back to article FBI chief asks tech industry to build crypto-busting not-a-backdoor

FBI director Christopher Wray has addressed a cyber-security conference and again called for technologists to innovate their way around strong cryptography. Wray spoke at the Boston College / FBI Boston Conference on Cyber Security on March 7. He told the audience the issue of crypto can be solved because the industry's …

  1. DCFusor Silver badge

    I'm sure they know better

    This is just laying the groundwork for a later power grab as in - "we asked nicely for a long time, now we got congress to do it". They have to convince some dumb old people they'll be able to keep their jobs collecting insider benefits at the seats of power. The danger is that those congresscritters are so disconnected that enough of this in the news might drown out all the voices of reason till it's too late.

    Because we all know what he's asking for is not possible - no way this guy doesn't know that.

    I think they should work more on trying to regain our trust after quite a lot of evidence of mis and malfeasance. All the things they didn't prevent out of laxity that had nothing to do with this issue, for starters.

    It's hard to find evidence that they ever bust anyone for the issues mentioned. But plenty on say...Kim Dotcom, plenty witch hunts (which don't die because of crypto, but because there might be stupid people, but no witch), and of course the retards they encourage and give fake bombs to so as to look like they catch terrorists rather than create and then entrap them.

    Oh wait, speaking of power grabs, I didn't know that non citizens doing things that are legal in their own countries were supposed to be subject to US law....

    They resist giving info on this because (I'd bet) the actual number of cases that fail because of crypto is miniscule - they just want a fishing license to create more cases based on their hacking.

    1. jmch Silver badge
      Facepalm

      Re: I'm sure they know better - power grab

      Looks like instead of having a back door, they now want the keys to the front door.

      1. Sir Runcible Spoon Silver badge

        Re: I'm sure they know better - power grab

        Also, how is gaining access to devices (physically in your possession) in any way linked to overall security software?

        It's almost as if he is using an example of 'x' to justify 'y', where x and y are from different universes.

        Anyone spouting this shit and not being forced to admit they are wrong should simply be refused from office for either a)lying or b)being too stupid to breath without clear instructions.

    2. CrazyOldCatMan Silver badge

      Re: I'm sure they know better

      "we asked nicely for a long time, now we got congress to do it"

      At which point the rest of the world stops using software developed in the US.

      1. DropBear Silver badge

        Re: I'm sure they know better

        At which point the rest of the world stops using software developed in the US sighs a collective sigh of relief and copies the US in outlawing all strong encryption all of five minutes later. - Fixed

        1. Mark 65

          Re: I'm sure they know better

          Not going to happen for several reasons:

          1. By laying waste to their software/services industry they open the door for others. There's big money involved so why would other countries forgo both the economic boost and tax grab?

          2. The genie cannot be put back into the bottle.

          3. No financial institution will stand for weakened encryption as, in most reasonable countries, they are responsible for any losses incurred by weakness in their systems. Alter this burden and you destroy your banking sector also.

          They can try as they might, but they are fucked on this one and they know it. Hence the persistent wailing.

    3. Anonymous Coward
      Anonymous Coward

      Re: I'm sure they know better

      Next, someone will be saying we should look to Equifax for a solution.

    4. Mark 65

      Re: I'm sure they know better

      Several posters here have mentioned "but the bad guys won't use the new flawed encryption". I am left wondering whether they were ever the target but rather this is a long term operation to ensure mass data collection is kept viable. They had the comms companies on the payroll but then we went https. They were into the tech companies but then they switched to encrypted at rest and in transit with independent keys to which said companies had no access. People are gradually using more and more secure chat/messaging systems. It would appear that LE can see the limit to only being able to grab Facebook data with all else disappearing from view and they're trying to be a little pro-active (albeit too late) about maintaining their feeds.

  2. Anonymous Coward
    Anonymous Coward

    He's right, but no one here will accept it

    All of the comments here will be along the lines of, encryption cannot be broken unless a backdoor is added which would enable bad guys to also use it. This argument is both true and irrelevant. The tech community does not want its precious encryption broken, so techies never think out of the box. One solution would be to mandate that copies of all private keys be kept in escrow where only trusted law enforcement could access it. Could we trust LE to not abuse the system? Maybe, maybe not, but to say there is no solution is to be an ostrich. Perhaps the EU could be the key repository, eliminating the distrust of the NSA. Speaking solely for myself, I would like to see LE be able to take-down pedophiles, Islamic terrorists, revenge porn dealers, malware purveyors, and others hiding behind encryption.

    1. Olivier2553 Silver badge

      Re: He's right, but no one here will accept it

      And of course, the key escrow will never be breached...

      1. bombastic bob Silver badge
        FAIL

        Re: He's right, but no one here will accept it

        "And of course, the key escrow will never be breached..."

        nor will the WRONG person ever be in power to abuse it.

        When you consider all of the outright illegal shenanigans that took place within the top levels of the FBI, regarding Mrs. Clinton, the Steele dossier, and (alleged) lying to the FISA courts to get a warrant on a member of a rival candidate's campaign, yeah, sure, we can "trust" that the keys would be kept safe/secret.

        Riiiight. Am I on 'Candid Camera' ?

        Fact: Human nature is what it is. Those who wield power often ABUSE it. Period. That's why we must NEVER allow *them* to have TOO MUCH.

        As for those who want back doors or "not back doors" in encryption algorithms, I say this: Do you want someone you don't know to have a master key to all of your locks, in case you're a criminal or a terrorist? Do you think it will be kept safe?

        The 4th ammendment to the U.S. Constitution was written in part to deal with this specific thing. I believe they had locks on doors back then. This is NOT a new concept. The cops can do REAL police work instead of being FORNICATING LAZY.

        And, if every HONEST LAW ABIDING CITIZEN used this "back door" encryption, then EVERYBODY WHO ENGAGES IN ILLEGAL ACTIVITY will simply use one of a BOZILLIAN EXISTING METHODS that do NOT have back doors, with super-strong keys, and THAT genii has been OUT OF THE BOTTLE for so damn long it's pathetic.

        Icon in response to the idea that the FBI guy was 'right' in asking for the "not a back door, really, honest!" encryption method, because, he thought of it, and therefore it's *POSSIBLE* !!!

        1. Anonymous Coward
          Anonymous Coward

          Re: He's right, but no one here will accept it

          The biggest oversight is what happens when Capita loses the contract to hold on to all of your private keys and it gets passed over to Serco. What do we do about the few hundred private keys that went missing during the move?

          1. J. Cook Silver badge

            Re: He's right, but no one here will accept it

            ... or sent by the CEO of the escrow company via insecure public email with no security whatsoever to someone they want to start a pissing match with? *points at last week's Trustico / Digicert debacle*

        2. Anonymous Coward
          Anonymous Coward

          Re: He's right, but no one here will accept it

          Reading the garbage that flows from your head is enough to cause genuine physical discomfort in anyone who speaks English as their first language. Until I reading your posts, I never knew it was possible to pervert the structure of a language so badly, that it should be considered a crime against humanity.

          Clearly, you've no concept of proper capitalization or punctuation, and that would only be mildly annoying, if it weren't combined with the fact that you have no grasp on the most basic grammar.

          First off, let's talk about adjectives and nouns. Adjectives are the words we use to modify or describe nouns; and nouns are persons, places, things, or ideas.

          Secondly, let's talk about verbs. These are the words used to describe an action, state, or occurrence, and forming the main part of the predicate of a sentence. Sometimes, if we're feeling whimsical, we could also "verb" a noun, by using it in place of a verb (like I just did in quotes,) and if you've ever spent any amount of time "Facebooking" you'd see countless examples, like "adulting" or "Googling" being used all over the place.

          However, something that is absolutely not a thing (and definitely not a noun or a verb) is an "adjectivising" (which I just made up, because as I mentioned, "verbing" is an actual thing.) The reason I just "verbed" adjective like that, was because there was literally no other word to describe what you did to the word "fornicating" in the following sentence:

          "The cops can do REAL police work instead of being FORNICATING LAZY."

          You attempted to "adjective" a verb, and produced a sentence that's so hard to look at, that you'd have to go trolling the dark web before you'd see anything that would make you feel more uncomfortable. It's bad enough that you type with Tourette's and the content of your writing is just idiotic nonsense--but that crosses a line! Someone can be "lazy fornicating" but they absolutely cannot be "fornicating lazy!" Maybe if you threw a comma in there, you could be "fornicating, lazy" and add a few other things onto the list while you're at it--but verbs are not adjectives.

          Bob, you're not being "cool" or "telling us like it is" and you're definitely not Ted Nugent. Even "The Nuge" isn't as awful as you, because he's at least being creative when he starts making up his own adjectives. You just take words that already exist and use them completely wrong. If it were even possible to count the exact number, I'd be willing to bet that you've forced words into more places that they didn't belong, than Kevin Spacey or Harvey Weinstein ever did with their hands. Obviously, there can be no comparison between the extent of the damage done to the victims in either case, because on one hand, I'm comparing acts of perversion that are so egregious, that only pedophilia ranks worse--and on the other hand, I'm talking about the alleged actions of Kevin Spacey and Harvey Weinstein.

          1. Sir Runcible Spoon Silver badge
            Coat

            @AC

            Quit mumbling. You'll also find that you made your very own grammatical error, nice rant/troll/whatever that was.

            'Until I reading your posts'.....eh?

    2. Anonymous Coward
      Anonymous Coward

      Re: He's right, but no one here will accept it

      And when the Russians, Chinese, Israelis, Saudis, Belgians etc also need access to protect themselves from terrorists - they get the backdoors to all your business and political leaders phones?

      1. Oengus Silver badge

        Re: He's right, but no one here will accept it

        And when the Russians, Chinese, Israelis, Saudis, Belgians etc also need access to protect themselves from terrorists and Americans

        FTFY

        1. Anonymous Coward
          Anonymous Coward

          Re: He's right, but no one here will accept it

          >>And when the Russians, Chinese, Israelis, Saudis, Belgians etc also need access to protect themselves from terrorists and Americans

          >FTFY

          This further fix brought to you by the department for unnecessary redundancies

          1. Anonymous Coward
            Anonymous Coward

            didn't you spot the change in font?

            that's only for protection against Black Americans

          2. CrazyOldCatMan Silver badge

            Re: He's right, but no one here will accept it

            department for unnecessary redundancies

            .. which, with stunning iront, has just been made redundant because the government realised that all the other departments already had plenty of unnecessary redundancy..

            1. Sir Runcible Spoon Silver badge

              Re: He's right, but no one here will accept it

              I've just realised that he is barking up the wrong tree here (well, duh).

              If he truly is talking about SmartPhones, and that he wants manufacturers to make phones that the FBI can get into whenever they want , plus the fact that everyone else on the planet would shun such a device - wouldn't it make more sense just to ban smartphones capable of encryption outright?

              That would actually be more effective, quicker to implement, and doesn't require huge amounts of capital investment/breach of rights etc.

              I wonder why they aren't doing it that way? After all, criminals/terrier-ists will use devices with encryption regardless of what the government says so it will be about as effective in that sense. They can't enforce this shit outside of the US anyway so it's about as effective in that sense as well.

              Perhaps when people are screaming at him that this would mean *anyone* could access their information (if no-one was allowed devices that encrypt) he might start to understand the nature of the problem? I doubt it.

    3. Mark 85 Silver badge

      Re: He's right, but no one here will accept it

      Ok... sounds good except who do you trust? A government agency somewhere would be logical but if you've paid attention, the government's systems are woefully open and unprotected and they have been breached by the "bad guys". I'd suggest that he clean up his own agency (and the other agencies) first before flogging the people.

      So far the government has shown that they shouldn't be entrusted with any data much less the keys to the citizens' data.

    4. Dodgy Geezer Silver badge

      Re: He's right, but no one here will accept it

      ...One solution would be to mandate that copies of all private keys be kept in escrow where only trusted law enforcement could access it. Could we trust LE to not abuse the system? Maybe, maybe not, but to say there is no solution is to be an ostrich....

      Your 'solution', of course, leaves a gaping hole in a central principle of crypto security, which is that you do not let other people control your PRIVATE keys.

      If you think about it (which you have obviously not done), there IS no solution to the problem of keeping your data completely secret while at the same time letting government bodies have access to it.

      Oh, and why do you trust LE when corruption and incompetence is so widespread?

    5. Anonymous Coward
      Anonymous Coward

      Re: He's right, but no one here will accept it

      ok i'll bite

      you miss 3 points

      first - lets set up a key escrow for all these things the 'good guys' need to access. bad guys simply don't upgrade to the new versions. now what?

      second - who picks the good guys to get access to the key escrow? If the Iran govt wants keys do you deny them that? Does Apple say we won't give them access to our phone key escrow service, or does the FBI? What about a Chinese phone manufacturer? I can't see the FBI wanting to go to a Chinese vendor for keys

      third - how do you secure the escrow stores? even if you re-engineer every app/device to have secure key escrow in place, how do you then secure the stores? who's at fault if a store gets hacked? how do you give transparency to the store<>govt interface? The FBI et al partly ended up in this place because they were caught spying on their own citizens, even now they won't fix that. I'd go as far as to say a US company preventing this snooping in general should have defensible grounds in the constitution. but i'm no lawyer, its just how things would appear to me.

      fourth - bonus question - crypto libraries are open source and readily available. How do you prevent 'other company' from 'other country' from just making a non backdoored product and have other people use it?

      I think it's quite obvious that the issues they are having are related to device encryption, at least for the FBI. This could lead US companies to eventually caving to some sort of escrow when enabling device encryption, but what if a Chinese company does that? Keys stored over there? that'd be popular I'm sure. So prevent non US phone sales and destroy all the old phones and you're fine.

      1. Ken 16 Silver badge
        Trollface

        Obviously every country would need a copy of the key store

        But only so they can execute legally issues warrants.

    6. Graybyrd
      Trollface

      Re: He's right, but no one here will accept it

      Actually, the only thing he's "right" about is to continue holding the line on the FBI's (and LE in general) PM* with demands for FM*. To deviate from toeing the hard line, demanding open access, is to forego law enforcement's habitual self-embellishment and righteous posturing.

      Of course, these days, nothing remains beyond the realm of unthinkable stupidity. Our esteemed Congress currently ranks somewhere between pissants and cockroaches in the American public eye.

      *PM: pissing and moaning *FM: effing magic

    7. BebopWeBop Silver badge
      WTF?

      Re: He's right, but no one here will accept it

      All of the comments here will be along the lines of, encryption cannot be broken unless a backdoor is added which would enable bad guys to also use it. This argument is both true and irrelevant.

      If iI posted something like this I would also post anonymously.

    8. Headley_Grange Silver badge

      Re: He's right, but no one here will accept it

      The OP has a good point. I think the the tech community (that's us) needs to get behind the concept of accessibility and start suggesting potential ways to keep both sides as happy as possible instead of saying "never". The feds will win this one way or another and I'd rather have a solution that's got some creative tech input rather than mandatory back doors. I don't know what solutions might look like - but I'm not a data or crypto expert. Like all the commenters here, I like my privacy, I like encryption and I understand the benefits it brings and the systems that couldn't work without it, but if we continue to just shout "NO" we're going to end up with a crap, insecure, risky-as-fuck system designed by a policeman.

      1. Anonymous Coward
        Anonymous Coward

        Re: He's right, but no one here will accept it

        The feds will win this one way or another

        Actually, they probably won't. The encryption genie is out of the bottle. The best the MIB can hope for is to persuade big tech to use weaker or flawed encryption on their systems, but that means nothing because the bad guys won't be using these systems. So the peasants will have their security compromised, corporations will have their security compromised but it won't make one iota of difference to tech savvy criminals. Even if you make use of high grade encryption illegal, then that makes no difference to people who are already intending to break the law. There's plenty of tools already in the public domain, and I would guess the dark web already offers a whole range of very secure tools (and even services) for those who want their communications to go unhindered.

        Arguably if the feds do "win" this round, we have to go through the phase of a crap, insecure, risky-as-fuck system designed by the TLAs, watch the massive fail happen, and then gormless politicans may be forced to accept that proper encryption is necessary, and the MIB will be forced back into their hole. Imagine the consequences of the complete breach of corporate IP for a series of major corporations, that's not going to look so good.

        Now, if you want to aid and abet this huge screwup because you've already admitted defeat, feel free. But don't count me as a supporter of such a foolish enterprise.

        1. John Brown (no body) Silver badge

          Re: He's right, but no one here will accept it

          "but that means nothing because the bad guys won't be using these systems."

          This. The big scary terrorist paedophile they claim they are targeting, if caught, will be facing much, much bigger sentences than anything minor like using "illegal" encryption.

      2. Aitor 1

        Re: He's right, but no one here will accept it

        I'm not an expert but..

        No offense, "but" that is the problem. You either have decent (not even good) security or you dont. And if you are going to allow other people to bypass security, it is bad by design.

        If we say "yes" we would have your scenario. If we say "no" we would also probably end up in the same scenario, but at least we tried.

      3. Alister Silver badge

        Re: He's right, but no one here will accept it

        @Headley_Grange.

        What you appear to be missing is that any change to a new improved law enforcement friendly cryptography will just be ignored or bypassed by criminals and terrorists.

        It would be far better to get that message across to law enforcement and governments, than to try and put in place something which won't work.

        1. Yet Another Anonymous coward Silver badge

          Re: He's right, but no one here will accept it

          What you appear to be missing is that any change to a new improved law enforcement friendly cryptography will just be ignored or bypassed by criminals and terrorists.

          That is only a problem if the measures are intended to stop criminials and terrorists.

          If they are only targeted at ordinary people. Get stopped by a traffic cop - he gets to have a quick riffle through your phone for anything interesting, or you complain to the council - they have a quick check through your internet browsing history to see what they can use to discredit you.

          1. Sir Runcible Spoon Silver badge

            Re: He's right, but no one here will accept it

            "or you complain to the council - they have a quick check through your internet browsing history to see what they can use to discredit you."

            They can already do that with your ICR (unless you are using a VPN)

        2. Headley_Grange Silver badge

          Re: He's right, but no one here will accept it

          Alister - I'm not missing it. I know that crims are likely to keep using encryption and innocents will suffer. The cops don't care - they just want a law to make their life easier.

          I've got a drawer full of small penknives which stay in the house because the cops will treat me just the same as the teenage drug dealer with a zombie killer if they stop and search me. Knife law is a shit law, but the cops love it because they can nick more people and pretend that they are saving lives.

          https://www.telegraph.co.uk/news/uknews/crime/7593039/Disabled-caravanner-given-criminal-record-for-penknife-in-car.html

          Encryption law will be just the same - as someone above says, they'll pull you over for speeding and nick you for stuff on your phone, while ignoring the ransom notes you're getting from the crims who're threatening to send your porn viewing history to your wife and boss. It'll be shit, but the cops will be able to present better arrest figures and continue to exclude cyber crime from their stats. I'm not missing any of this - I expect it to happen.

          I just hope that when we're living in this world of crap that no one looks back and says we could have done it a better way that would have retained some protection and given the cops most of what they want - if only we'd tried to talk sensibly about it instead of shouting everyone down with a religious fervour that would not have made the final cut of "The Life of Brian".

      4. Doctor Syntax Silver badge

        Re: He's right, but no one here will accept it

        "The OP has a good point. I think the the tech community (that's us) needs to get behind the concept of accessibility and start suggesting potential ways to keep both sides as happy as possible"

        Fine. Here's my suggestion.

        He puts out a tender for contract to build this supposed wonderful tech. He makes himself happy because he's Doing Something (politician's syllogism at work here). The winner of the contract is happy. The rest of us are happy because we know that (a) nothing will be delivered because it's not real and (b) it'll be one of the usual suspects who gets the contract so it will look like business as usual when nothing gets delivers.

      5. Anonymous Coward
        Thumb Down

        Re: He's right, but no one here will accept it

        I do understand the math and have had my hands inside more than a few encryption systems including NSA gear when they couldn't fix it themselves. Also, due to my nuclear security clearance, that I've held since the tender age of 17, I was "that one guy" who could work on and around any system on a ship or facility. On a personal note, I've been using encryption on my personal systems since 1987. Lastly, I've kept abreast of every facet of information security, also since 1987.

        What that all means is that while I ain't Bruce Schneier, I can come close. Real close as I have been hanging out on his 'blog, and that community, since forever. I know the issues on the software and hardware end. It wouldn't be hard to code up my own. There are more than a few libraries used in crypto, just in case I don't want to roll my own. Since I'm a private citizen, so the business choke hold won't work, I can create an app and give it away. Now, what do the security apparatuses gonna do?

        Hell, creating a key exchange hosted, in several places of course, that don't even respect what the US or other countries/alliances want. There are plenty of places around that are like that. Once set up, properly secure, what the fuck are gonna do? My whole point here is that while you can do something to a company or other organization, getting a handle on a private individual is awfully hard once the systems are in place. I need only point at torrent sites and LEO's whack-a-mole tactic failures as proof of my argument.

      6. DuncanLarge Bronze badge

        Re: He's right, but no one here will accept it

        @Headley_Grange

        Look. Nobody is behaving childish and simply saying "NO". All the clever tech heads are being realistic and telling non tech heads that their FANTASY is IMPOSSIBLE to engineer and no GENIUS exists who can think up such a system.

        They are trying to politley say "No sorry, tech and maths dont work like that so you will just have to accept it". I mean it is just like asking the air industry to design a system that puts parachutes onto all passengers of a plane as it crashes to the earth without any human intervention (as they may be unconcious). Or even more like asking the Physics professors to find a way to avoid gravity being an issue for the crashing plane (only the crashing plane) in the first place. When the professors claim that the universe does not offer a solution, saying its impossible by the maths done on the blackboard, all you guys will not get the message and complain that the scientists are being childish about anti-gravity and are basically guilty of murdering children in crashing planes.

        Stop it. Stop it now please.

    9. chivo243 Silver badge
      Meh

      Re: He's right, but no one here will accept it

      @ Wonder AC

      where only trusted law enforcement could access it!

      When I can trust all law enforcement officials and officers, I might consider this. MIGHT I said...

      I salute your views about "baddies" on the net, but I'm not sure this is the way to address the issue. Paedos and Terrorists have been around since before the web... They would still be around if we had no WWW...

    10. CAPS LOCK Silver badge

      Re: He's right, but no one here will accept it

      I see what you did thar buddah, neatly conflating "takin' down pedos"' with key escrow and whatnot. Lessons from the recent past indicate that's, mostly, not what the access will be used for. In fact one of the uses WILL BE your next door neighbour, who works for The Poh-Lice or tha' Eff Bee Eye and who has taken a dislike to you, because your dog barked at him or your son did sexeh to his teenage daughter, will use access, justified by a tip-off from an anonymous informant, to root though your data, looking for evidence of thought crime. Don't worry though, if you've got nothing to hide you've got nothing to fear...

      1. Sir Runcible Spoon Silver badge
        Flame

        Re: He's right, but no one here will accept it

        Ok, everyone has been far too reasonable to this numpty.

        The reason no one here will accept it is because he *isn't* right, anyone not listening to people who know what they are talking about is arrogant, stupid or malicious or combinations thereof.

        Let me make this quite simple: If someone else has *your* private key, they can make it look like you *did something* you didn't. Who would you trust with that kind of power?

        The only person in the world I'd trust with that power (over me) would be my wife, but I wouldn't trust her not to fuck it up and I certainly wouldn't trust her with that power over everyone else.

        So, Mr Numpty-Trollboy what's it to be: Who do you trust?

    11. Doctor Syntax Silver badge

      Re: He's right, but no one here will accept it

      "One solution would be to mandate that copies of all private keys be kept in escrow where only trusted law enforcement could access it."

      You are, of course right. But you just move the problem to ensuring that only trusted law enforcement could access it and only in appropriate circumstances*. And a few others such as if the product is sold outside the US's jurisdiction how do you ensure that the private keys for those customers don't also go into escrow.

      That, of course, applies to US products. It doesn't do anything about software produced overseas or open sourced; you know, the software that anyone wanting to do anything remotely dodgy would then turn to. That software would be made illegal? Let me repeat what I've said before. You do not inhibit someone intending to break laws by providing them with more laws to break.

      * For avoidance of doubt appropriate circumstances don't include checking up on the neighbours and going on fishing trips. They do, however not just include but require due process of law to obtain a warrant.

    12. JimboSmith Silver badge

      Re: He's right, but no one here will accept it

      The problem is that you can't put the genie back in the bottle once it's out. We're not back in the eighties where if the government/security services can make such demands with ease. When BSB was developing their set top box they had a visit from GCHQ. The spooks were interested in the message functionality of the system where subscribers could be wished Happy Birthday. Originally the system was extremely secure and GCHQ were concerned that they would be unable to read the messages. It could be used for passing information to terrorists. Back then the main users of encryption were governments and most people didn't use it on a daily basis. Then you look at the furore when PGP was leaked on to the net. They targeted the developer for violating the Arms Control Act despite the fact he (always claimed he) didn't put it on the net. Contrast that with today where for modern life we rely on encryption for a vast array of things. We also have open source software and all it takes is for someone to write a program or app that uses unbreakable encryption and you're back to square one.

      Then we come to the issue of building something to defeat the encryption. Now even if that's possible it's got some serious risks attached. So assuming this "thing" is built if the plans or the code leaks then that's a threat to everyone using encryption. Things leak either through deliberate actions or stupidity and once this gets out everything needs to be updated. We use encryption for everything from electronic payments to securing personal data. Data protection laws are being beefed up all the time and I hope that all my data is being kept safe by the companies I have entrusted it to. I will be less likely to believe that if there's anything that can break strong encryption.

      As to it being used sensibly you only have to look at the Regulation of Investigatory Powers Act 2000 and how that's been abused.

    13. Anonymous Coward
      Anonymous Coward

      Re: He's right, but no one here will accept it

      That sounds reasonable, IF any government could be trusted to safeguard PII from unauthorized access. But that simply isn't the case. Even the OPM was hacked, exposing the personal details of millions of Americans holding security clearances. I was one of them. If you've never gone through the process of applying for a security clearance, let me just say it's unbelievably comprehensive and deeply personal in nature.

      There is absolutely no reason to trust the US (or any) government to preserve crypto keys securely if they can't protect the personnel entrusted with its own secrets.

      Anon for obvious reasons.

      1. Anonymous Coward
        Anonymous Coward

        Re: He's right, but no one here will accept it

        #metoo

        Deeply personal as they went back to which nursery I was kept in at Balboa Naval Hospital. My Mom, also with a security clearance*, had that information. I think the reason for wanting that sort of information is to make sure I wasn't swapped at birth. You can't make this shit up.

        * Everyone in my family, including my brother-in-law, has secret to TS/SAP/SAR security clearances. We can't discuss anything about our work currently, or in the past, with each other. We tell a lot of funny stories but nothing beyond that.

    14. Eddy Ito Silver badge

      Re: He's right, but no one here will accept it

      Could we trust LE to not abuse the system?

      No. Even if you have some contrived access that requires multiple people to get in, it will be abused. This isn't something like launching missiles where consequences are extreme and nearly universal it's more a matter of "come on, Jenny, I just want to see what my ex said about me and hey, you can check on your kids to make sure they aren't hanging with the wrong crowd online. It's a win-win and nobody else needs to know."

      Do I need to add that multiple incidents of LE abusing the existing systems for either personal gain or retribution happens all the time. Then there's things like civil asset forfeiture where they're just going to drain your accounts. There's also COINTELPRO, LOVEINT, & SEXINT. Even if it's only one incident per year at every agency it's a lot then add in all the subterfuge we can expect the CIA and their likes to perform adding the evidence they need to blackmail their mark into doing who knows what.

      So, no, LE can absolutely not be trusted because in the end LEOs are just people who are no different from anyone else and have all the same weaknesses as you & I. The ostrich is the one who thinks that any such system can work because they are ignoring their own human failings and everyone else's.

    15. DuncanLarge Bronze badge

      Re: He's right, but no one here will accept it

      Are you THAT guy who only uses a single "a" for his password?

      I mean if we have nothing to hide why dont we all just agree use the letter "a". It solves the problem because only the law abiding law enforcers will gain access. A warrant grants them to use the standard password of "a" to access any device.

      Criminals will be easily detected as they wont use the letter "a". Oh god, they might use "b"!

      Password resets will be a thing of the past.

      Law abiding citizens would never access any other device or account even though their possibly cheating spouse or homosexually curious child in a homophobic family uses the same password. No sir, that isnt cricket.

      In this future where we all use highly secure encryption, but all using the same password to prevent law abiding people from accessing the contents (as they have to wrestle with their conscience when they enter the standard global password "SGP" (TM)) we will have these same FBI bods demanding that the tech industry create a way to prevent unauthorised persons a.k.a the non-law abiding people (homphobic parents perhaps) from accessing devices or acounts that are not theirs.

      The tech industry will claim "it be impossible as to create such a system will involve everyone using different passwords!". The FBI etc will scoff at the tech industry saying they dont know their shit and are not having a "grown up" discussion about the fantasy that the FBI director dreampt up in the shower after viewing a high level visio diagram of how password validation works.

      The tech industry will claim that to keep using the SGP new tech needs to be developed to read the mind of the person accessing the account to detect if they are a bad actor or not, but such tech is nigh on impossible. The FBI will again say the tech industry is acting in a childish manner, because the FBI director saw mind reading on a TV show called Medium so it has to be possible.

      Reminds me of Demolition Man where the law enforcers, well society in general, were so out of touch with humanity that the mere idea of someone actually commitiing a crime, like a Murder-death-kill was impossible to imagine.

      Fancy changing your password?

  3. Anonymous Coward
    Anonymous Coward

    "...law enforcement’s own lawful need to access data be taken just as seriously.”

    Option 1: No. Maintain the impossibility. Print boilerplate "Sorry" memos to respond to warrants. Go for lunch.

    Option 2: Invent new magic that answers all needs. Spend the rest of your life responding to warrants, copying out endless files, drafting legal letters, following orders, paying lawyers. And missing lunch after lunch.

    Solution: FBI needs to bring money to the table. Warrants should be generous Purchase Orders. Maybe they'll be taken as an opportunity instead of an expensive distraction. No wonder they've been engineered out.

    1. Anonymous Coward
      Anonymous Coward

      Re: "...law enforcement’s own lawful need to access data be taken just as seriously.”

      Serious question but do you understand why we have warrants in the first place?

      Imagine a world without warrants, any member of law enforcement who you may have annoyed or they just don't like the look of you could go on a fishing trip to see if they can find anything to pin on you just for fun. A government could go looking for people that don't agree with their view. They can't do that now because there is a legal process of getting a judge to agree that there is suspicion a crime has been committed and you need to perform a search to gather evidence and confirm this.

      These checks and balances are there for a reason, a world without checks and balances will become a totalitarian state, don't agree with the government, there's a re-education centre for that.

      They may clog up the system and take time with lots of paperwork but that's the price you pay for living in an almost "free" world.

      1. Anonymous Coward
        Anonymous Coward

        Re: "...law enforcement’s own lawful need to access data be taken just as seriously.”

        "They can't do that now because there is a legal process of getting a judge to agree that there is suspicion a crime has been committed and you need to perform a search to gather evidence and confirm this."

        They can do that now - and have been doing that for some time. Some judges appear to rubber-stamp such applications. Other judges are more considered - but are given misleading "evidence" to sway them to issue the warrant. No one seems to go to jail for having done that.

        Checks and balances depend on people in the system upholding both the letter and principle of the law. When a government starts to denigrate and replace members of the judicial processes because they won't allow political interference - then the slippery slope is already present.

      2. Pen-y-gors Silver badge

        Re: "...law enforcement’s own lawful need to access data be taken just as seriously.”

        @AC do you understand why we have warrants in the first place?

        Absolutely. And in a perfect world a requirement for a warrant would ensure that due process involved an independent and honest judge thoroughly investigating the circumstances before deciding whether or not to grant a warrant.

        But in the real world you get secret security courts who grant warrants without any serious oversight - and secret 'justice' is not justice. In the real world police go to a 'friendly' judge who will sign anything. In the real world judges have to decide on the basis of the evidence presented to them - when the 'defendant' isn't present to dispute the 'prosecution' evidence.

        That's the problem. In the real world absolute trust isn't possible. And the suggested solutions for key escrow etc. require absolute trust somewhere in the system

        1. Anonymous Coward
          Anonymous Coward

          Re: "...law enforcement’s own lawful need to access data be taken just as seriously.”

          Can anyone see Amber Rudd saying no to anything being asked of her? It's exactly what she wants, unfettered access to all data. Her lack of due diligence in taking everything at face value, speaks volumes.

    2. Anonymous Coward
      Anonymous Coward

      Re: "...law enforcement’s own lawful need to access data be taken just as seriously.”

      The point being discussed, both by the FBI and here, is NOT about warrants.

      It's about building systems that have all such access (including those with warrants) engineered out, or not 100% engineered out.

      Company to FBI, "Sorry. We have no access due to our clever design."

      FBI to Industry, "Please stop doing that. Please design in some clever method of lawful access."

      Informed critics, "Any such access opens hacking risks."

      An AC above (me), "It's cheaper to design out access." Making the point about money, and too subtle for some joke about Purchase Orders (in addition to a Warrant, obviously).

      Those of you going off on ranty tangents about warrants blah blah blah are not... Ah, I'll put it this way, "I failed to make myself sufficiently clear."

      It's about engineering out *any* access. Not about the now toothless warrants themselves.

  4. chuckufarley

    Have you ever done that thing...

    ...where you say one world over and over and over and over again until it becomes meaningless to brain and it is reduced to nothing more than a series of sounds awaiting a new definition?

    1. Rich 11 Silver badge

      Re: Have you ever done that thing...

      Yes, I have. Just yesterday I did that with the word 'work'.

      1. monty75

        Re: Have you ever done that thing...

        Yes, I have. Just yesterday I did that with the word 'work'.

        You are Rihanna and I claim my five pounds

        1. Jos V

          Re: Have you ever done that thing...

          Bastards! I'm was trying to erase that stupid song from my head. Now you've done it again.

          May you walk around with "shine like a diamond" in your head for eternity!

          1. CrazyOldCatMan Silver badge

            Re: Have you ever done that thing...

            was trying to erase that stupid song from my head. Now you've done it again

            This is the advantage with not listening to popular music. No earworms..

            Or at least, no earworms that everyone else has heard of..

            (Wanders off humming "Bennett built a time machine" to himself)

          2. Anonymous Coward
            Anonymous Coward

            Re: Have you ever done that thing...

            Agreed, that's one hell of an annoying background sample in that song, that gets repeated.

  5. OzBob

    It's not technologies job to backdate itself to suit the law

    it's up to the law to modernise itself to reflect technology.

  6. Anonymous Coward
    Anonymous Coward

    Ummmmm

    No

    1. Dodgy Geezer Silver badge

      Re: Ummmmm

      I do not know what you are disagreeing with, but I strongly support your right to do so...

  7. Old Used Programmer

    Sauce for the Goose

    Tell Wray that crypto he can break can be designed...but the FBI and all other government agencies will have to use it. See how long it takes him to see the trap.

    1. Dan 55 Silver badge

      Re: Sauce for the Goose

      Or replace "all other government agencies" with "all other governments' agencies"...

    2. Anonymous Coward
      Anonymous Coward

      Re: Sauce for the Goose

      Tell Wray that crypto he can break can be designed...but the FBI and all other government agencies will have to use it.

      Nice idea. And what chances do you think it has? I'd expect the TLAs to be exempt from their desired world where ROT13 is the maximum permitted level of encryption for the rest of government, business and the public.

      The whole point here is that the TLAs see a benefit to themselves, but the costs are borne by others. So they don't care.

  8. Brian Miller
    FAIL

    Encryption backdoor takes it up the ...

    If the FBI "experts" ever bother to take a look at cryptography, that would be wonderful. "I can haz cheezeburger encryption and a pass key..."

    A weighted M of N scheme would work for what they want. Unfortunately, these "expert" nitwits can't be bothered to get off their butts and just learn about concepts that secure quite a lot of things, and actually secure things very nicely.

    But let's face it: if it were legislated that phones used M of N, that wouldn't help with the apps on the phones. They would only see everything that's been coming and going to the phone, for which they already have the log files!

    So Mr Drug Dealer uses a secure app, which encrypts its own messages separately. There's still the matter that who talked to whom and when is still known, so they can still grab somebody for a few days for quality time in a chair under bright lights.

    I still have my "Sink Clipper" t-shirt. Same thing applies now. They might as well mandate ROT13 as the new standard.

    1. bombastic bob Silver badge
      Devil

      Re: Encryption backdoor takes it up the ...

      "that wouldn't help with the apps on the phones"

      Someone like me would invent a new "not back door" encryption 'app' that would a) act like a file system, storing your data encrypted within it as if it were an SD card or other removable storage; b) use a very strong encryption method that's well known and well published and has NO! BACK! DOOR!!! [with a HUGE key that's hashed from an arbitrarily long pass phrase plus a salt that's stored as part of the device itself]

      So to decrypt the file you wouldn't just be able to take the SD card out and put it into another device; you'd have to at LEAST analyze the device and know what "salt" data needs to be used when generating the hash from the password. That's one possibility, anyway [others also exist].

      This way, the app ITSELF does the encrypting, and it deliberately has NO back door. Although, I suppose storing the SALT within a 'back door-able' encrypted file isn't that bad. Sure, yeah, why not! Throw 'em that bone!

      That way, ONLY those who used this (illegal?) app would have STRONG encryption, and you KNOW that anybody getting ahold of that APK would be able to install/run it, and even if you PUBLISH THE SOURCE, it wouldn't matter much, would it? [then anybody with an SDK could build the thing and install it as 'a developer' or on a jailbroken phone]

      And THIS just proves how POINTLESS the argument is to have a "not a backdoor, seriously, not!" encryption method. With a back door. Shhhh...

    2. Anonymous Coward
      Anonymous Coward

      Re: Encryption backdoor takes it up the ...

      " There's still the matter that who talked to whom and when is still known, [...]"

      So someone will design a system that bounces a message randomly through many other "mule" phones before arriving at its destination.

      Basically a TOR system.

    3. John Brown (no body) Silver badge

      Re: Encryption backdoor takes it up the ...

      "They might as well mandate ROT13 as the new standard."

      Don't you mean new and improve, 21st century double ROT13, twice as good as the old v1.0 ROT13?

  9. bombastic bob Silver badge
    Coat

    Arkg gurl'yy jnag gb sbepr hf nyy gb hfr jrnx rapelcgvba yvxr guvf.

    the topic line says it all. Let's see how long it takes the FBI to decode what I said.

    (coat, please)

    1. Anonymous Coward
      Anonymous Coward

      Re: Arkg gurl'yy jnag gb sbepr hf nyy gb hfr jrnx rapelcgvba yvxr guvf.

      They already do.

    2. CrazyOldCatMan Silver badge

      Re: Arkg gurl'yy jnag gb sbepr hf nyy gb hfr jrnx rapelcgvba yvxr guvf.

      Sevig thû úan!

  10. Anonymous Coward
    Anonymous Coward

    I have a theory that this is about money.

    The FBI and law enforcement could in theory ask for access to communications with a warrant which is reasonable if it's been to court and approved. This would involve all the companies keeping a copy of all communications and keys. They don't want to do that because of the huge cost involved. There is also the logistics of the sheer number of companies, some of which are not in the US but I digress.

    Therefore the FBI try to shift the cost from the companies to themselves but need access to all the communications, which is where the encryption debate comes in (well, it's not a debate there is only one right answer and that is that back doors are stupid and I don't need to elaborate to the converted on that one)

    This argument is going to drag and drag until someone passes legislation either to force companies to store communications or install back doors using government approved encryption or you get blocked from America.

    The future does not bode well.

    1. Sir Runcible Spoon Silver badge

      " or you get blocked from America."

      With the added bonus of America being blocked from the rest of the world.

      1. CrazyOldCatMan Silver badge

        With the added bonus of America being blocked from the rest of the world

        "The Internet is designed(!) to route around damage"..

        (Mostly, anyway)

    2. phuzz Silver badge

      "This would involve all the companies keeping a copy of all communications and keys. They don't want to do that because of the huge cost involved."

      And because offering actually encrypted communication is a selling point for most of these companies.

  11. John Smith 19 Gold badge
    Gimp

    What they want is *warrantless" snooping. IOW A fishing trip.

    Fact. Withholding information during an ongoing investigation is already a crime.

    Fact. Withholding passwords and logins during an ongoing investigation is often a special crime in addition.

    So yes the Feds can get access already.

    This access is for lazy data fetishists Feds

    If you have physical access to the device it's pretty much game over but these Aholes don't want to go out of their offices and do real police work.

  12. Richard 12 Silver badge

    If the FBI get this ability, the FSB also get it

    Wray, you are a traitor or an utter fool.

    You have just said that you want to hand the entire USA to Russia.

    How much did Putin pay you?

    1. Rich 11 Silver badge
      Joke

      Re: If the FBI get this ability, the FSB also get it

      How much did Putin pay you?

      Far less than the bank loans Putin nodded through for Trump and Kushner, I'm sure, but the kompromat was particularly exquisite.

  13. Joe Werner

    You don't say?

    the agency needs “more cyber and digital literacy

    Plus it is not a "claim" - look at the maths (while I cannot do the proof myself, following it is... possible-ish - no, I'm not that intelligent, sorry, but neither is that guy).

    And while key escrow sounds tempting there are so many problems (trust, interest from other governments, eventually leaking the keys to the public, hacking, ...) that nobody in their clear mind would want that. Plus the encryption-ship has sailed anyway.

  14. Milton Silver badge

    Nonsense

    Even if Wray got what he wanted, and all mainstream messaging was compromised, LE would have access only to content of users who used those systems.

    Everyone who was tech savvy, privacy minded or, yes, wickedly planning atrocities, would encrypt messages separately and, possibly, steganograph them too.

    The very people they claim to want to spy on will be the first to decline to be spied upon and there's not a damn thing they can do about it.

    The genie left the bottle a long time ago.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nonsense

      I'll go further and suggest the "bad guys" already do it or just don't use smart phones for comms.

      1. tiggity Silver badge

        Re: Nonsense

        Plenty of old skool methods people can use.

        Probably the most basic example

        Just based on words per sentence mapping its very easy to produce coherent, innocuous paragraphs of nondescript social media style chat / comment that can be used with book code to securely* transmit data via FB, Twitter etc.

        * book codes are nicely secure assuming no third party discovers the book used. Even more secure if the messages so produced are themselves innocuous phrases (and the conspirators have committed to memory what those phrases actually "mean")

        Numbers stations are nice and low tech - dounbtless with recent UK events there's people now trying to discover if they or more hi tech steg methods were used to order the recent poison attacks...

    2. Sir Runcible Spoon Silver badge
      Black Helicopters

      Re: Nonsense

      "The very people they claim to want to spy on"

      Precisely - this is about population control on a massive scale, pure and simple. Think about it, even if the somehow managed to get their way, it will only apply to America. Why on earth would they want that?

  15. Eguro
    Meh

    Who keeps inviting these guys to speak at conferences?

    Could you not give their seats to someone else, and maybe just play a video recording of the last time they talked - if you insist on having these "points" being made?

  16. Anonymous Coward
    Anonymous Coward

    There is an old proverb to cover these many re-appearances - "Give him enough rope to hang himself".

    Every time he opens his mouth on the subject he reinforces his lack of understanding. It is then up to people and the media to explain the problems to the law makers etc in a succinct manner.

    1. Rich 11 Silver badge

      It is then up to people and the media to explain the problems to the law makers etc in a succinct manner.

      And in words of just one syllable. Slowly.

      1. CrazyOldCatMan Silver badge

        And in words of just one syllable. Slowly.

        Which will get the predictable response: "la la la, I can't hear you"..

    2. Naselus

      "It is then up to people and the media to explain the problems to the law makers etc in a succinct manner."

      I've yet to see a single journalism major in the media who understands why what Wray is asking for isn't possible.

    3. Mr Humbug

      > Every time he opens his mouth on the subject he reinforces his lack of understanding.

      Every time he opens his mouth he reinforces the idea, which so many governments and law enforcers are also esposing, that the technology industry is just being awkward and not trying hard enough. If they can get that message to permeate the mainstream media they hope the overwhelming weight of Daily Mail opinion will force back doors or key escrow into their hands.

      If you have a chance, listen to this http://www.bbc.co.uk/programmes/b09rwgcg Entirely different subject, but in part looks back at how the media was manipulated

  17. rftcrusher

    Just like the goings on with the Secret FISA court. As it is now Warrants are easy to get, look at the example of the Steele Dossier used for spying on Americans.

  18. Destroy All Monsters Silver badge
    Windows

    Why is this shy-bear and why is he everywhere?

    “This problem impacts our investigations across the board—human trafficking, counterterrorism, counterintelligence, gangs, organised crime, child exploitation, and cyber”, Wray said.

    What? No politicians with the hands in the cookie jar? I'm so disappointed.

  19. Geekpride
    Coat

    Problem solved

    Of course it's possible to come up with technology to defeat encryption. We'll just need a few billion dollars in funding to buy the DeLorean and develop the flux capacitors, then we'll be able to go back in time and read the message before it was encrypted.

    1. CrazyOldCatMan Silver badge

      Re: Problem solved

      Or spend $5 on a rubber tube and some sand and arrange 30 minutes alone with the subject..

      (h/t to XKCD)

  20. no_handle_yet

    Wrong people or just plain dishonest request ?

    The TLA organizations also keep asking the wrong people, or at least being dishonest about the question. The tech billionaires and their respective companies had little to do with the design of encryption algorithms. They simply had them implemented, and sometimes badly implemented. What the TLAs are asking for is deliberately, badly implemented encryption.

    The designs and techniques for encryption came out of the maths departments and for as long as people can add and multiply numbers they will have close to unbreakable encryption available.

    A key escrow system does nothing for the TLAs beyond allowing them to fish for information amongst the data of predominantly law abiding citizens. And you only need to look at who has access to data under the UKs RIPA to realise who the trusted agencies will be with access to the key store. Depending on the use of the data it could be local councils, tax authorities, health department, gambling commission, trading standards and dozens more. How long before a single employee gets a big enough bung to leak the lot ? How long before a Snowden with a different agenda comes along ?

    The only thing key escrow does is to take away personal control of privacy from law abiding citizens. Meanwhile the criminals that know they are doing something targetable by a TLA will still be able to add up and multiply. They will still be able to do end to end encryption with a pen and paper if necessary (https://www.youtube.com/watch?v=3G8dPAdmyss). The biggest problem they will face is sharing the key. It is the biggest problem for all encryption. But that is why one time pads and dead letter drops were invented.

    That is also why proper, human intelligence led investigation is what will keep us safe from the real criminals. The fact that the TLAs keep asking for badly implemented encryption seems to imply that the real target is the population as a whole and not the criminal elements that they use as bogey men to frighten us in to acceptance.

  21. Anonymous Coward
    Anonymous Coward

    Another who has no idea of how computers and encryption works. Has he really spent time getting to know IT, who the hell suggested this was possible. He may as well say to the nuclear industry, reactors are too big and too hot, we need something small at room temperature, with all your advanced nuclear scientific knowledge I'm sure you can do it. Just another idiot to be dismissed.

    1. no_handle_yet

      Bet he bought shares in cold fusion research and dowsing rod bomb detectors.

    2. John Brown (no body) Silver badge

      "Another who has no idea of how computers and encryption works. Has he really spent time getting to know IT, who the hell suggested this was possible."

      You'd almost think that none of the TLAs had their own well funded teams of cryptologists who's job it is to understand, create and break cryptography systems. This really does put the lie to either his understanding of the subject or his motives. (Not just him, but all senior Govt. officials all over the world who spout the same rubbish) If a secure "back-doored" encryption was possible, why have their own teams not invented it yet?

  22. Peter Stone
    Black Helicopters

    Two things

    1) Whatever this guy is taking, can he please pass it around, it seems like good stuff.

    2) A thought. After a few years of asking for this "backdoor that isn't a backdoor", will a law be passed stating that data at rest in the cloud or wherever, will have to be in plaintext? Yes, I know this won't work, but........

  23. Anonymous Coward
    Anonymous Coward

    Still waiting from the "experts" who say this is impossible. Looking forward to reading it.

    1. Anonymous Coward
      Anonymous Coward

      It's perfectly possible, it just means ISIS get to follow your children to school every day. That's why people oppose it.

    2. Richard 12 Silver badge

      What he is asking for is an extra decryption key

      That can decrypt everyone's private communication - eg when you use online banking, buy stuff online etc

      That is technically possible to do.

      However:

      That universal decryption key is of near infinite value to criminals, terrorists and foreign governments to conduct heinous activities. It will be stolen within days of creation - and it's so valuable that these people whonwish ua harm would have nonqualms about kidnapping and torturing the FBI chief to death to get it.

      The only way to have secure cryptography is if there is exactly one private key that is only known to one entity - my bank knows their key, I know my key.

      Otherwise Internet banking and e-commerce is over, dead and gone.

      And the "bad guys"? They just keep using the secure encryption they wrote themselves or bought from elsewhere. The FBI destroy everything and gain nothing.

  24. LucreLout Silver badge

    Dear Mr Wray

    For the purposes of this post lets just assume I'm 100% in agreement with your mission, your justification for wanting to be able to break wrong dooers encryption without exposing the rest of us to risk.....

    The problem isn't that we haven't heard governments request for technology to solve the problem of evil uses for encryption.

    The problem isn't that we have misunderstood you.

    The problem is not that we don't want you to be able to read only evil peoples encrypted messages and files.

    The problem is that we just can't do it.

    I want an Iron Man suit. I really really want one. But they don't exist and I can't just pull one out of my ass - the limits of technology to overcome or ameliorate the laws of physics just have not reach a point where I can have one. And that is exactly where we are with your desired encryption back door - the maths doesn't work and the computational power to solve it doesn't exist yet.

    So, pretty please with cherries on top, can you move on to another way of working that doesn't rely on technology achieving what you have been repeatedly told it just can't do?

    1. CrazyOldCatMan Silver badge

      Re: Dear Mr Wray

      I want an Iron Man suit. I really really want one

      And I spent a lot of my early teen years really, really wanting to be a Lensman[1] or have a dragon in the Anne McCaffrey style.

      Sadly, neither of those happened either.

      [1] I tried to re-read those books recently. My non-1970s self is pretty appalled at how overtly and covertly racist they were..

      1. John Smith 19 Gold badge
        Gimp

        "I want an Iron Man suit. I really really want one"

        But, but, it's not the same at all. You want an Iron Man suit where as we

        <gollum>

        We wants it

        We needs it

        We must have back doored encryption.

        </gollum>

        Which is totally different to your desire for an Iron Man suit.

        <signed>

        A data fetishist.

  25. stevo42

    Tinsy winsy little favour

    Hi tech peeps, FBI here. Look, I'm not asking for an encryption back door, I've done 6 months intense studying on this (read a pamphlet some guy in the office gave me) and realised that it isn't a good idea. So instead, what I'd like please is a govt issued key logger and screen grabber installed on every device in the world, capturing everything in real time (before it is encrypted), and constantly streaming everything to my data centre where I can run some black magic AI to basically keep tabs on everything and send me an alert for when baddies do terroristy things etc. Easy peasy, all done before Christmas please. Ta muchly.

    1. CrazyOldCatMan Silver badge

      Re: Tinsy winsy little favour

      Sure. And we can give you access from this nice red tablet device with the two twistable knobs on.

      Be careful not to hold it upside down cos that makes all the magic data disappear..

      That'll be two billion dollars please. In cash, if you don't mind.

      1. Updraft102 Silver badge

        Re: Tinsy winsy little favour

        Be careful not to hold it upside down cos that makes all the magic data disappear..

        Of course. That's how you reboot it.

  26. G.Y.

    Is this the same

    Is this the same FBI that got repeated calls about the Florida school shooter, and did nothing whatsoever?

    1. Updraft102 Silver badge

      Re: Is this the same

      Is this the same FBI that got repeated calls about the Florida school shooter, and did nothing whatsoever?

      That's the problem with mass surveillance. They watch everyone, but they learn nothing... there's so much data overload that it becomes impossible to separate the important things from the noise. Every time some terrible crime takes place, the FBI seems to have been aware of the perpetrator, yet it happened anyway. The perp in any given crime would have been known to them because everyone is known to them, but there's so much mass data collection that what they have is never enough for anything proactive... they just have to collect a little more, then they'll know if it is time to act. There's always just that little last bit to collect before they really know.

      All the mass surveillance is good for is creating dossiers on every person in the country, so that when the government decides to destroy some of them for its own political reasons, it has plenty of fodder with which it may do so. It goes hand in hand with the millions of pages of laws that exist only to ensure that just living a peaceable life means breaking dozens of laws without even knowing it.

      Mass surveillance doesn't prevent or inhibit (real) crime or terrorism or anything similar... it just destroys any remaining bit of liberty and rule of law.

  27. Anonymous Coward
    Anonymous Coward

    Sure.....

    ....they can have my keys when I can have thiers.

  28. adam payne Silver badge

    None of this means a backdoor, he said, because he defines a backdoor as “some type of secret, insecure means of access. What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.

    Seems they have learnt a few lessons from the backlash over asking for backdoors.

    So instead of the back door they want to walk through the front door instead.

  29. Pen-y-gors Silver badge

    Six months?

    Wray told the conference he's spent the last six months “catching up on all things cyber”,

    Well, looks like that was rather a waste of his time then, as it doesn't seem to have sunk in. Perhaps he should have spent the time just chilling and watching reruns of Dragnet.

  30. TopBanana
    Headmaster

    Literacy?

    "Wray told the conference he's spent the last six months “catching up on all things cyber”, and that as a whole, the agency needs “more cyber and digital literacy in every program throughout the bureau”."

    A sentence like this proves that they just need more general old fashioned literacy throughout the organisation. Once they have that, they may have the ability to understand the books on strong cryptography that explain why it is not possible to have the ability to bypass strong encryption.

  31. Talamasca

    I'm a gud Murikan!

    I think I'll take a few minutes today to get a few extra house keys made and drop a set off to the city, county, and state police. Better yet, I'll just leave a set fastened to my front door. Along with a copy of 1984 in case they've forgotten anything.

  32. GrumpenKraut Silver badge
    Happy

    Comedy gold:

    Am I the only one finding "This problem impacts our investigations across the board—human trafficking, counterterrorism, counterintelligence, gangs, organised crime, child exploitation, and cyber" seriously funny, courtesy of the last two words?

  33. Frank Bitterlich
    Facepalm

    "You just don't *want* to solve that problem!"

    The whole reiteration of "it's just not possible because you guys haven't invented it yet" reminds me of that Big Bang Theory episode, where Penny's idiot (ex-?)boyfriend proudly tells about the invention he just made – goggles that convert any movie into a 3D movie. How does it work? "I don't know, I'll let you figure that out."

    Now there are two possibilities: Either all of those "the laws of Australia trump the laws of mathematics" statements are made honestly and those making them are really ignorant enough to believe in that; or that this is just a clever ploy to get Joe Public to sooner or later think "The tech companies just don't *want* to do it because they are evil."

    Honestly, I don't know which one to believe. They both sound awfully plausible.

  34. Yet Another Anonymous coward Silver badge

    Think of the economy

    Everybody is going to need new phones that the FBI can tap.

    These phones are obviously going to have to be made in America - you can't trust the gooks.

    The white house are going to need different phones that the FBI can't tap - but the secret service can.

    Then the CIA aren't going to trust the FBI or USSS so they are going to need different phones

    Then the DOJ. Then the army, navy airforce and coastguard are going to need their own phones that the other services can't tap. (The Marines will carry on with their Fisher Price Mr Microphone playsets)

    This should result 500,000,000 new phones - with some senior politicians having to have at least a dozen different models.

  35. Bucky 2

    We've All Had This Client

    "We want the application to do X. It must always do X. X must be perfect, reliable, and constant. Everything depends on X."

    So you build it. You're down to the final review before final payment.

    "Sometimes we don't want it to do X at all. Make that happen."

    1. Stevie Silver badge

      Re: We've All Had This Client

      Definition I first saw in 1978 in Datalink:

      One-off job: A utility before it's second and subsequent runs.

  36. Stevie Silver badge

    Bah!

    Wray told the conference he's spent the last six months “catching up on all things cyber”, and that as a whole, the agency needs “more cyber and digital literacy in every program throughout the bureau”

    Still not quite caught up, I see.

  37. Tom 35 Silver badge

    Who remembers

    Checking the "I will not give this to Cuba" checkbox when downloading Netscape 128 bit? Who also remembers thinking "wow, this is f'ing stupid"?

    Well this is the same.

  38. John Smith 19 Gold badge
    Unhappy

    Do you just get the urge to say "Hey, dumbass, it's called *strong* encryption for a reason"?

    No, it does not add to the debate, but it might make you feel better.

  39. Anonymous Coward
    Anonymous Coward

    Not a tech problem

    This is not a technical issue, it is an issue of trust. Government needs to act in such a way that the public trusts the integrity of the described process and people would then not fight it. This is so in several Western European countries, but not all, and certainly not in the US. The alternative is the Russian approach, were government uses force and ignores the public. This is the difference between democracy and fascism.

    What Wrey is asking for is to be neither democratic, nor fully fascist. He wants people to trust the government without any reason to do so. It's like Potemkin's village, democracy on the facade with some really bad stuff in the background.

    This will not fly, either submit to democracy or impose fascism. The middle ground is not realistic.

    1. Updraft102 Silver badge

      Re: Not a tech problem

      This is so in several Western European countries, but not all, and certainly not in the US.

      That may be so, but simply having fooled people into believing that any given government can be trusted does not mean that it really is worthy of trust. The reality is that no government is, ever has been, or ever will be worthy of trust. Governments are made up of people, and people who are given power behave in predictable ways. They must all be distrusted... the ones that are closest to being worthy of trust will find the least fault with being subjected to intense scrutiny, for they would have the most to gain by having their relatively pure motives made public.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019