back to article FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'

FBI Director Christopher Wray has picked up where he left off last year with a new call for backdoors in encryption exclusively for law enforcement. Speaking at the International Conference on Cyber Security in New York today, Wray complained that in the past year the Feds have seized 7,775 devices that they can't unlock and …

Page:

  1. Bill M

    1234

    For Donald's phone have they tried 1234 to get in ? There again maybe he can't count that high so maybe try 1212.

    1. TheVogon Silver badge

      Re: 1234

      "Wray complained that in the past year the Feds have seized 7,775 devices that they can't unlock and decrypt"

      Good, good.

    2. wolfetone Silver badge

      Re: 1234

      "There again maybe he can't count that high so maybe try 1212."

      You dummy.

      He obviously uses 0000.

      1. cosmogoblin

        Re: 1234

        You honestly think he has the attention span to type a four-digit code every time he tweets?

        1. Gordon 10 Silver badge

          Re: 1234

          You fools! Its obviously covfefe

    3. Uncle Slacky Silver badge
      Stop

      Re: 1234

      Maybe (in honour of President Skroob) the combination is "12345"?

      1. davidp231

        Re: 1234

        "That's the stupidest combination I ever heard in my life! It's the sort of thing an idiot would use on his luggage." - Dark Helmet

        <later>

        "That reminds me, I must change the combination on my luggage." - President Skroob

        Hail Skroob! (and still a better alternative to the incumbent).

  2. hellwig Silver badge

    8000 Devices?

    So we're looking at possibly 8000 9/11s? 8 kilo-9/11s? Shoot, is there a El Reg unit to cover this sort of potential catastrophe?

    1. K.o.R

      Re: 8000 Devices?

      You don't mean...?

      Yes. Seven million, two hundred and eighty-eight thousand.

      1. Big John Silver badge

        Re: 8000 Devices?

        To get at those 8000 devices they want to permanently compromise the privacy of around 200,000,000 of their fellow citizens. Yeah right.

        1. John Smith 19 Gold badge
          Gimp

          they want to permanently compromise the privacy of around 200,000,000 of..fellow citizens.

          FTFY.

          The rhetoric is always about protecting Joe Public from the menace of terrorists/drugdealers/moneylaunderers/paedophiles but the real agenda is always

          "Give me six lines from an honest man and I'll find something with which to hang him."

          Being able to do warrantless trawls through all the data the NSA has slurped has been real good for the FBI but it's a bit unfocused.

          Data fetishism. It's not a sane policy. It's a personality disorder

          1. Antron Argaiv Silver badge
            Big Brother

            Re: they want to permanently compromise the privacy of around 200,000,000 of..fellow citizens.

            ...and the FBI would *never* exaggerate the threat in order to get authority to snoop, would it?

            Because that would be unethical, if not illegal.

            // 1984, here we come!

        2. Charlie Clark Silver badge

          Re: 8000 Devices?

          200,000,000 of their fellow citizens

          The US passed 300 million several years ago: https://www.census.gov/popclock/

          Or do you think that over a third of the population doesn't deserver constitutional rights?

          1. Big John Silver badge

            Re: 8000 Devices?

            Um, I kind of assumed there would be children and mimes without phones.

            1. Ralph the Wonder Llama
              Coat

              Re: 8000 Devices?

              Mimes have phones - they just use FaceMime.

        3. Warm Braw Silver badge

          Re: 8000 Devices?

          they want to permanently compromise the privacy of around 200,000,000 of their fellow citizens

          They've already done that through mass data collection of data in transit - and most of their fellow citizens seem fine with that. They want to build on that precedent while they (think they) can.

          1. Sir Runcible Spoon Silver badge

            Re: 8000 Devices?

            Has anyone tried to tell them that it's their own fault and that they were warned (by the very community that is so well represented here on El Reg).

            If you break the public's trust and slurp all the data you can, expect people to get pissed off and take up measures to counteract it. It's human nature - or are they going to legislate against that next?

            1. Voyna i Mor Silver badge

              Re: 8000 Devices?

              "It's human nature - or are they going to legislate against that next?"

              Well, the Soviet Union tried it, and it has been said that the US will try, at least once, every possible bad idea. Come to think of it, they tried Prohibition. So there is precedent.

        4. FIA

          Re: 8000 Devices?

          To get at those 8000 devices they want to permanently compromise the privacy of around 200,000,000 of their fellow citizens. Yeah right.

          There's more people in the world than that.

          Although I suppose over time the rest of the world would just move to non US backdoored encryption systems.

          Good job all those terrorists people are so worried about aren't foreign.

        5. MachDiamond Silver badge

          Re: 8000 Devices?

          Think billions of people. The US will force the backdoors on every other country by making it a requirement during trade negotiations. It's the same thing they did via FACTA and the banking system.

  3. Adrian 4 Silver badge
    Holmes

    Quis custodiet ipsos custodes?

    Just as long as the FBI and politicians phones have a backdoor for the community.

    After all we elected / employ them, so it's up to us to keep them honest.

    1. Ian Michael Gumby Silver badge
      Big Brother

      @Adrian 4 Re: Quis custodiet ipsos custodes?

      If you haven't been paying attention, there is this thing called the official records Act. That is to say all work products and communication by Federal Employees must be retained and readable.

      In the CFPA (I think that's the acronym) there's a group calling themselves Dumbledoor's ?sp? Army. Where they have downloaded encryption apps and what not. (You can find out more by googling.)

      Those individuals should be terminated because by law everything they do should be review-able.

      As to this... tell them to punt. They put a backdoor in... a year or two later, someone pilfers the NSA/CIA and poof, those hacks are out.

      Not to mention with all of the news of the level of corruption within the DoJ and FBI... fuggitabout it.

      1. Sir Runcible Spoon Silver badge

        Re: @Adrian 4 Quis custodiet ipsos custodes?

        That is to say all work products and communication by Federal Employees must be retained and readable.

        Until it's all accidentally deleted, along with the backups, across several locations - all at once.

        1. MachDiamond Silver badge

          Re: @Adrian 4 Quis custodiet ipsos custodes?

          "Until it's all accidentally deleted, along with the backups, across several locations - all at once."

          It was all backed up on a server at the Clinton's home in NY until that fire they just had.

    2. Antron Argaiv Silver badge
      FAIL

      Re: Quis custodiet ipsos custodes?

      After all we elected / employ them, so it's up to us to keep them honest.

      We're trying, but it hasn't worked out so well. It seems "we" have a large proportion of fools amongst us.

  4. Aynon Yuser

    Maybe they just wanna see a criminals dick pics

    1. phuzz Silver badge

      I think all you have to do is be publicly female on the internet and the dick pics will come to you.

  5. NoneSuch
    Coffee/keyboard

    911 x 8,000... Sorry. World Police reference.

    That number should be 8,000,000,000

  6. asdf Silver badge

    get stuffed FBI

    Considering how little regard law enforcement and the executive branch (all branches) actually have for the fourth amendment hard to have much sympathy. Any backdoor would get abused in the name of the War On (insert flavor the times) even if requiring a warrant initially.

    1. Blank Reg Silver badge

      Re: get stuffed FBI

      And when criminals also figure out the back door I'm sure the government will be glad to compensate everyone for any loses and/or embarrassment due to their ridiculous requirement.

      1. bombastic bob Silver badge
        FAIL

        Re: get stuffed FBI

        "And when criminals also figure out the back door"

        that's always the only SANE conclusion anyone can come up with.

        Not only that, but THE CRIMINALS will ALWAYS have their:

        a) illegal encryption

        b) illegal servers

        c) illegal weapons

        d) illegal whatever

        because they, by definition, do NOT obey the laws that regular people are forced to live under.

        Back door effect on fightingcrime: ***Z E R O ***

        Back door effect on personal security: *** H U G E ***

        say buh-bye to intarweb commerce if a back door evar becomes mandatory. That's like a universal skeleton key to every lock.

    2. veti Silver badge

      Re: get stuffed FBI

      The 4th amendment explicitly allows the executive branch to help itself to your papers and effects, provided it gets the assent of the judicial branch first. We're not talking here about J Edgar'ing up internet traffic, we're talking about unlocking devices that have been physically seized by the Feds, but are locked down in such a way that they cannot reasonably exercise their constitutional rights.

      Call me a heretic, but I don't see quite what the fuss is about. A backdoor that requires intrusive physical access to the hardware - would not compromise your constitutional rights.

      1. Big John Silver badge

        Re: get stuffed FBI

        So, what if a bad guy steals your phone? He's got physical access too.

        1. veti Silver badge

          Re: get stuffed FBI

          So, what if a bad guy steals your phone? He's got physical access too.

          Then that bad guy has (potential) access to your stuff, obviously. How is that different from him stealing your wallet?

          The point is that in that scenario, you know your phone has been stolen, and from that point you should assume the clock is ticking, and it's only a matter of time before everything on it is available to whoever has it. You should take countermeasures. No different from cancelling your credit cards when you lose your wallet.

          Not a heretic just completely missing the point of compromising encryption.

          No, I understand that. But for a long time, every security advisor would have told you "when the enemy has physical access to your hardware, and unlimited time in which to operate - it's over. There is no defence from that position." As I see it, that's an inherent limitation in digital encryption, it's one I've always taken for granted.

          Mind you, I also assume that if the NSA really wants to read the contents of my phone or hard drive, they can. Which is why I don't keep my plans for world domination on either of them. That's just common sense, IMO.

          So...your position is that we should just trust the government to do what's right and legal?

          No, my position is that the feds have a difficult job to do, and you should assume they will use every means to make it easier. That includes legal, technical and political means. If you don't give ground and meet them at some point, then they will press for more and more intrusive tools and rights, and they will get them, because politicians will see - correctly or not - that you are the ones who are being unreasonable.

          If you don't give them an inch, they will take a mile.

          1. Michael Thibault

            Re: get stuffed FBI

            "Which is why I don't keep my plans for world domination on either of them. That's just common sense, IMO."

            Thanks for the tip.

        2. MachDiamond Silver badge

          Re: get stuffed FBI

          "So, what if a bad guy steals your phone? He's got physical access too."

          What happens if a bad guy steals your phone and the police collar him a little later and now they have your phone?

          Let's say you are 17 (of any gender) and have some intimate photos of your 16yo girlfriend on the phone that you have encrypted so your mates or parents don't find them. Ever thought about a career as a registered sex offender?

      2. Anonymous Coward
        Anonymous Coward

        Re: get stuffed FBI

        Not a heretic just completely missing the point of compromising encryption. It’s all or nothing, there’s no intermediate point that will actually work to both allow entry to kaw enforcement whilst keeping out the crooks, that’s the whole point being made by the experts here and elsewhere.

      3. Charlie Clark Silver badge

        Re: get stuffed FBI

        The 4th amendment explicitly allows the executive branch to help itself to your papers and effects

        Sure, but another amendment means that people cannot be compelled to provide passwords.

        It's a side-show: want to catch crooks then do normal police work and following the money is a good way to start.

        1. Adam 52 Silver badge

          Re: get stuffed FBI

          "Sure, but another amendment means that people cannot be compelled to provide passwords."

          Seems to be in dispute, as a not very nice man in Florida knows.

      4. Antron Argaiv Silver badge
        WTF?

        Re: get stuffed FBI

        ...We're not talking here about J Edgar'ing up internet traffic...

        No, that's already being done by another agency...

        https://en.wikipedia.org/wiki/Room_641A

        Call me a heretic, but I don't see quite what the fuss is about. A backdoor that requires intrusive physical access to the hardware - would not compromise your constitutional rights.

        So...your position is that we should just trust the government to do what's right and legal?

        Yeah. That hasn't worked out so well in the past, has it?

      5. Jeffrey Nonken Silver badge

        Re: get stuffed FBI

        I want a bullet that only hurts bad guys.

        And that's the problem with this. Somebody will reverse engineer it or the police will leak the Sekret Key* or probably both. Insecure is insecure is insecure no matter HOW many people you trust with the key to your house.

        Or to abuse another analogy, having slightly compromised encryption is like being slightly pregnant.

        *It only takes ONE LEAK. There are MILLIONS OF POLICE. Do you trust all of them? And that's just the police.

        1. Eddy Ito Silver badge

          Re: get stuffed FBI

          Reverse engineer the secret key? Nah, nobody will have to do that. All they'll have to do is file a FOIA request and the DOJ will likely hand them the key. It will be redacted of course but done wrong, like this:

          ... Hush, don't tell anyone, the secret key is "password12345"

      6. shaunhw

        Re: get stuffed FBI

        veti wrote:

        "

        Call me a heretic, but I don't see quite what the fuss is about. A backdoor that requires intrusive physical access to the hardware - would not compromise your constitutional rights.

        "

        Not a heretic, you're someone just asking what is impossible to keep secure. This isn't just because of mathematics and the current state of the art, it's really because of human beings.

        Anything like this would be broken in a few years or even matter of months IMHO. Even if it was cryptographically secure, for example a big RSA key, the public half being distributed to be contained in all encryption software, intended to save RSA encrypted packets (of encryption user encryption keys) with the public key, and the private counterpart known only to whatever government authority, some kind person (or perhaps one bribed with enough money / had his family threatened etc.) would surely leak that private component sooner or later. Then the scheme is completely useless.

        Just like todays 1080 HDCP video content protection scheme now completely broken, which might as well not be there at all.

        The master key was leaked, reversed, or got out somehow.

        It would be EASY to implement something like a big RSA key in theory, at least for the foreseeable future. But it relies on human beings to keep it secure which would NEVER happen, or could never be trusted. Also such keys would be subject to the biggest attack in history I'm sure.

        If any government wants such a scheme they should develop it, and first prove beyond all doubt to the world that it really is completely secure beyond question, Even if every bit of information was leaked out somehow. But if they could access the data, then so could someone else.

        There lies the impossibility of it. I am sure if it wasn't and there was a way everyone, save for the bad guys would be in full support.

        Any ideas ?

        Remember they couldn't even secure their own systems with basic methods, and instead blamed people like Gary McKinnon for exposing that incompetency. Would anyone really trust them to be the gatekeeper for the whole country ? They shouldn't blame others such as the designers of crypto systems for something they clearly cannot do themselves.

        The whole crypto community including the most eminent of mathematicians have told them it is not possible. They should perhaps think about believing them, at least for now.

        Crypto Security is about information. Something you have (which then contains the required information), or something you know. In that case your brain contains the needed information. As secure as it gets with a properly designed system, at least for now.

        1. MachDiamond Silver badge

          Re: get stuffed FBI

          "Call me a heretic, but I don't see quite what the fuss is about. A backdoor that requires intrusive physical access to the hardware - would not compromise your constitutional rights."

          Let's say you are being detained by the police because you match the description of somebody that just assaulted somebody in the area. You are handcuffed, you pockets are emptied and you are sat in the police car or on the curb. Now the police have physical access to your phone since they are highly unlikely to let you hang on to it while they try to determine if you are the person they are looking for. Maybe they want to plug your phone into a little device they have that copies and decrypts the contents "just to verify that you are who you say your are".

          Physical access to desktop computer or a server is much more difficult than a mobile device that, by it's very nature, is small and moves around a lot. Phones are also easily stolen since people set them on tables when they are sat down for lunch or a pint and look away since it's sooooo unstylish to have a belt pouch to put it in when wearing tight trousers. As a side note, I find it interesting that women that are on the top heavy side will sometimes store their phone front and center. Physical access to phones is not hard. I could write a crime novel with ways of grabbing phones of targets in all sorts of ways.

      7. MachDiamond Silver badge

        Re: get stuffed FBI

        Veti, the assumed fiction of the US Constitution does't have a "they" (government). The government is "of the people, by the people, for the people". There is nothing in that concept that hands "rights" to FBI.

        The lazy bastards need to go back to investigations 101 and get away from trolling for all of their evidence on electronic devices. I can only see data on an electronic device as absolutely required for Thought crimes. Every other sort of crimes has a transfer of wealth or a physical aspect to it.

        There is no such thing as a perfect justice system and the founding fathers of the US understood that and built a framework that puts the onus on the government to develop a case against somebody that can hold up in court and has to done within a structure of rules. The other way around is someplace like Mexico where they have a national legal theory that boils down to "guilty until proven innocent". I feel it's better to error in favor of the citizen. A criminal isn't very likely to change their ways and is going to make a mistake that provides plenty of evidence against them.

        It would be so easy to scoop people off of the street in any major city that look like gang members, go through their phone and all of their stuff and have a case against them. While I'm all for stuffing hard core gang bangers in the slammer, I'd be very frightened to live in a state where anybody can be grabbed off of the street and have their lives examined in detail because of how they look or dress. It could also mean that one could be subject to "review" for living in a particular neighborhood or being out past a certain time of night without a pass.

  7. GrumpyKiwi Silver badge

    So Fibbers. Are you going to look after this backdoor as well as say OPM protected their top-secret information? Or as well as the NSA did?

    And will you be supplying it to the Sherrifs department of Podunk County because you just know they're a fine bunch of good ol' boys.

    1. asdf Silver badge

      Laugh at Podunk County but the Garland police department have stopped more terrorists than the TSA. Of course giving them more power than the firearms they already have no thanks.

    2. Yet Another Anonymous coward Silver badge

      to the Sherrifs department of Podunk County

      And every other country you want to sell phones in.

      If Apple give an unlock code to the FBI then the Eu will want it to protect themselves from their terrorists. And then Israel, Turkey, Russia, China, India, Pakistan ....

      So how does the FBI feel about Trump's phone being officially backdoored by Putin ?

      1. G.Y.

        Trump gave Putin some Mossad secrets _without_ any backdoor ...

  8. Anonymous Coward
    Anonymous Coward

    "human trafficking, counterterrorism, organized crime, and child exploitation"

    The holy trinity of excuses to take peoples privacy, I'm not sure how these people keep a straight face.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019