back to article FBI Director wants 'adult conversation' about backdooring encryption

FBI Director James Comey is gathering evidence so that in 2017 America can have an "adult" conversation about breaking encryption to make crimefighters' lives easier. Speaking at Tuesday's 2016 Symantec Government Symposium in Washington, Comey banged on about his obsession with strong cryptography causing criminals to "go …

  1. Gray
    Holmes

    Disregard for consequences

    Comey really doesn't care; his personal view demands "open doors" to police investigations. All else is secondary. Should the worst happen, and criminal elements obtain the keys, he'll simply go after those "lawbreakers" while demanding an expansion of resources. The man is typical of law enforcement officials in the US: single-minded, uncompromising, and totally unyielding.

    1. Someone Else Silver badge
      Holmes

      Re: Disregard for consequences

      ...and dumber than a sack of hair.

    2. Dazed and Confused Silver badge

      Re: Disregard for consequences

      Since he's clearly off in La La land, wanting a law passed to make it mathematically possible to have 3 key encryption systems where it is impossible for anyone except the FBI to ever find the third key. Why doesn't he just press to have a law passed that would force all law breakers to immediately hand themselves over to the nearest law enformance agancy. If the member of the public is unsure where they've transgressed some law, then they should no doubt have to hand themselves over anyway and probably pay for a lawyer to find out what law they have a trangressed so that they can be prosecuted.

    3. Anonymous Blowhard

      Re: Disregard for consequences

      "The man is typical of law enforcement officials in the US: single-minded, uncompromising, and totally unyielding"

      Sounds like a toddler, not an adult...

      1. Michael H.F. Wilkinson Silver badge
        Facepalm

        Re: Disregard for consequences

        The Farce is strong in this one.

        If the FBI wants a back door, so will every other national bureau of spooks. I cannot imagine the FSB wanting to share a back door with the FBI or NSA. As the number of available back doors rises, the chances of blackhats getting in would asymptotically approach 100% rapidly. Even then criminals could roll their own encryption quite readily (one time pad anyone? I have said it before, will keep on saying it).

        Of course if he is really honest (yeah right) about having an adult conversation, he should then also actually listen to what experts have to say. I am not holding my breath

        1. VinceH Silver badge

          Re: Disregard for consequences

          I can't help but think his comment about wanting an adult conversation is because he saw the use of the term 'magical thinking' as a childish insult.

        2. WaveyDavey

          Re: Disregard for consequences

          There's be that many back doors it would look like a Menger Sponge !

          1. Triggerfish

            Re: Disregard for consequences

            Reminds me of this.

            https://en.wikipedia.org/wiki/Indiana_Pi_Bill

            1. flayman

              Re: Disregard for consequences

              It's more like the climate change debate, only with much less room for argument or interpretation. What cannot be done cannot be done. The FBI ought to put together a team of mathematicians and engineers to attempt to solve this conundrum themselves since they seem to think everyone else is just stonewalling and bamboozling.

        3. DropBear Silver badge

          Re: Disregard for consequences

          "Of course if he is really honest (yeah right) about having an adult conversation, he should then also actually listen to what experts have to say."

          Oh nonono, I think you misunderstand - I reckon he means "adult conversation" in the "now listen missy, as long as you live in this house..." sense.

    4. kmac499

      Re: Disregard for consequences

      It's the American attitude to the "Rule of Law". It's not that law is in place to organise and regulate a civil society, but the Law is in place to protect 'Me' from all the wrong doers out there and ensure 'MY' personal rights and freedoms come what may.. Hence the knee jerk reaction to litigation when anyone feels wronged, and raining retribution on the offender totally disproportionate to the original offence. (e.g. the multi-million dollar law suit from a lady spilling unexpectedly hot coffee she had jjust bought in her lap .)

      Consequently anyone charged with enforcing the Law has a sense of almost divine right to do whatever they see fit,

      Might I suggest the FBI and friends turn their investagatory powers onto the guys who ran the mortgage fraud of the 2000's triggering the financial crash. I'm sure there will be some juicy emails to find.

    5. Smedley54

      Re: Disregard for consequences

      Be fair, Mr. Gray! Single minded police types are everywhere, so calling it a uniquely American trait is near sighted. Otherwise I agree; my adult conversation on this is "The answer is still no, and if you ask again I'll send you to your room."

  2. heyrick Silver badge

    And will the FBI...

    ...be willing to lead the way by switching all of their systems to use this wonderful "backdoor friendly" crypto?

    I doubt it.

    So if it isn't good enough for them, it's definitely not even remotely useful for us.

    1. Prst. V.Jeltz Silver badge
      Facepalm

      Re: And will the FBI...

      Well the first thing that occurred to me is that the only flaw I can see in his plan , (apart from the minefield and privacy and freedom issues) is - how do they get the criminals on board to use this new compromised system .

      I aint no criminal mastermind , but if it was me I'd stick with on older , no-holes-in-it system.

  3. Oengus Silver badge
    Thumb Up

    Two thumbs up for the sub-heading

    How about f**k off, is that adult enough?

    I wish I could give two thumbs up to the sub-heading. (Icon for the sub-heading not Comey)

    When will these agencies stop action like a spoiled 6 year old prat and start behaving like adults.

    I worry that the next 'merkan president will be sympathetic towards these agencies and support the backdooring.

    1. Chris G Silver badge

      Re: Two thumbs up for the sub-heading

      Exactly my thoughts

    2. Mage Silver badge

      Re: sympathetic towards these agencies and support the backdooring.

      It would just be the death of any USA related products that use encryption outside the USA.

      All USA commerce etc would be open season for other Governments and criminals and terrorists.

      Either he's totally deluded about how security and encryption works or this is about something else, noise, a distraction.

      If the FBI has a backdoor, then sooner rather than later every script kiddie in the world will have it too.

      1. Ole Juul Silver badge

        Re: sympathetic towards these agencies and support the backdooring.

        "Either he's totally deluded about how security and encryption works or this is about something else, noise, a distraction"

        I don't think he's stupid. I think he is just totally into law enforcement. The more people break the law, the better for him - he gets to do his thing and get paid for it. One could be tempted to call that evil.

      2. Anonymous Coward
        Anonymous Coward

        Re: sympathetic towards these agencies and support the backdooring.

        @Mage

        I wonder if that's not at least part of the point. The way the US and other developed nations are allowing their own economies to be destroyed by globalization nothing would surprise me.

      3. Black Betty

        Re: sooner rather than later.

        However soon it fell into the hands of script kiddies, a halfway credible rumour of the existence of such a key would have half of all competent black hats in the world hammering the FBI servers into scrap iron via the TCP/IP ports.

    3. Sitch

      Re: Two thumbs up for the sub-heading

      We should be worried about the next president, they will get to select up to 4 SCOTUS appointments.

      We should be very worried, and if you own any guns extra double plus good worried.

    4. Medixstiff

      Re: Two thumbs up for the sub-heading

      "I worry that the next 'merkan president will be sympathetic towards these agencies and support the backdooring."

      Huawei would be absolutely laughing their butt's off, it would be like all their dreams had come at once, considering how the US had a go at them but never provided any proof.

      1. Yet Another Anonymous coward Silver badge

        Re: Two thumbs up for the sub-heading

        "I worry that the next 'merkan president will be sympathetic towards these agencies and support the backdooring."

        Yep the next president is going to be REALLY sympathetic toward the FBI having free access to her communications.

    5. davidak

      Re: Two thumbs up for the sub-heading

      I worry that the current UK prime minister IS sympathetic towards these agencies and supports backdooring.

    6. heyrick Silver badge

      Re: Two thumbs up for the sub-heading

      Oengus' comment. One lonely downvote. Alright, own up, which one of you is the spook?

      1. IT Poser

        which one of you is the spook?

        Just use the backdoor to pop into their system and take a look. The only problem is finding the right house so you should probably check them all just to be safe.

      2. Anonymous Coward
        Anonymous Coward

        Re: Alright, own up, which one of you is the spook?

        Me.

    7. julian_n

      Re: Two thumbs up for the sub-heading

      Remember, this is the guy who has decided not to recommend prosecuting Clinton over her e-mail server. She owes him big time.

  4. The_Idiot

    Mr Comey's position...

    ... appears to be simple.

    1: What is required is an adult conversation.

    2: I am clearly an adult, therefore my conversations must also be adult, by definition.

    3: Those who agree with me are therefore also clearly adults, and should be permitted to take part in the conversation.

    4: Those who disagree with my adult conversation must clearly not be adults and must be excluded from discussing the matter.

    5: After discussing the matter in an adult conversation, all participants will agree I am right, and therefore tech companies will stop being difficult and volountarily recognise the will of the adult majority.

    6: Study of mathematics will be made a felony, so as to ensure the tech companies cannot waste adults' time with childish excuses.

    Sigh... I hope I'm kidding...

    1. moiety

      Re: Mr Comey's position...

      We've already had the adult conversation:

      "No, Little Jimmy, you can't have it because it's impossible to do safely. A backdoor would inevitably leak, causing catastrophic amounts of damage"

      "But...but...I WAAAAAAAAAAAAAAAAAAAAAAAAANT IT!" *holds breath*

      1. Adam 52 Silver badge

        Re: Mr Comey's position...

        *One* possible solution to his problem is impossible. There are others - a master key, for example, that are possible but unlikely to survive for long.

        There are yet more - multiple keys, one held by each of the branches of government - that might be more practical. Or a real-time key generation and revoke mechanism. Or a hybrid solution where the master key for a person is on hardware in their possession, so the Police need physical access.

        There are multiple ways to reach a compromise, if both sides want to have an adult conversation. It sounds like the Reg readership don't want an adult conversation though.

        By the way, there was a vulnerable person over the weekend. He's been lured into sending his life savings to some Internet scammers and was in the process of connecting up his car exhaust to the car window when found (the scammers had given him instructions on the best way to get an air tight seal). There is no chance that those scammers will ever be caught, and chances are that eventually they'll be successful in killing off one of their victims.

        Law enforcement see issues like this one, and then they see the tech industry going "la la, we don't care". And they get angry, as would you if you'd just seen someone killed and people actively refused to help you find out who did it.

        Solving the problem above doesn't involve anyone having my PGP key and doesn't involve mass surveillance, but does involve some way of tracing communications with an effective judicial oversight.

        1. Bogle
          FAIL

          Re: Mr Comey's position...

          "By the way, there was a vulnerable person over the weekend"

          I call BS. As Wikipedia likes it, "Citation needed". Or perhaps XKCD: https://xkcd.com/285/

          1. Adam 52 Silver badge

            Re: Mr Comey's position...

            "Citation needed"

            You won't get one. Not until there's a death and an inquest, and even then you probably won't because inquest verdicts aren't that detailed. And that's good, the last thing a vulnerable person needs is

            random commentards interfering in their life. It's called "privacy".

            If you think you live in a world where there are no Internet criminals, well you must be very blinkered.

            Try Googling "suicide pact", you think everyone there is innocent?, Nobody posing as a 16 yr old girl for kicks? Then you are too naive.

            Or do a volunteer stint for a mental health charity? Just don't think that playing at being a Special gives you any experience, because it doesn't.

            You won't, of course, because uninformed opinion on a forum is a much happier place to be than informed, real-world experience. The world is a nasty place. Doesn't mean you should roll over and do whatever the FBI say, but does mean you should listen to what they have to say because they are massively more informed than you.

            1. Triggerfish

              Re: Mr Comey's position...@Adam52

              Perfectly aware world is a nasty place, was before internet as well, but your arguements are starting along the lines of think of the children.

              Also for uniformed opinion you should realise there are more than a few poster on here with a very level of knowledge etc, if people are saying backdoor encryption is not mathematically possible maybe it isn't for real reasons rather than just people being commentards.

              PS I admire your complete faith in the goverment knowing what they are doing. Or trusting they are always doing things in your interest.

            2. Anonymous Coward
              Anonymous Coward

              @Adam 52

              "Citation needed"

              You won't get one. Not until there's a death and an inquest, and even then you probably won't because inquest verdicts aren't that detailed. And that's good, the last thing a vulnerable person needs is

              random commentards interfering in their life. It's called "privacy".

              If you think you live in a world where there are no Internet criminals, well you must be very blinkered.

              Try Googling "suicide pact", you think everyone there is innocent?, Nobody posing as a 16 yr old girl for kicks? Then you are too naive.

              Whoaaaa, dude!

              You've been drinking too much antifreeze.

              And that's good, the last thing a vulnerable person needs is

              random commentards interfering in their life. It's called "privacy".

              Oh, so this "vulnerable person" was someone who reads the El Reg comments?

              By the way, there was a vulnerable person over the weekend

              So... how did you hear about this?

              what's your massive interest in suicide?

              oh, wait, 2+2 = YOU are the one who was conned into killing yourself!

              1. John Smith 19 Gold badge
                Unhappy

                Re: @AC

                "oh, wait, 2+2 = YOU are the one who was conned into killing yourself!"

                Hmmm.

                Would explain the facts.

                A deep faith in the idea that a government agency will always operate within the law and never harass citizens does suggest someone with a limited ability for critical thinking or to do their own research.

            3. flayman

              Re: Mr Comey's position...

              random commentards interfering in their life. It's called "privacy".

              If you think you live in a world where there are no Internet criminals, well you must be very blinkered.

              What a complete load of b0ll0cks! Of course there are loads of internet criminals and all kinds of other criminals. Sometimes they are caught, other times not. You can't prevent all incidents of crime. People need to take steps to protect themselves. I wouldn't want to live in a society where government could detect any crime as it was about to happen and every criminal suspect was successfully prosecuted. I wouldn't want to live in a society where law enforcement could easily trawl back through time for any "evidence" of guilt it can dig up on a suspect. Your turning the conversation back to the protection of privacy is just laughable. We should listen to the FBI when they say there has to be a way to provide law enforcement the ability to crack any encrypted data it finds without a systemic security compromise? No. They are not informed. Commentard.

        2. Pascal Monett Silver badge

          @Adam 52

          "multiple keys, one held by each of the branches of government"

          My dear sir, do you realize just how daft such a proposition is from a security point of view ? Do you really think that one key per branch of government is not going to leak from at least one of them, by stupidity, oversight, forgetfulness or any combination thereof, in less time than a hacker needs to code a Hello World hack ?

          1. Tony Haines

            Re: @Adam 52

            "Do you really think that one key per branch of government is not going to leak from at least one of them, by stupidity, oversight, forgetfulness or any combination thereof, in less time than a hacker needs to code a Hello World hack ?"

            As I understood it, the suggestion was that they'd *all* have to leak.

            However, I think that still asymptotically approaches certainty, but with a longer half-life.

            There clearly are other approaches to the 'ultimate skeleton key' we all hate. Giving everyone their own personal (backdoor) key would be a good start. That would reduce the risk of a single catastrophic leak because you could keep the list in a nice air-gapped system, and only export data by printout, or something like that.

            Still not a good idea, of course, but if we're being adults we ought to consider all the options, not just the stupidest one.

            Another idea is the 'partial key' method. If the gov. only has part of the key, they could break encryption with less (but still significant) computational effort, but not read everything all the time.

            1. moiety

              Re: @Adam 52

              There are multiple ways to reach a compromise, if both sides want to have an adult conversation. It sounds like the Reg readership don't want an adult conversation though.

              Sorry, no. If a universal escrow key exists, it *WILL* leak; thus rendering the covered communications insecure. Remember OPM? If a universal escrow key were to exist it would 1) Tank your IT industry (and ohers) in short order and 2) Become the most valuable target for every hacker, domestic and foreign. Can you imagine what bribes would be on offer for such a valuable object? I would be genuinely surprised if it lasted a week.

              Your other suggestions are just variations on a theme and would not address the basic flaw. You cannot have 3rd party access and secure communications simultaneously. It is not possible. The very concept assumes that law enforcement authorities are 100% incorruptible and trustworthy; which -frankly- I dispute. For a start, the people who are meant to be upholding the law would be breaking it (to whit: the "unreasonable search and seizure" and "right to not incriminate oneself" parts of the Constitution before we even start getting technical). You cannot have it. Deal with it.

              I fail to see what your unnamed, unverified victim strawman has to do with encryption. The "victim" would have no reason not to decrypt his side of proceedings for the police; and the IP addresses and relevant metadata would be available anyway.

        3. The_Idiot

          Re: Mr Comey's position...

          @Adam 52

          "There are multiple ways to reach a compromise, if both sides want to have an adult conversation. It sounds like the Reg readership don't want an adult conversation though."

          There are indeed 'multiple ways to reach a compromise', if the 'compromise' is in fact a compromised and inherently flawed system of cryptography.

          Unfortunately (at least in my view) for anyone who holds such an opinion, mathematics is, to the best of my knowledge, not a matter of opinion.

          It is true that all cryptographic systems (at least all of them to date) can be broken, often through unknown or undetected flaws in implementation. It is also mathematically true that the more ways you deliberately and knowingly introduce to allow them to be broken in a pre-determined and known fashion, the more likely it is people you didn't intend them to be broken by will....

          OK. I give in. Have it your way, sir. Let all 'acceptable' forms of encryption end up as the equivalent of ROT13. What could possibly go wrong, right?

          Grump.

          Whimper.

          Shivers...

        4. noboard

          Re: Mr Comey's position...

          Someone being scammed over the internet, fair enough. Scammers teaching people the best techniques for committing suicide is much harder to swallow. Once they have the money they don't hang around to give after care to their victims.

        5. flayman

          Re: Mr Comey's position...

          It just can't be done. I'm sorry. If an escrow key exists then you can't call it strong encryption. And you can't demand that all online services that use encryption require permanent keys on hardware unless all online services operate within your jurisdiction. They don't. United States law does not apply across the entire world. Even if it did, guess what? Criminals would simply use covert services to communicate. The encrypted traffic would be routed around the globe and impossible to track or break. Something like the Tor browser for example would probably become illegal in the US and anyone anywhere accessing a US resource through it would be committing a crime punishable by the CFAA. That would be a great shame and send a terrible message around the world to where people really rely on such tools to browse the web freely and anonymously. It's not that the tech companies don't care about crimes being committed with their products and services. They just know that to backdoor their systems would be to throw out the baby with the bathwater so to speak. Their customers would be the ones to suffer from the increased risk; therefore, overseas competitors would gain an advantage. The FBI needs to appreciate that two people communicating with encryption are like two people communicating in hushed whispers inside a Faraday cage. They can't tap into that either.

        6. John Smith 19 Gold badge
          Unhappy

          By the way, there was a vulnerable person over the weekend.

          He's been lured into sending his life savings to some Internet scammers and was in the process of connecting up his car exhaust to the car window when found (the scammers had given him instructions on the best way to get an air tight seal). There is no chance that those scammers will ever be caught, and chances are that eventually they'll be successful in killing off one of their victims.

          Where was this reported? Where did it happen? Who said it was an internet scammer? Who told you about it?

          Here we like our information to be a bit more, what's the word, informative. Not something that sounds like a more verbose section from a Donald Trump campaign rally.

        7. Anonymous Coward
          Anonymous Coward

          Re: Mr Comey's position...

          There are multiple ways to reach a compromise, if both sides want to have an adult conversation. It sounds like the Reg readership don't want an adult conversation though.

          f**k off

      2. Sealand

        Re: Mr Comey's position...

        As an acquaintance (who's actually a doctor) once said about such a tantrum: "Just let him hold his breath. When he passes out, he'll start breathing again."

    2. Teiwaz Silver badge

      Re: Mr Comey's position...

      Hmm, I've had bosses a little like that....

      1. John Smith 19 Gold badge
        Unhappy

        "Hmm, I've had bosses a little like that...."

        Haven't most of us?

        I call it "aspirational management"

        Where they tell us what the what they want done despite all evidence and past experience demonstrating it can't be done and offering no actual new plan as to how it can be done.

  5. C0p3n

    Feels ...?

    "Americans do have the right to a measure of privacy in their own homes, cars, or on their electronic devices, he said. But the government also has the right to invade that privacy when law enforcement feels it has probable cause."

    How about when law enforcement KNOWS they have probable cause? Feels sounds kinda .. I dunno .. uncertain? Maybe it's just me .....

    1. Doctor Syntax Silver badge

      Re: Feels ...?

      "How about when law enforcement KNOWS they have probable cause?"

      Even better: when law enforcement has sufficiently clear cause to obtain a search warrant.

      1. Destroy All Monsters Silver badge
        Big Brother

        Re: Feels ...?

        But the government also has the right to invade that privacy

        Frankly, this says it all.

        "Government" does not have ANY "rights" whatsoever, and invasion of privacy is NEVER, NEVER a "right". There may at most be a temporary, court-granted waiver.

        That phrase right there should start an armed insurrection against the occupying power.

        1. Marc 25

          Re: Feels ...?

          I completely agree with you. I read that line and recoiled in shock!

          For that line alone he should consider his position untenable and step down immediately. He's completely failed to understand that his role is to protect the people and not to protect the rights of the elected temporary government.

          That line would not wash in the UK and I'm concerned that this is happening in the US, especially when we use so many US online services.

          Right now in the UK we have the Human Rights act 1998 and article 8 states that we have these rights.

          Mind you, Mistress May is doing all she can to tear that down and remove that critical line about phone tapping and email monitoring.

          https://www.citizensadvice.org.uk/law-and-rights/civil-rights/human-rights/what-rights-are-protected-under-the-human-rights-act/your-right-to-respect-for-private-and-family-life/

          1. davidak

            Re: Feels ...?

            Article 8 is unfortunately quite worthless, despite the Daily Fail constantly ranting about how evil it is. It can be ignored for matters of national security, or even worse, matters of public morality. What is the definition of public morality? Whatever the government say it is of course.

  6. Fan of Mr. Obvious

    Dear FBI

    Dear FBI,

    In the real world backdoors get patched when found.

    Thanks, and have a good life.

    PS: Stop acting like a cry baby. Adults take their lumps and move on.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear FBI

      How about setting up a "safe area" for the dear FBI Director wherein he can navel-gaze in peace and pursue the self-indulgent logic of "anything goes, because I'm the good guy"?

      1. Captain DaFt

        Re: Dear FBI

        "How about setting up a "safe area" for the dear FBI Director wherein he can navel-gaze in peace and pursue the self-indulgent logic of "anything goes, because I'm the good guy"?"

        Well, there are already many state sponsored sanitariums set up for just such a purpose, but alas, they are woefully underfunded. So the psychiatric profession is not a diligent as it should be.

        Maybe if we diverted some of the spook funding to them instead?

        1. BebopWeBop Silver badge
          Trollface

          Re: Dear FBI

          Well, there are already many state sponsored sanitariums set up for just such a purpose, but alas, they are woefully underfunded. So the psychiatric profession is not a diligent as it should be.

          I agree. More funding for University Maths departments :-)

      2. Someone Else Silver badge
        Coat

        Re: Dear FBI

        Well, if he really is a "good guy", then he doesn't need any back doors, front doors, or windows (or Windows...). All he needs is a gun, because as we all know, "A good guy with a gun can stop a bad guy with a gun".

        Now, if the bad guys simply disarmed themselves....

        1. Sgt_Oddball Silver badge

          Re: Dear FBI

          I think Monty Python did an instructional video on that one..."How to defend yourself against a man armed with a banana."

  7. Christoph Silver badge

    Adult conversation?

    Adult conversation: I will throw a screaming tantrum until I get my own way.

    1. fishbone

      Re: Adult conversation?

      Too true and it's going to happen because the noise of the unthinking will win over civil rights even though the constitution should secure them. The fourth amendment was trashed in the late nineties to accommodate the Amtrak crowds that rode the northeast corridors. Pee in the jar or be fired was not a phrase I remember from civics nor was public safety concerns are more important than personal liberties, but it happens regardless to thousands every year who work in public transportation.No evidence, no suspicion, no witnesses. Same thing will happen again when the chatter reaches a high enough level.

      1. Anonymous Coward
        Anonymous Coward

        Re: Adult conversation?

        Pee in the jar or be fired was not a phrase I remember from civics nor was public safety concerns are more important than personal liberties, but it happens regardless to thousands every year who work in public transportation.

        Ahh.. but they CHOOSE to work in public transportation.

  8. Destroy All Monsters Silver badge
    Big Brother

    "Collecting information". Yes. We are.

    Be very afraid.

    The FBI is currently "uprooting terrorists" by setting paid "agents provocateurs" on mentally challenged brown people who can then be nabbed "in the nick of time" and paraded in front of cameras as "potential terrorists" in a fashion that, I am sure, has absolutely not come from a manual on how to do Stalinist purges.

    If they "collect information" about nefarious use of crypto, some poor sods will make contact with the prison-industrial complex in unexpected ways.

    1. Nuno trancoso

      Re: "Collecting information". Yes. We are.

      "manual on how to do Stalinist purges". You made my day DAM :)

    2. Anonymous Coward
      Anonymous Coward

      Re: "Collecting information". Yes. We are.

      Not just Stalinist, more modern methods than that. . . the conspiracy theorists amongst us would probably remind people about Markus Wolf

      Despite his public transformation, he was barred from entering the United States, which he found hypocritical. . .. Partly to blame, he said, was his refusal to work for the CIA with the promise of a seven-figure salary, a home in California and a fresh identity. from his obituary in the WaPo!

      http://www.washingtonpost.com/wp-dyn/content/article/2006/11/09/AR2006110901967_2.html

      Markus "Mischa" Wolf was head of the DDR(look it up, youngsters) security police, who , allegedly, did eventually make it to the US for a chat with Homeland Security, allegedly (again) with ex-USSR KGB top operatives such as Yevgeny Primakov, Alexander Karpov and Oleg Kalugin - but that was over ten years ago?

      That does remind me but quite a bit of serious crypto thinking recently came/(comes?) from an offshoot of the Stasi, no really! I used to work for a large German company in München, who's crypto dept was/(is?) still based in Berlin. . .it's all rather public information, just covered in a lot of cruft & noise. . .

    3. nichomach
      Big Brother

      Re: "Collecting information". Yes. We are.

      THIS wasn't supposed to be an instruction manual.

  9. Doctor Syntax Silver badge

    "US tech firms are, of course, very worried ... any backdoor would kill their sales, both domestically and internationally."

    They would of course, have the option of becoming non-US companies. I'm quite sure there are a number of companies that would be happy to accommodate them. Ireland anybody.

    They'd have to sell weak encrypted products in the US which is rather ironical. Back in the day the US was very insistent that they should have strong encryption and the rest of the world would have to have weak encryption. If Comey gets his way that might be reversed.

    1. james 68

      Funny thing is, 2/3rds of Crypto comes from non-American companies, so he will endeavor to make the use of "foreign" crypto illegal.

      Because these people my be criminals, but they would never break that law....right?

      It's a circle jerk of epic proportions.

      1. Yet Another Anonymous coward Silver badge

        Wasn't he the cockwomble who explained that it was only "theoretically possible" for non-US companies to write encryption software ?

        1. moiety

          ...while probably using AES that was developed by a couple of Belgians.

      2. tony2heads
        Facepalm

        Making foreign crypto illegal

        makes about as much sense as making foreign mathematics illegal.

  10. Red Bren

    Adult conversation

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    "I wanna toy!"

    "No."

    ...

    1. Fatman Silver badge

      Re: Adult conversation

      <quote>"I wanna toy!"

      "No."

      "I wanna toy!"

      "No."

      "I wanna toy!"

      "No."

      "I wanna toy!"

      "No."

      "I wanna toy!"

      "No."

      "I wanna toy!"

      "No." Adult, fed up with petulant child whining, takes out 3 inch wide leather belt, and gives child deserved ass whipping. Child gets message.</quote>

      FTFY

      1. DropBear Silver badge

        Re: Adult conversation

        "Adult, fed up with petulant child whining, takes out 3 inch wide leather belt, and gives child deserved ass whipping. Child gets message."

        Actually I think by saying "adult" he has the exact same thing in mind, only in reversed roles.

        "Clean up you room!"

        "No."

        "Clean up you room!"

        "No."

        [...]

    2. Someone Else Silver badge
      Coffee/keyboard

      @ Red Bren -- Re: Adult conversation

      Look what you went and made me do ------>

      (I'd put up the beer icon, but I don't know how to get this thing to print two icons...)

  11. Yet Another Anonymous coward Silver badge

    Perhaps a childish conversation

    It would be useful if invaded for bridges, tunnels, ports, runways to be demolished

    So we should install demolition chargers now with a big red button marked "for DoD use only"

    That seems perfectly reasonable doesn't it ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps a childish conversation

      er.... you might not have noticed - but certainly SWITZERLAND already has this national protection system installed (confession: I was in a café on the border@CERN in around 1986 when I saw the pneumatic cylinders/tank-traps being carefully installed - look for the patterns on the roads/motorways) then. . .

      http://io9.gizmodo.com/5919581/how-switzerland-camouflaged-its-ready-to-explode-architecture-during-the-cold-war

      To interrupt the utility of bridges, tunnels, highways, railroads, Switzerland has established three thousand points of demolition. That is the number officially printed. It has been suggested to me that to approximate a true figure a reader ought to multiply by two. . . .

      Where a highway bridge crosses a railroad, a segment of the bridge is programmed to drop on the railroad. Primacord fuses are built into the bridge. Hidden artillery is in place on either side, set to prevent the enemy from clearing or repairing the damage. . . .

      McPhee points to small moments of "fake stonework, concealing the artillery behind it," that dot Switzerland's Alpine geology, little doors that will pop open to reveal internal cannons and blast the country's roads to smithereens.

      Later, passing under a mountain bridge, McPhee notices "small steel doors in one pier" hinting that the bridge "was ready to blow. It had been superseded, however, by an even higher bridge, which leaped through the sky above-a part of the new road to Simplon. In an extreme emergency, the midspan of the new bridge would no doubt drop on the old one."

    2. Anonymous Coward
      Anonymous Coward

      Re: Perhaps a childish conversation

      We've done it here in the US. The Strand in Coronado (San Diego, CA) is wired for explosives just in case the Coronado bridge is brought down, not that this is expected to be a problem as its pieces are designed to float. This is all to insure that the US Navy doesn't have any problems if San Diego is attacked, well beyond any direct strikes.

  12. Marty McFly
    Mushroom

    The road to Hell....

    ....starts at the backdoor.

    1. moiety

      Re: The road to Hell....

      That's what she said.

      Sorry. A bit.

  13. Daniel Voyce

    1984 was a warning not a fucking reference manual you complete bunch of elbow wanking cockatoos! Stop kicking your toys out the pram every time sane people who know MUCH more about the subject than you tells you it is a really shitty idea!

    1. Someone Else Silver badge
      Coffee/keyboard

      bunch of elbow wanking cockatoos!

      Too friggin' funny! Can I use it?

  14. a_yank_lurker Silver badge

    Comey = Traitor or Idiot

    Anyone with rudimentary knowledge of cryptography knows all cryptographic systems have one glaring weakness - the brute force attack. Given enough time and resources all messages can be broken and read. Also, it is likely (more like a certainty) that any commonly used system has implementation errors that weaken it. Now the esteemed traitor/idiot wants in add a backdoor (implementation error) and expects no one will look for.

    1. MacroRodent Silver badge

      Re: Comey = Traitor or Idiot

      Given enough time and resources all messages can be broken and read.

      Enough time, sure. As in millions of years. And adding bits to the key makes the time go up exponentially. DES with its 56-.bit key is now considered crackable, so it has been replaced by algorithms with a longer key. I expect they too will be replaced as computing power grows. But it does not really matter, as long as the time needed for a brute force attack is longer than the time the message is expected to be relevant.

      1. a_yank_lurker Silver badge

        Re: Comey = Traitor or Idiot

        The real issue is whether there are implementation flaws or back doors (which act like implementation flaws). Adding a known backdoor is just painting a bullseye on the code telling hackers come look for the backdoor. Whether they find the backdoor they are certain to find some flaws they can abuse.

        No cryptographic systems is truly unbreakable even if takes millennia with current hardware. The fact that older systems once touted as effectively unbreakable now can be seccomb to brute force attack means there is ongoing arms race between the systems and the hackers.

    2. Oengus Silver badge

      Re: Comey = Traitor or Idiot

      Comey = Traitor or And Idiot

      FTFY

    3. Anonymous Coward
      Anonymous Coward

      Re: Comey = Idiot

      Go easy on the heavy words. Comey isn't a traitor, but is simply someone with a very limited span of interest. He wants US manufacturers to make his life easy with no regards for the consequences (or for the side effects, because how do them terrorists make money? Exactly, with crime - that you facilitate with such idiocy).

      So, he's an idiot whose only redeeming feature is that he hasn't tried the "you can trust us" line. Yet.

      1. Anonymous Coward
        Anonymous Coward

        Re: Comey = Idiot

        Has he done 'If you've nothing to hide, you've nothing to fear' or the classic 'you're either with us or against us'?

        How about 'there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know.'?

    4. The Mole

      Re: Comey = Traitor or Idiot

      That's not true. For encryption systems where the key is as long as the message (one time pad for instance) there is no way to brute force the encryption and identify the correct message. You may well try an encryption setting and reveal "The FBI is full of idiots", but you will also have another encryption setting which will reveal "The CIA is full of idiots" and another that says "The gov is full of idiots", there is no way of working out which is the true original message. Even when the key is shorter than the message there will still probably be multiple decryptions which may appear to be valid messages, though you can probably discard a large proportion of the decryptions if you know the syntax of the output (e.g. it will be english text).

      1. Anonymous Coward
        Anonymous Coward

        Re: Comey = Traitor or Idiot

        'For encryption systems where the key is as long as the message (one time pad for instance) there is no way to brute force the encryption and identify the correct message. You may well try an encryption setting and reveal "The FBI is full of idiots", but you will also have another encryption setting which will reveal "The CIA is full of idiots" and another that says "The gov is full of idiots", there is no way of working out which is the true original message.'

        Well that's has obvious uses, they just 'crack' the cyphertext to reveal whatever plaintext they need to secure a conviction.

    5. John Smith 19 Gold badge
      FAIL

      Re: Comey = Traitor or Idiot

      "Now the esteemed traitor/idiot wants in add a backdoor (implementation error) and expects no one will look for."

      Actually it's worse than that.

      Implementation error --> May not exist || can't be found with methodology attacker is using.

      Backdoor --> Definitely exists && has known access process to it

      AFAIK this will be "one (code) key to open them all." It will be the most desirable target for every cyber criminal, terrorist or state actor on the face of the planet and they will never stop looking for it

  15. Marketing Hack Silver badge
    Stop

    James Comey's dream "adult" conversation...

    America: F*ck us Jim! Give it to us hard!!

    Comey: Take it, bitches!

  16. dan1980

    Mr Comey and his like-minded counterparts in 'law enforcement' and government around the world are starting from the premise that this is possible. Thus, the conversation they want to have - however 'adult' - is for people to tell them how to do it.

    An 'adult' conversation isn't enough; what is needed is an open and honest conversation - one that starts with a proposition for a desired end result and then investigates whether this end result is feasible or even possible before it gets any further. That conversation must have, as a fundamental understanding, the admission from Comey (et al) that it really might not be possible to do what he wants.

    Comney and his ilk are trying to jump straight to the 'how' without wishing to seriously address the 'if' first. "Stop telling me it can't be done and start telling me how it can be done."

    In that way, he's almost like the two wireless power 'start-ups' getting press: uBeam and Energous. Both of these companies have a 'vision' of an outcome: wireless power transmission that is safe, affordable and efficient. The basic technology - power transmission via sound or radio waves - is certainly possible and uncontroversial. The problem is that to get it to work in any useful way is either dreadfully dangerous or insanely wasteful/expensive.

    Similarly, Comeys 'vision' of encryption that can be broken by the feds but not by anyone else has, at its heart, a (technically) uncontroversial reality: it is possible to make encryption that is able to be decrypted by a third party. The problem comes, as it does with uBeam and Energous, when it is asserted that this access can be achieved while keeping all the benefits provided by the current technology.

    uBeam and Energous can create transmitters to supply power to devices wirelessly but they are only able to do so by throwing out all the benefits of the existing technology - efficiency, speed and economy - because, you know, physics.

    In Comey's case, encryption can be created that is crackable by feds but only if they throw out the benefit provided by current encrytion: security. Because, you know, mathematics.

    For both, the focus on the vision renders the product useless for it's main purpose: charging devices in uBeam/Erergous's case and security data in Comey's.

  17. Random Comment

    Creating your own enemies

    OK, so you convict and imprison those who do not create weakened encryption.

    You now have only criminals who have strong encryption.

    You have created your own enemies. And they can talk about you behind your back because you rely on having the keys to unencrypt messages - you now know you do not have to develop your own, so you don't have anyone to break encryption anymore.

    Idiot.

  18. Nuno trancoso

    Maybe

    Maybe we should. We start the adult conversation by pointing out to the US public that:

    a) only they will be subjected to this

    b) only they will be vulnerable

    Given a+b it will be easy to show 'merkans that what the FBI REALLY wants is to freely snoop on the US citizens, because basically ROTW doesn't give a f***ing f**k about their backdoors and will happily go about making it's own crypto even stronger.

    It's not like the US public doesn't distrust the government already, shouldn't be too hard to convince them about this one, it sounds... like truth.

    1. The_Idiot

      Re: Maybe

      Sadly, as many recent reports have shown, much of the Rest of the World are busy talking out of a similar orifice to the one Mr Comey appears to favour, and demanding, or moving towards demanding, the same thing.

      Of course, that won't stop Black Hats, Grey Hats and all sorts of colours in between making 'illegal' encryption that actually works and using it. Which will, no doubt, also be declared illegal. So the next step (already in progress) will be to create more crypto-stealth methods to hide the fact that crypto is in use at all - and so it goes on.

      I'm not actually fond of getting old - but this sort of thing almost makes it bearable. There's only so much stupidity one life should have to take, and this type of thing adds more than it's fair share to that total, at least for me. Sigh...

      1. MacroRodent Silver badge
        FAIL

        Re: Maybe

        Sadly, as many recent reports have shown, much of the Rest of the World are busy talking out of a similar orifice to the one Mr Comey appears to favour, and demanding, or moving towards demanding, the same thing.

        Yes, and if the FBI gets its way in te U.S, it will accelerate similar backdoor schemes elsewhere. When every major governement wants access to a backdoor, the magic keys will leak even faster, and the security afforded by such encryption will be worse than that of a girl's toy lock on her pink diary.

      2. Anonymous Coward
        Anonymous Coward

        Re: Maybe

        "I'm not actually fond of getting old - but this sort of thing almost makes it bearable. "

        OT:

        I have that feeling too this morning. Trying to get the new "Demon" email service to even connect has raised my blood pressure by 20 points. It is becoming clear it does not do the same job for serious email users. The marketeers and bean counters appear to consider "email is email - so we can substitute Office 365".

  19. Mark 85 Silver badge

    This ranks as probably the biggest twit in government at the current time. Did he ever take any mathematics in school? Logic? Reasoning? I guess those "experts" who say "nay" aren't adults. Hell, he won't even listen the NSA.

    And while we're at it... have there been any documented cases where the FBI stopped an attack (and not a set-up either)? Or how about any of the terrorist attacks that would have been stopped if they had the keys to encrypted comms? I recall hearing of maybe one or two cases of "stopped" but the perps weren't using encryption. The key is the second question... which ones could they have stopped?

    1. Anonymous Coward
      Anonymous Coward

      As director of the FBI, he has access to the best cryptographers in the world, if he wants it.

      How this will play out is that Business, sufficiently large Commercial entities, will get strong cryptography and we home users and small business will get cracked, old methods.

      This will make it easier for large Corporations to hide their maleficence and we won't have the same level of safety. It shocks me that banks and online stores are still viable, TBH. I expect these will stop once Comey gets his way.

  20. Winkypop Silver badge
    FAIL

    Why have an adult conversation?

    When even a child can see that this is a very bad idea.

  21. frank ly Silver badge

    Consider this

    "We want to lock some people up, so that we send a message ..."

    That's supposed to be the job of the court and it's not for 'sending a message'. Punishing people to 'send a message' is what the Mafia (etc) do.

    1. rdhood

      Re: Consider this

      Oh, it is way worse than that. the rest:

      " And if we can't lock people up, we want to call (them) out. We want to name and shame through indictments, or sanctions, or public relation campaigns – who is doing this and exactly what they're doing."

      Really? Is it the place of the FBI to "send messages", to use the legal system to harass, embarrass and ruin the lives of people that they have decided that they want to lock up, but can't? That is f'n scary. That it came out of the mouth of the man who pushed to NOT indict a connected political candidate who broke rules governing classified information should scare people sh**less.

  22. Christian Berger Silver badge

    It's actually even besides the point

    I mean we are talking about crypto here, and cryptography can protect your secret against eavesdropping under certain circumstances...

    However that's not what the FBI claims to want, They claim to want to be able to extract data from telephones. Once you have physical access to that device, you are in a while different position, you can then extract every bit stored in Flash... and unless you have very special hardware, every bit in RAM. Of course you could encrypt that, but for that you'd need to enter a key. Of you only have a touchscreen, the best you can get is a 8 digit PIN... which is easy to brute-force.

    Yes, people have had ideas like having a special chip which only releases the key when given the right PIN, and yes those are advertised to have a "wrong tries" counter, but keep in mind that you can erase individual Flash cells easily when uncapping the chip, or you can just read out the internal flash of such a chip with a bit more effort.

    Even that is assuming that the rest of the software is flawless. Today we have mobile operating systems which seem like they were deliberately made more complicated to introduce new bugs. Even lock screens can often be bypassed by simple user interaction.

    Of course solving those problems is feasible, just make your mobile device a terminal to a server that sits somewhere safe. That would really get the FBI into trouble.... and that's what the device companies won't sell you. So in a way the interests of the FBI and the actions of the device manufacturers already seem to overlap.

    So essentially use ssh over Tor Hiden Services or mosh and authenticate via public key authentication, have your local key with a moderately strong password (of course a hardware keyboard helps) and have your sever remove that "authorized keys" entry once there has be no login for n days, and you would be moderately safe... if you could trust your operating system on your mobile device.

  23. MrDamage

    Can we get Mr Torvalds to weigh into the discussion?

    I'm sure he won't change Comey's mind, but it will be a fucking entertaining read for sure.

    1. Anonymous Coward
      Anonymous Coward

      Re: Can we get Mr Torvalds to weigh into the discussion?

      Speaking of computing/OS experts, maybe Theo de Raadt (founder of OpenBSD) could attend as well. Although neither might be interested as I suspect they understand the point of such a meeting would not be to change Comey's mind but rather convince to weaken cryptography.

  24. simonb_london

    This is great news for non-commercial open source projects

    Only commercial entities can be forced to comply with ridiculous laws resulting in open source software that is far more reliable, versatile and capable than crippled, non-competitive rubbish from US companies. Party like its ffmpeg, VLC and mplayer all over again!

  25. wolfetone Silver badge
    Thumb Up

    Here's your adult conversation...

    Fuck off.

  26. LDS Silver badge

    Adult conversation? Become an adult, first...

    Go back to school, repeat your math courses, because you look really lacking proper knowledge, stop going after magic unicorns and spells to open treasure chests... once grown up, you'll understand yourself criminals will have more advantage from borked cryptography than law enforcement agencies. And that FBI needs to change its approach to investigations, not ask to change cryptography.

  27. Anonymous South African Coward Silver badge

    10 PRINT "Bad idea."

    20 PRINT "Very, very bad idea."

    30 GOTO 10

    1. Anonymous Coward
      Anonymous Coward

      Extra upvote for doing that in BASIC (shudder), using GOTO (aaaaaaargh).

      :)

  28. Peeeeter

    Sigh...

    Does he really think that if he forces tech companies to provide a backdoor, criminals won't start encrypting messages themselves?

    Encryption with a backdoor is useless. If the police can use it, anyone can use it.

    It's worrying people that don't understand the matter have these decision making positions.

  29. Milton Silver badge

    Adult, as in rational and evidence-based?

    Comey seems determined to make a fool himself. It is not possible to have an adult conversation with someone who refuses to understand the topic at hand, rejects evidence and thinks irrationally.

    Ok, Comey doesn't have to understand the math of crypto—though it isn't that difficult to understand the principles, and we might have dared to hope the Director the FBI would be intelligent enough to pick it up in half an hour, assuming a college education.

    No doubt he employs some people who do understand it, but appears, like many politicians and political appointees, to be ignoring the knowledgeable and intelligent folks and hearing instead the idiots and those with an agenda. It's a dire weakness of a certain kind of person that they only hear what they want to. Perhaps Comey would have been one of those idiots who tried to legislate π as 3.0?

    I don't really know why else politicians, and other jackasses like Comey, don't sit down with a crypto guy and say "Make me understand why all the smart people say it is literally impossible to do what I want". Because then we could stop wasting everyone's time on a pointless debate. Crypto is never going away.

    1. LDS Silver badge

      Re: Adult, as in rational and evidence-based?

      One of the reason, is in the past years many law enforcement agency became complacent. Large scale interception made many investigations easier requiring little effort, just tap, sit down, listen, and record. Inspecting PCs or mobes became far easier than looking for evidences hidden who knows where, maybe in an hidden safe somewhere, and maybe "encrypted" somehow too.

      They are now afraid they have to work harder and smarter again.

  30. TheProf
    Big Brother

    Meanwhile.....

    ....in a dark underground lair the villainous Doctor Laszlo Von Stranglehold has finished writing in lemon juice instructions to his twisted minions.

    "Ah, Boris. Take these letters to the post office. It's not safe using email any more but the fools have left the postal service unguarded. Bwah ha ha ha!"

    To be continued.

    1. Anonymous Coward
      Anonymous Coward

      Re: Meanwhile.....

      "Ah, Boris. Take these letters to the post office. It's not safe using email any more but the fools have left the postal service unguarded. Bwah ha ha ha!"

      See also RFC 2549:

      https://tools.ietf.org/html/rfc2549

  31. W4YBO

    Fourth Amendment to the United States Constitution

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    'Nuff said.

  32. simmondp

    If you don't learn from history, you are doomed to repeat it.

    "If privacy is outlawed, only outlaws will have privacy" [the original quote] often bastardised as "If encryption is outlawed, only outlaws will have encryption".

    https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

  33. Bernard M. Orwell Silver badge

    Let me fix that for you...

    "We want to lock some people up, [We don't care who], so that we send a message that it's not a freebie to kick in the door [Unless it's us doing the kicking], metaphorically, of an American company [especially if they don't get on board with us right now] or private citizen [, it could be any activist, of course, which is good for the state] and steal what matters to them [, you know, like private or personal information, for example]. And if we can't lock people up [like big corporations, who are legal persons], we want to call (them) out [until their lobbyists turn up the heat[. We want to name and shame through indictments, or sanctions, or public relation campaigns – who is doing this and exactly what they're doing. [perhaps we should start with us...]"

  34. Neil Alexander

    Non-technical people in Government trying to rule on technical matters, sky still blue, etc.

  35. Anonymous Coward
    Anonymous Coward

    > "...so that we send a message that it's not a freebie to kick in the door, metaphorically, of an American company or private citizen and steal what matters to them."

    There is a certain irony in the head of the FBI saying that people shouldn't be kicking in doors.

    > "And if we can't lock people up, we want to call (them) out. We want to name and shame through indictments, or sanctions, or public relation campaigns – who is doing this and exactly what they're doing."

    This is even more terrifying. If he can't build a legal case against someone legitimately he wants to be able to punish them anyway with innuendo, extra red tape and bad publicity.

    The adult conversation here should be "Go to your room Jimmy and think about what you've done"...

    1. Dave 15 Silver badge

      Perhaps we should employ him in the UK

      Then he can issue 'orders' on people and have them report what they are going to use their computer for 24 hours in advance.

  36. amanfromMars 1 Silver badge

    Pussies are what pussies do and don't do

    Here's a tale which doesn't need any fancy snooping and decryption to out miscreants, but which Justice and the FBI, [as well as a whole host of other right dodgy entities] are deliberately ignoring and failing to act upon, even though the consequences of their inaction, which is tantamount to complicity and remote virtual support of grave practices, is fueling revolution and insurrection? ..... http://www.independent.co.uk/news/business/news/dishonest-bankers-threaten-new-financial-crisis-says-mark-carney-a7218156.html

    Some would say that is criminal and invites terrorism.

    1. amanfromMars 1 Silver badge

      Re: Pussies are what pussies do and don't do

      And now that it is being so widely specifically pointed out to authorities and bodies presumed to be in charge of maintaining and enhancing law and order facilities and capabilities, is continued inaction a sure sign that corruption and the perversion of natural justice in support of a criminal minority and an elite majority, is endemic and systemic.

      And that requires radical root and branch surgery to excise the cancer. And if the patient dies in the process, so be it. Such is only natural , is it not? Doing nothing in a dire set of catastrophic circumstances, is not a smart option any sane soul would take, ergo, to not take such drastic actions as are necessary confirms an all pervasive madness rife and running riot and amok in the system?

      Or do you see it all and think quite differently?

  37. Brangdon

    As we saw with the Microsoft Secure Boot fiasco...

    Also the NSA had some of their hacking tools leaked. There's no reason to think the FBI would have better security than the NSA.

    https://www.schneier.com/blog/archives/2016/08/major_nsaequati.html

  38. Teiwaz Silver badge

    Adult Conversations on Encryption are...

    Unlikely to result getting what you want as outside the realms of Tooth Fairy, Santa Claus, Fairies, Leprechauns or Harry Potter, you don't get what you want if it's contrary to maths and physics.

  39. DerekCurrie
    FAIL

    Disingenuous Mr. Comey Is Not Interested In A Real Adult Conversation

    Mr. Comey is not capable of a real adult conversation about US citizen privacy rights or computer security.

    A) He continues to ignore the US Constitution. That's what disingenuous people do when they find the Constitution inconvenient.

    B) He is technology illiterate to a considerable extent, incapable of coherence regarding computer security. He chastises poor computer network security while proselytizing for backdoors in everything as a convenience to law enforcement. That makes no sense.

    C) He treats citizen privacy and computer security as emotional subjects, using elements of FUD (Fear, Uncertainty and Doubt), that ancient method of propaganda, to push his inept opinions upon others.

    D) He talks down to others as if he knows better, is the bigger adult, has the superior authority, when in fact he is the foolish person in the room. He stubbornly refuses to listen to those who actually know what they're talking about, specifically because he doesn't want to hear and accept the information experts provide. This of course is reminiscent of a pouting child who sticks his fingers in his ears and hums loudly to himself in order to block out what others are attempting to explain to him.

    It's time to fire Mr. Comey and replace him with someone more competent. Sorry Mr. Comey, but you're out of touch.

  40. Stevie Silver badge

    Bah!

    The problem is that these chaps don't "do" math and when a tech-savvy person blithers about keys, the non-techy is thinking mechanical key. Mechanical locks can be re-keyed easily in the event of a key loss, and skeleton keys are ubiquitous.

    The problem, in part, is that the key metaphor has been pressed into service a lock too far.

    Also, we are talking a country founded in a real sense on tech innovation. The idea that "it can't be done" is foreign to the American psyche which runs with the thought that if a problem concerns technology, it can be solved if enough money and effort is available.

    Talk of mathematical impossibilities cuts no ice.

    Another issue is that there simply isn't enough interest in a national discussion of the issue (or indeed, any issue) in an "adult" fashion. The only way you get people invested these days is to fire 'em up emotionally over some issue. Adult debate is a non-starter.

    And before anyone laughs at the dumb Yanks, let us cough and flick our eyes on the "debate" that occurred before the Brexit Referendum, for there, in general terms, is the script for backdoored security discussions Blightside.

    1. patrickstar

      Re: Bah!

      Actually, to stretch the mechanical key metaphor much too far, there are some interesting vulnerabilities that arise when a mechanical lock is master keyed, i.e. able to be opened by two different keys (sound familiar?). See http://crypto.com/masterkey.html

  41. Anonymous Coward
    Anonymous Coward

    not really an adult conversation here

    Of the 101 previous comments, there was only one particularly thoughtful response. The rest were mostly snarky ad hominem responses, which are fine and amusing but only go so far.

    The 'adult' conversation can and should be around the question "are secure devices and communications worth it?". Despite the loss and chaos around the loss of use of the internet and privacy with devices that connect over it, it still is a serious question to ask. The technical discussion over how to make a secure system with backdoors is likely over with a "no, that just won't work" answer. That obviously moves the discussion to a different space.

    1. Mephistro Silver badge

      Re: not really an adult conversation here

      "are secure devices and communications worth it?"

      No, they aren't. If we lose them, we only need to sacrifice very minor things like security, privacy, e-commerce, free speech in the web, banking -including teller machines and credit cards-...

      </sarcasm>

      FYI, your debate was probably carried out more than two millennia ago, and there was a clear winner.

      Seriously now, this stupid debate would also be a massive exercise in futility, as the bad guys won't give a flying fuck about the outcome. They'll simply keep using cryptography themselves and robbing blind anyone who doesn't.

    2. Anonymous Coward
      Anonymous Coward

      Re: not really an adult conversation here

      That conversation about whether it was worth it actually happened in the 90's. That was when the Clipper chip was introduced, and failed. However, I don't believe it's the responsibility of citizens to prove why they need crypto any more than it's their responsibility to prove why they need personal computing devices, motor vehicles, personal firearms, pesticides, air conditioning, or birth control, especially when the government official they are required to prove it to is feigning ignorance regarding the obvious utility of those things.

  42. SnakeChisler

    Backdoor / Frontdoor for 1?

    Lets start at the 1st hurdle Only the good guys get the key?

    As far as I can see we've stopped at this point, no matter how good Comey thinks he's been I would bet Santa disagrees.

    So we have only those perceived by the state (any state) to be worthy of getting the key?

    Given the fact that any key will open up our digital life which includes Banking, Finance etc.. what he's proposing we have a conversation about you have to be virtually brain dead to think it was a good idea or have no online presence at all.

  43. Anonymous Coward
    Anonymous Coward

    Here is the adult version of the situation...

    The FBI wants a defeat in all commonly used communication products which are likely to be sold to civilians, via a method which only the FBI knows. However, it is not only physically, but legally impossible to prevent agencies outside the FBI from knowing the method. Furthermore, once the method is known, the most efficient method of conducting intelligence for law enforcement purposes will be precisely the same as for the IC; simply do automatic full-take on all communications and create a paper trail for access to the database (since their view is that a "search" doesn't occur until a human is involved). This is a technical necessity because doing a search of a lot of comms requires indexing to occur beforehand; waiting until you need something to do the decrypt often takes too long. We are supposed to believe that a) this system won't be abused for personal benefit, b) they won't lie about sources of their leads in court cases, c) only the FBI will retain access both to the escrow key and the full-take, d) the manufacturers will have proper security controls in the presence of an escrow system, e) future policy changes will not weaken things further after the escrow key system is in place. These assumptions are naive at best, even given the FBI's own experience.

    Furthermore, this assumes manufacturers cannot be legally compelled to provide the same escrow key to foreign governments who have jurisdiction over some part of their operation, such as China, UAE, Russia, Qatar, France, New Zealand, South Korea, Turkey, Morocco, Brazil, etc. That assumption is also false.

    Third, even the NSA made mistakes handling their exploit tools, resulting in leaks of code to the media. These leaks were passed off as being "from 2013", as though that is ancient history and equipment made in 2013 is no longer in service. In fact, many of those exploit tools are still usable. We are fortunate that software upgrades are possible on affected devices. As IoT products become cheaper and more widespread, patching problems with crypto will be less feasible (as we have witnessed in the case of Android smartphones).

    Fourth, this measure would require that systems used by law enforcement or government agencies themselves would require specialized software that is not available to civilians, because government policies would not permit use of escrow key systems within an agency, for the reasons mentioned above. That means manufacturers would still be making unbreakable systems, but would bear the responsibility for vetting clients to determine which were entitled to non-crippled versions of their products. However, to maintain compatibility with crippled versions, you would need to permit escrow key protocols on even government-issued equipment, which opens the door to breaks resulting from misconfiguration (accidentally leaving escrow encryption enabled) or downgrade attacks (like the export cipher downgrade attack). This is the reason why stuff like export-grade DES is now completely disabled in a lot of production code, because the dangers of misconfiguration are too high. You are asking people who obviously don't understand the problems with escrow to understand the problem with accidentally leaving escrow turned on in a sensitive system.

  44. Esme

    Well, when he grows up

    - then he can have one. Until then, he should keep his nose out of grown-up matters he clearly doesn't understand.

  45. fishbone

    I'm sure this will work as well as gun laws in Chicago have stopped gangbangers from shooting other gangbangers, never mind the innocent bystanders I'm sure they'll only hit their targets.

  46. nilfs2
    FAIL

    This is what happens...

    ...when a suit with zero technical knowledge and a huge ego is in charge of taking technical decisions.

  47. g4ugm

    We have seen the fiasco with TSA locks

    So a photograph of the keys has been published and many people can now 3D print copies. Now no one with any sense would ship anything valuable in checked in hold luggage, si its just about livable with. With Internet encryption its not the case, we entrust many valuables to SSL and other encryption systems

    Basically what he wants is TSA keys for our internet security. If he asks for it I am pretty sure we would soon see front end add-ons that add an extra layer of encryption.

    https://www.schneier.com/blog/archives/2015/09/tsa_master_keys.html

    1. nichomach

      Re: We have seen the fiasco with TSA locks

      On the TSA side, there's almost an unintended canary effect, since every time my other half travels over the pond, the TSA don't bother using their keys, they just destroy the lock, so if your luggage makes it through with the lock intact, it's almost a racing certainty that it has been opened, but by a nefarious (or more nefarious than the TSA) party...

  48. Howard Hanek Bronze badge
    Happy

    Adults

    Invariably the most corrupt, dishonest people are 'adults'. Take Director Comey for example........

    As long aa governmment dishonesty and corruption runs rampant you would HAVE to be the worst kind of fool to fall for national seccurity ploys. The evil that walks our government halls are harming us much worse than sporadic terrorrism and will only be emboldened by giving it carte blanche.

  49. amanfromMars 1 Silver badge

    Cheap at the price whenever one knows what one is doing and what needs to be done ...

    Would you choose to freely help and work for a nation and organisations that field and protect presidential candidates like Donald Trump and Hillary Clinton, without at least an eight figure salary, homes in California and Europe and TS/SCI identities. Well, things have moved on quite a bit from ye olde days of yore, haven't they? .......

    Despite his public transformation, he was barred from entering the United States, which he found hypocritical. . .. Partly to blame, he said, was his refusal to work for the CIA with the promise of a seven-figure salary, a home in California and a fresh identity. ...... Anonymous Coward

    And the always abiding danger is that ones secret worth be so valued and recognised by the competition and/or opposition stationed elsewhere, and a mutually beneficial rewarding partnership be established to create a whole new leading paradigm and Greater IntelAIgent Game servering Global Operating Devices. Uncle Sam is but one struggling player in that which is unfolding. The world is awash with such actors in search of an authorised mega metadatabase script.

  50. steve 124

    INQ must be losing visiters

    127 comments on this article here. Same article over at Inquirer... 3 comments.

    I guess redesigning their site to look like ass hasn't helped. lol

    BTW, admins, I love the layout here at El Reg, so please don't make the mistake of your sister site.

    And... of course... Comey is an asshat who wants to clog up the intertubes. Sigh.

  51. Dave 15 Silver badge

    Adult conversation?

    In America? About security? No chance (theres no chance here either).

    Back door means a way of breaking the encryption, that means it is NOT secure.

    And frankly I may be honest and upright etc etc etc (may be) ... but that doesn't mean I want the FBI or anyone else having the ability to spy on me. I will take my chance with the terrorists etc. rather than that. The land of the free? liberty? Words that the FBI and our own government have long since stopped thinking about.

    TBH there is more chance of me being killed by a car on my way home than a terrorist with a gun or bomb so just get a grip on reality folk.

  52. splodge

    "...send a message that it's not a freebie to kick in the door, metaphorically, of an American company or private citizen and steal what matters to them..."

    I assume he means people who dont work for a TLA security organisation

  53. Rob D. Bronze badge

    US U-turn

    When it becomes illegal to import strong cryptography in to the US. Americans will use broken encryption while by virtue of American regulation, the rest of the world (plus US-based bad guys) will choose to use something else.

    (And the FBI were harping on about the same ideas back then as well, although I do feel that Comey seems to be making a much better job of looking like a complete moron than his predecessors.)

  54. Saatdhann

    Backdoor encryption a pointless public fund wasting exercise.

    How do they expect to catch any criminals if they are so dumb?

    An adult conversation about backdoor to encryption?

    No adult is going to discuss backdoor encryption because it is over, past, done, finito, the horse has bolted, the end.

    We don't need evidence, we know why they want it so why have these fools been wasting public funds looking for it?

    We all have programmes with no backdoor that are beyond the capacity of anything but quantum computers to decrypt.

    What does the FBI want or think is going to be done? We'll all dump our current programmes and buy a new one with a backdoor? Maybe they should consider putting the drugs they collect into evidence instead of using them?

    Something like CipherShed is free Open Source and if the FBI want to backdoor it all they'll do is shift it offshore, keep it going and there's nothing the FBI will ever be able to do about it.

    The FBI can't control overseas programmes.

    What's more is that the main thing they want to stop is terrorism, no terrorist is going to buy a backdoor encryption programme to help out the FBI, that's why they use encryption. They may as well have asked the Germans to given them the plans to the enigma system.

    Even if they tried to ban everything encrypted by scanning emails, they'd still fail because people would simply write the encrypted document and hide it in a photo using stenography

    If the FBI had any brains at all they would have tried to do something before AES but they didn't. Now they are going to have to live with it forever.

    But seriously, with the advent of computers encryption was inevitable and that it would defeat the FBI without them having any hope of defeating it was also inevitable.

    My advice to the FBI: Stop wasting public funds on a fruitless exercise, there's nothing you can achieve.

  55. Daniel B.
    Boffin

    Dear Mr. Comey

    We already had this adult conversation. Secure backdoor is an oxymoron. We've shown the math and science behind it. Give it up.

  56. dwonk786

    Simple logic

    Encryption = Privacy

    Privacy = Basic Human Right

    therefore

    Encryption = Basic Human Right

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019