackable, but those developed outside the country aren’t. That’ll be a hard blow to the technology industry, will put the U.S. at a competitive and political disadvantage, and drive people who want true encryption to use tools outside our government’s control. In the end, the people who will suffer are those the FBI claims it wants to protect.
Amen geoduck. That guy is a condescending jackass that has no respect for his citizen’s rights. Very Spiro Agnew-like. He’s a jacka$$.
I guess those warnings about slippery slopes when the government rammed the idea of seeing underneath our clothes at airport security fell on deaf ears. Now that they can see underneath our clothes, they figure why shouldn’t we be able to acess every citizen’s dearest, most private or intimate details on their phones, too?
I get it, they want to promise us absolute security. We need to tell them, “No thanks, just do your jobs as best you can. We know the world is dangerous.”
I think the scariest thing I get out of this is how a political party or a single politician could use this. Nixon would have a field day with this.
Why oh why can’t the FBI and it’s ilk get the message that as soon as it’s possible for the “good guys” to access encrypted data, the “bad guys” will know for certain that it’s possible to break the encryption too !
And anyway, as soon as the Gubbermint has the keys, the bad guys will just shift to a even less vulnerable mode of communication…
Look at how hard the US government found it to find Bin Laden after he went into hiding. AQ shifted their communications setup very far away from their leadership geographically and used couriers.
And if the “baddies” shift to a book cipher style system then their comms are just as unreadable.
I find few things as offensive as a politician that says “It’s time for an adult conversation.” It’s patronizing. It’s condescending. It’s insulting. We’ve had an “adult conversation” and you lost. Politicians use this line when they don’t agree with either facts or the democratic process. This shows a shocking lack of respect, a massive amount of narcissism, and almost sociopathic thought processes. It’s something akin to Godwin’s law. As soon as a politician uses “adult conversation”, or “adults sort this out”, or “grownup conversation” the discussion stops. The politician has shown they have no respect for, and will jot listen to, anyone that disagrees with them. Said politician should by default lose their position and be bared from holding political or government office at any level forever. That said, I remember the history of domestic spying in the US. Remember Carnivore? Remember how people had a fit when the FBI’s spying program was leaked. Remember how the government promised to not use it or do anything like it? Remember how they went ahead and spied on every one anyway and with tools far more damaging?
Yeah, I’m not too hopeful. The Oligarchy wants this and they get what they want..