back to article FBI Director wants 'adult conversation' about backdooring encryption

FBI Director James Comey is gathering evidence so that in 2017 America can have an "adult" conversation about breaking encryption to make crimefighters' lives easier. Speaking at Tuesday's 2016 Symantec Government Symposium in Washington, Comey banged on about his obsession with strong cryptography causing criminals to "go …

Page:

  1. Gray
    Holmes

    Disregard for consequences

    Comey really doesn't care; his personal view demands "open doors" to police investigations. All else is secondary. Should the worst happen, and criminal elements obtain the keys, he'll simply go after those "lawbreakers" while demanding an expansion of resources. The man is typical of law enforcement officials in the US: single-minded, uncompromising, and totally unyielding.

    1. Someone Else Silver badge
      Holmes

      Re: Disregard for consequences

      ...and dumber than a sack of hair.

    2. Dazed and Confused Silver badge

      Re: Disregard for consequences

      Since he's clearly off in La La land, wanting a law passed to make it mathematically possible to have 3 key encryption systems where it is impossible for anyone except the FBI to ever find the third key. Why doesn't he just press to have a law passed that would force all law breakers to immediately hand themselves over to the nearest law enformance agancy. If the member of the public is unsure where they've transgressed some law, then they should no doubt have to hand themselves over anyway and probably pay for a lawyer to find out what law they have a trangressed so that they can be prosecuted.

    3. Anonymous Blowhard

      Re: Disregard for consequences

      "The man is typical of law enforcement officials in the US: single-minded, uncompromising, and totally unyielding"

      Sounds like a toddler, not an adult...

      1. Michael H.F. Wilkinson Silver badge
        Facepalm

        Re: Disregard for consequences

        The Farce is strong in this one.

        If the FBI wants a back door, so will every other national bureau of spooks. I cannot imagine the FSB wanting to share a back door with the FBI or NSA. As the number of available back doors rises, the chances of blackhats getting in would asymptotically approach 100% rapidly. Even then criminals could roll their own encryption quite readily (one time pad anyone? I have said it before, will keep on saying it).

        Of course if he is really honest (yeah right) about having an adult conversation, he should then also actually listen to what experts have to say. I am not holding my breath

        1. VinceH Silver badge

          Re: Disregard for consequences

          I can't help but think his comment about wanting an adult conversation is because he saw the use of the term 'magical thinking' as a childish insult.

        2. WaveyDavey

          Re: Disregard for consequences

          There's be that many back doors it would look like a Menger Sponge !

          1. Triggerfish

            Re: Disregard for consequences

            Reminds me of this.

            https://en.wikipedia.org/wiki/Indiana_Pi_Bill

            1. flayman

              Re: Disregard for consequences

              It's more like the climate change debate, only with much less room for argument or interpretation. What cannot be done cannot be done. The FBI ought to put together a team of mathematicians and engineers to attempt to solve this conundrum themselves since they seem to think everyone else is just stonewalling and bamboozling.

        3. DropBear Silver badge

          Re: Disregard for consequences

          "Of course if he is really honest (yeah right) about having an adult conversation, he should then also actually listen to what experts have to say."

          Oh nonono, I think you misunderstand - I reckon he means "adult conversation" in the "now listen missy, as long as you live in this house..." sense.

    4. kmac499

      Re: Disregard for consequences

      It's the American attitude to the "Rule of Law". It's not that law is in place to organise and regulate a civil society, but the Law is in place to protect 'Me' from all the wrong doers out there and ensure 'MY' personal rights and freedoms come what may.. Hence the knee jerk reaction to litigation when anyone feels wronged, and raining retribution on the offender totally disproportionate to the original offence. (e.g. the multi-million dollar law suit from a lady spilling unexpectedly hot coffee she had jjust bought in her lap .)

      Consequently anyone charged with enforcing the Law has a sense of almost divine right to do whatever they see fit,

      Might I suggest the FBI and friends turn their investagatory powers onto the guys who ran the mortgage fraud of the 2000's triggering the financial crash. I'm sure there will be some juicy emails to find.

    5. Smedley54

      Re: Disregard for consequences

      Be fair, Mr. Gray! Single minded police types are everywhere, so calling it a uniquely American trait is near sighted. Otherwise I agree; my adult conversation on this is "The answer is still no, and if you ask again I'll send you to your room."

  2. heyrick Silver badge

    And will the FBI...

    ...be willing to lead the way by switching all of their systems to use this wonderful "backdoor friendly" crypto?

    I doubt it.

    So if it isn't good enough for them, it's definitely not even remotely useful for us.

    1. Prst. V.Jeltz Silver badge
      Facepalm

      Re: And will the FBI...

      Well the first thing that occurred to me is that the only flaw I can see in his plan , (apart from the minefield and privacy and freedom issues) is - how do they get the criminals on board to use this new compromised system .

      I aint no criminal mastermind , but if it was me I'd stick with on older , no-holes-in-it system.

  3. Oengus Silver badge
    Thumb Up

    Two thumbs up for the sub-heading

    How about f**k off, is that adult enough?

    I wish I could give two thumbs up to the sub-heading. (Icon for the sub-heading not Comey)

    When will these agencies stop action like a spoiled 6 year old prat and start behaving like adults.

    I worry that the next 'merkan president will be sympathetic towards these agencies and support the backdooring.

    1. Chris G Silver badge

      Re: Two thumbs up for the sub-heading

      Exactly my thoughts

    2. Mage Silver badge

      Re: sympathetic towards these agencies and support the backdooring.

      It would just be the death of any USA related products that use encryption outside the USA.

      All USA commerce etc would be open season for other Governments and criminals and terrorists.

      Either he's totally deluded about how security and encryption works or this is about something else, noise, a distraction.

      If the FBI has a backdoor, then sooner rather than later every script kiddie in the world will have it too.

      1. Ole Juul Silver badge

        Re: sympathetic towards these agencies and support the backdooring.

        "Either he's totally deluded about how security and encryption works or this is about something else, noise, a distraction"

        I don't think he's stupid. I think he is just totally into law enforcement. The more people break the law, the better for him - he gets to do his thing and get paid for it. One could be tempted to call that evil.

      2. Anonymous Coward
        Anonymous Coward

        Re: sympathetic towards these agencies and support the backdooring.

        @Mage

        I wonder if that's not at least part of the point. The way the US and other developed nations are allowing their own economies to be destroyed by globalization nothing would surprise me.

      3. Black Betty

        Re: sooner rather than later.

        However soon it fell into the hands of script kiddies, a halfway credible rumour of the existence of such a key would have half of all competent black hats in the world hammering the FBI servers into scrap iron via the TCP/IP ports.

    3. Sitch

      Re: Two thumbs up for the sub-heading

      We should be worried about the next president, they will get to select up to 4 SCOTUS appointments.

      We should be very worried, and if you own any guns extra double plus good worried.

    4. Medixstiff

      Re: Two thumbs up for the sub-heading

      "I worry that the next 'merkan president will be sympathetic towards these agencies and support the backdooring."

      Huawei would be absolutely laughing their butt's off, it would be like all their dreams had come at once, considering how the US had a go at them but never provided any proof.

      1. Yet Another Anonymous coward Silver badge

        Re: Two thumbs up for the sub-heading

        "I worry that the next 'merkan president will be sympathetic towards these agencies and support the backdooring."

        Yep the next president is going to be REALLY sympathetic toward the FBI having free access to her communications.

    5. davidak

      Re: Two thumbs up for the sub-heading

      I worry that the current UK prime minister IS sympathetic towards these agencies and supports backdooring.

    6. heyrick Silver badge

      Re: Two thumbs up for the sub-heading

      Oengus' comment. One lonely downvote. Alright, own up, which one of you is the spook?

      1. IT Poser

        which one of you is the spook?

        Just use the backdoor to pop into their system and take a look. The only problem is finding the right house so you should probably check them all just to be safe.

      2. Anonymous Coward
        Anonymous Coward

        Re: Alright, own up, which one of you is the spook?

        Me.

    7. julian_n

      Re: Two thumbs up for the sub-heading

      Remember, this is the guy who has decided not to recommend prosecuting Clinton over her e-mail server. She owes him big time.

  4. The_Idiot

    Mr Comey's position...

    ... appears to be simple.

    1: What is required is an adult conversation.

    2: I am clearly an adult, therefore my conversations must also be adult, by definition.

    3: Those who agree with me are therefore also clearly adults, and should be permitted to take part in the conversation.

    4: Those who disagree with my adult conversation must clearly not be adults and must be excluded from discussing the matter.

    5: After discussing the matter in an adult conversation, all participants will agree I am right, and therefore tech companies will stop being difficult and volountarily recognise the will of the adult majority.

    6: Study of mathematics will be made a felony, so as to ensure the tech companies cannot waste adults' time with childish excuses.

    Sigh... I hope I'm kidding...

    1. moiety

      Re: Mr Comey's position...

      We've already had the adult conversation:

      "No, Little Jimmy, you can't have it because it's impossible to do safely. A backdoor would inevitably leak, causing catastrophic amounts of damage"

      "But...but...I WAAAAAAAAAAAAAAAAAAAAAAAAANT IT!" *holds breath*

      1. Adam 52 Silver badge

        Re: Mr Comey's position...

        *One* possible solution to his problem is impossible. There are others - a master key, for example, that are possible but unlikely to survive for long.

        There are yet more - multiple keys, one held by each of the branches of government - that might be more practical. Or a real-time key generation and revoke mechanism. Or a hybrid solution where the master key for a person is on hardware in their possession, so the Police need physical access.

        There are multiple ways to reach a compromise, if both sides want to have an adult conversation. It sounds like the Reg readership don't want an adult conversation though.

        By the way, there was a vulnerable person over the weekend. He's been lured into sending his life savings to some Internet scammers and was in the process of connecting up his car exhaust to the car window when found (the scammers had given him instructions on the best way to get an air tight seal). There is no chance that those scammers will ever be caught, and chances are that eventually they'll be successful in killing off one of their victims.

        Law enforcement see issues like this one, and then they see the tech industry going "la la, we don't care". And they get angry, as would you if you'd just seen someone killed and people actively refused to help you find out who did it.

        Solving the problem above doesn't involve anyone having my PGP key and doesn't involve mass surveillance, but does involve some way of tracing communications with an effective judicial oversight.

        1. Bogle
          FAIL

          Re: Mr Comey's position...

          "By the way, there was a vulnerable person over the weekend"

          I call BS. As Wikipedia likes it, "Citation needed". Or perhaps XKCD: https://xkcd.com/285/

          1. Adam 52 Silver badge

            Re: Mr Comey's position...

            "Citation needed"

            You won't get one. Not until there's a death and an inquest, and even then you probably won't because inquest verdicts aren't that detailed. And that's good, the last thing a vulnerable person needs is

            random commentards interfering in their life. It's called "privacy".

            If you think you live in a world where there are no Internet criminals, well you must be very blinkered.

            Try Googling "suicide pact", you think everyone there is innocent?, Nobody posing as a 16 yr old girl for kicks? Then you are too naive.

            Or do a volunteer stint for a mental health charity? Just don't think that playing at being a Special gives you any experience, because it doesn't.

            You won't, of course, because uninformed opinion on a forum is a much happier place to be than informed, real-world experience. The world is a nasty place. Doesn't mean you should roll over and do whatever the FBI say, but does mean you should listen to what they have to say because they are massively more informed than you.

            1. Triggerfish

              Re: Mr Comey's position...@Adam52

              Perfectly aware world is a nasty place, was before internet as well, but your arguements are starting along the lines of think of the children.

              Also for uniformed opinion you should realise there are more than a few poster on here with a very level of knowledge etc, if people are saying backdoor encryption is not mathematically possible maybe it isn't for real reasons rather than just people being commentards.

              PS I admire your complete faith in the goverment knowing what they are doing. Or trusting they are always doing things in your interest.

            2. Anonymous Coward
              Anonymous Coward

              @Adam 52

              "Citation needed"

              You won't get one. Not until there's a death and an inquest, and even then you probably won't because inquest verdicts aren't that detailed. And that's good, the last thing a vulnerable person needs is

              random commentards interfering in their life. It's called "privacy".

              If you think you live in a world where there are no Internet criminals, well you must be very blinkered.

              Try Googling "suicide pact", you think everyone there is innocent?, Nobody posing as a 16 yr old girl for kicks? Then you are too naive.

              Whoaaaa, dude!

              You've been drinking too much antifreeze.

              And that's good, the last thing a vulnerable person needs is

              random commentards interfering in their life. It's called "privacy".

              Oh, so this "vulnerable person" was someone who reads the El Reg comments?

              By the way, there was a vulnerable person over the weekend

              So... how did you hear about this?

              what's your massive interest in suicide?

              oh, wait, 2+2 = YOU are the one who was conned into killing yourself!

              1. John Smith 19 Gold badge
                Unhappy

                Re: @AC

                "oh, wait, 2+2 = YOU are the one who was conned into killing yourself!"

                Hmmm.

                Would explain the facts.

                A deep faith in the idea that a government agency will always operate within the law and never harass citizens does suggest someone with a limited ability for critical thinking or to do their own research.

            3. flayman

              Re: Mr Comey's position...

              random commentards interfering in their life. It's called "privacy".

              If you think you live in a world where there are no Internet criminals, well you must be very blinkered.

              What a complete load of b0ll0cks! Of course there are loads of internet criminals and all kinds of other criminals. Sometimes they are caught, other times not. You can't prevent all incidents of crime. People need to take steps to protect themselves. I wouldn't want to live in a society where government could detect any crime as it was about to happen and every criminal suspect was successfully prosecuted. I wouldn't want to live in a society where law enforcement could easily trawl back through time for any "evidence" of guilt it can dig up on a suspect. Your turning the conversation back to the protection of privacy is just laughable. We should listen to the FBI when they say there has to be a way to provide law enforcement the ability to crack any encrypted data it finds without a systemic security compromise? No. They are not informed. Commentard.

        2. Pascal Monett Silver badge

          @Adam 52

          "multiple keys, one held by each of the branches of government"

          My dear sir, do you realize just how daft such a proposition is from a security point of view ? Do you really think that one key per branch of government is not going to leak from at least one of them, by stupidity, oversight, forgetfulness or any combination thereof, in less time than a hacker needs to code a Hello World hack ?

          1. Tony Haines

            Re: @Adam 52

            "Do you really think that one key per branch of government is not going to leak from at least one of them, by stupidity, oversight, forgetfulness or any combination thereof, in less time than a hacker needs to code a Hello World hack ?"

            As I understood it, the suggestion was that they'd *all* have to leak.

            However, I think that still asymptotically approaches certainty, but with a longer half-life.

            There clearly are other approaches to the 'ultimate skeleton key' we all hate. Giving everyone their own personal (backdoor) key would be a good start. That would reduce the risk of a single catastrophic leak because you could keep the list in a nice air-gapped system, and only export data by printout, or something like that.

            Still not a good idea, of course, but if we're being adults we ought to consider all the options, not just the stupidest one.

            Another idea is the 'partial key' method. If the gov. only has part of the key, they could break encryption with less (but still significant) computational effort, but not read everything all the time.

            1. moiety

              Re: @Adam 52

              There are multiple ways to reach a compromise, if both sides want to have an adult conversation. It sounds like the Reg readership don't want an adult conversation though.

              Sorry, no. If a universal escrow key exists, it *WILL* leak; thus rendering the covered communications insecure. Remember OPM? If a universal escrow key were to exist it would 1) Tank your IT industry (and ohers) in short order and 2) Become the most valuable target for every hacker, domestic and foreign. Can you imagine what bribes would be on offer for such a valuable object? I would be genuinely surprised if it lasted a week.

              Your other suggestions are just variations on a theme and would not address the basic flaw. You cannot have 3rd party access and secure communications simultaneously. It is not possible. The very concept assumes that law enforcement authorities are 100% incorruptible and trustworthy; which -frankly- I dispute. For a start, the people who are meant to be upholding the law would be breaking it (to whit: the "unreasonable search and seizure" and "right to not incriminate oneself" parts of the Constitution before we even start getting technical). You cannot have it. Deal with it.

              I fail to see what your unnamed, unverified victim strawman has to do with encryption. The "victim" would have no reason not to decrypt his side of proceedings for the police; and the IP addresses and relevant metadata would be available anyway.

        3. The_Idiot

          Re: Mr Comey's position...

          @Adam 52

          "There are multiple ways to reach a compromise, if both sides want to have an adult conversation. It sounds like the Reg readership don't want an adult conversation though."

          There are indeed 'multiple ways to reach a compromise', if the 'compromise' is in fact a compromised and inherently flawed system of cryptography.

          Unfortunately (at least in my view) for anyone who holds such an opinion, mathematics is, to the best of my knowledge, not a matter of opinion.

          It is true that all cryptographic systems (at least all of them to date) can be broken, often through unknown or undetected flaws in implementation. It is also mathematically true that the more ways you deliberately and knowingly introduce to allow them to be broken in a pre-determined and known fashion, the more likely it is people you didn't intend them to be broken by will....

          OK. I give in. Have it your way, sir. Let all 'acceptable' forms of encryption end up as the equivalent of ROT13. What could possibly go wrong, right?

          Grump.

          Whimper.

          Shivers...

        4. noboard

          Re: Mr Comey's position...

          Someone being scammed over the internet, fair enough. Scammers teaching people the best techniques for committing suicide is much harder to swallow. Once they have the money they don't hang around to give after care to their victims.

        5. flayman

          Re: Mr Comey's position...

          It just can't be done. I'm sorry. If an escrow key exists then you can't call it strong encryption. And you can't demand that all online services that use encryption require permanent keys on hardware unless all online services operate within your jurisdiction. They don't. United States law does not apply across the entire world. Even if it did, guess what? Criminals would simply use covert services to communicate. The encrypted traffic would be routed around the globe and impossible to track or break. Something like the Tor browser for example would probably become illegal in the US and anyone anywhere accessing a US resource through it would be committing a crime punishable by the CFAA. That would be a great shame and send a terrible message around the world to where people really rely on such tools to browse the web freely and anonymously. It's not that the tech companies don't care about crimes being committed with their products and services. They just know that to backdoor their systems would be to throw out the baby with the bathwater so to speak. Their customers would be the ones to suffer from the increased risk; therefore, overseas competitors would gain an advantage. The FBI needs to appreciate that two people communicating with encryption are like two people communicating in hushed whispers inside a Faraday cage. They can't tap into that either.

        6. John Smith 19 Gold badge
          Unhappy

          By the way, there was a vulnerable person over the weekend.

          He's been lured into sending his life savings to some Internet scammers and was in the process of connecting up his car exhaust to the car window when found (the scammers had given him instructions on the best way to get an air tight seal). There is no chance that those scammers will ever be caught, and chances are that eventually they'll be successful in killing off one of their victims.

          Where was this reported? Where did it happen? Who said it was an internet scammer? Who told you about it?

          Here we like our information to be a bit more, what's the word, informative. Not something that sounds like a more verbose section from a Donald Trump campaign rally.

        7. Anonymous Coward
          Anonymous Coward

          Re: Mr Comey's position...

          There are multiple ways to reach a compromise, if both sides want to have an adult conversation. It sounds like the Reg readership don't want an adult conversation though.

          f**k off

      2. Sealand

        Re: Mr Comey's position...

        As an acquaintance (who's actually a doctor) once said about such a tantrum: "Just let him hold his breath. When he passes out, he'll start breathing again."

    2. Teiwaz Silver badge

      Re: Mr Comey's position...

      Hmm, I've had bosses a little like that....

      1. John Smith 19 Gold badge
        Unhappy

        "Hmm, I've had bosses a little like that...."

        Haven't most of us?

        I call it "aspirational management"

        Where they tell us what the what they want done despite all evidence and past experience demonstrating it can't be done and offering no actual new plan as to how it can be done.

  5. C0p3n

    Feels ...?

    "Americans do have the right to a measure of privacy in their own homes, cars, or on their electronic devices, he said. But the government also has the right to invade that privacy when law enforcement feels it has probable cause."

    How about when law enforcement KNOWS they have probable cause? Feels sounds kinda .. I dunno .. uncertain? Maybe it's just me .....

    1. Doctor Syntax Silver badge

      Re: Feels ...?

      "How about when law enforcement KNOWS they have probable cause?"

      Even better: when law enforcement has sufficiently clear cause to obtain a search warrant.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019