back to article FBI boss: We went to the Moon, so why can't we have crypto backdoors? – and more this week

There has been a bumper crop of security news this week, including another shipping giant getting taken down by ransomware, Russian hackers apparently completely pwning US power grids and a sane request from Senator Wyden (D-OR) for the US government to dump Flash. But there has been other news bubbling under. Useless action …

  1. Jens Goerke

    Eggs out of pancakes

    So he demands to be able to get the eggs back out of the pancakes.

    1. Alan Hope

      Re: Eggs out of pancakes

      Perfectly possible. You just feed the pancakes to a hen and a cow, they will process them for you and return your eggs and milk.

      1. Rich 11 Silver badge

        Re: Eggs out of pancakes

        You just feed the pancakes to a hen and a cow, they will process them for you and return your eggs and milk.

        Eggsellent idea.

        If you add pancakes to your compost heap you can also use them to fertilise sugar beet and lemon trees.

        Cor, this is an even better whiz than extracting sunlight from cucumbers!

        1. BebopWeBop Silver badge
          Joke

          Re: Eggs out of pancakes

          You may also feed cows cocoa and sugar to get natural chocolate milk

          1. herman Silver badge

            Re: Eggs out of pancakes

            Eh? Didn't your mommy teach you that white cows make white milk and brown cows make brown milk?

            1. onefang Silver badge

              Re: Eggs out of pancakes

              "Didn't your mommy teach you that white cows make white milk and brown cows make brown milk?"

              And you get milk shakes out of cows that have been bouncing on a trampoline all day. Just don't ask where yoghurt cums from.

      2. Symon Silver badge
        Big Brother

        Re: Eggs out of pancakes

        "feed the pancakes to a hen and a cow"

        In the UK, you do that, you break the law!

        https://www.gov.uk/government/news/apha-warns-not-to-feed-kitchen-scraps-to-farm-animals-because-of-disease-risk

        "It remains illegal to feed catering waste, kitchen scraps, meat or meat products to farmed animals."

        1. Guus Leeuw

          Re: Eggs out of pancakes

          Dear Symon,

          How dare you compare pancakes to kitchen scraps!

          Best regards,

          Guus

    2. Christian Berger Silver badge

      Considering the insane budgets...

      ... that secret services an Bubble 2.0 companies have, he can be forgiven for believing that that's feasible. After all that's probably at least in the same order of magnitude than the Apollo program.

    3. Lee D Silver badge

      Re: Eggs out of pancakes

      The analogy is really simple.

      He wants a single skeleton key that opens every door in the land.

      Would you *give* someone a master key to your house? Would you give the police a copy of your keys? Whether or not they "only" use them when authorised to do so, and though you could justify it as "it saves police time as they'll be able to get into places when they have a search warrant without needing the owner's co-operation", it's a really, really bad idea. Because such a key's existence totally compromises everyone's security (as it will also open all the big City banks, etc.), access to that key can't be controlled if so many organisations require it, and the criminals only need see that key once to open EVERYONE'S home.

      It's a really, really, really dumb idea.

      Now... there might well be a way to implement it. There are a number of encryption schemes built around combinations of access keys, where you only need to hold a certain number of them to open the encryption while ordinary users still have encryption/decryption keys as normal and can't open other's messages. But their very existence is a huge chasm of potential compromise.

      And exactly those people who you NEED to decrypt their communications won't ever use such a system for anything they don't want the FBI etc. to know. It's just that simple. It's like giving everyone a safe that the government can always open and then expecting criminals to put all their ill-gotten gains and bank vault plans into it. It's ridiculous.

      Organisations need to accept that encryption is a double-edged sword, and a feature that you can't uninvent - you would be much better off putting all your resources into old fashioned policing and spying than trying to ensure that the criminals haven't used an encryption that's impossible to break. After all - at some point they have to decrypt those things, and that's your avenue, not mass surveillance and breaking into every machine on the planet and filtering out everyone's Facebook posts.

      Literally, the signal-to-noise of what they want plummets the second that you capture ordinary people in the loop, so they're not helping anyone. This was always my argument against the "acres of datacentres" tripe. Maybe they do have those. But, guess what? All that does it make it even harder to spot what you were after compared to just tailing the guy you're interested in and putting a bug on his computer. At great expense.

      Encryption is like "deception". It's a natural part of life now. And you can't just demand that criminals "never deceive you" or that you should be given the ability to always tell when they are being deceptive. We all are carrying devices that can run open-code that provides military-grade encryption written by people who are nothing to do with the US government, capable of encrypting hundreds of megabytes of data a second without even flinching, to the point that the encryption is irreversible within the age of the universe with current technology. Give it up. Sure, you USED to be able to not have to deal with that. Now you can't.

      If the PGP / Zimmerman suit had prevailed, you might have had some control. But any mathematician with a numerical recipes book, any decent coder, anybody with a copy of Maple or Matlab or similar can give you a maths puzzle that you can never reasonably solve without having to do more than include a library or run a function. And every member of the public has a device in their pocket that's encrypting hundreds of connections an hour.

      There is no backdoor that you can reasonably use.

      1. Avatar of They Silver badge
        Happy

        Re: Eggs out of pancakes

        Careful. The TSA have a master key that has to be able to open any locked luggage that enters the US. So they sell locks that are TSA approved, meaning the lock will fit the master key. (I assume if not they break the locks)

        I read an article that actually said "Don't worry, only TSA approved staff have access to the key." :)

        So America wants a skeleton key because they already have one for physical luggage.

        1. Gio Ciampa

          Re: Eggs out of pancakes

          "Don't worry, only TSA approved staff have access to the key."

          ...or anyone who read the Washington Post article that one time - and "forgot" to remove the picture of them...

          https://en.wikipedia.org/wiki/Transportation_Security_Administration#Checked_baggage

        2. JohnFen Silver badge

          Re: Eggs out of pancakes

          Yeah, that TSA luggage nonsense is the primary reason why I don't take luggage on flights.

      2. Kabukiwookie

        Re: Eggs out of pancakes

        Literally, the signal-to-noise of what they want plummets the second that you capture ordinary people in the loop

        That presumes that the real reason is an attempt to capture the 'bad guys'. Problem with that again is thay the definition of 'bad guys'is constantly shifting.

  2. Pen-y-gors Silver badge

    Man on the sun

    'if we can put a man on the moon, surely we can put a man on the sun,'

    Actually, that's not a great analogy for back-door encryption. It's not physically impossible to put someone 'on' the sun, just insanely difficult. It is not mathematically possible to have encryption back-doors without undermining the whole encryption system.

    1. Justin Clift

      Re: Man on the sun

      > 'if we can put a man on the moon, surely we can put a man on the sun,'

      Whichever volunteer gets chosen for that will be a star... err... for the rest of their life. :)

      1. Paul Herber

        Re: Man on the sun

        Where is Mr Neutron?

        1. hplasm Silver badge
          Mushroom

          Re: Man on the sun

          "Where is Mr Neutron?"

          Where is Doctor Solar- Man of The Atom?

      2. Tigra 07 Silver badge
        Thumb Up

        Re: Man on the sun

        "if we can put a man on the moon, surely we can put a man on the sun"

        And as the great Ali G himself said: "We send them at night when the sun is cold."

        1. Anonymous Coward
          Anonymous Coward

          Re: Man on the sun

          Oh you jest but when I showed my mate a picture I took of mercury transiting the sun the other year, his first question was "is that the moon"? When I explained it was the sun with its closest body passing across it, question 2 was "Did you take the picture at night"?

          Shoot me now.

        2. BongoJoe
          Windows

          Re: Man on the sun

          And as the great Ali G himself said: "We send them at night when the sun is cold."

          Ah, not a towards the great Dave Allen. Pah! Youngsters today, etc..

    2. Charles 9 Silver badge

      Re: Man on the sun

      Why not just counter with Turing's Halting Problem disproof? If one cannot accept formal proof of an impossibility, one doesn't believe in math, meaning one's not in touch with reality and should be dismissed.

      1. Daniel 18

        Re: Man on the sun

        I suspect that most people who could understand the math around the halting problem could understand the math about crypto back doors.

        It did take a year or two of university math to prepare to prove the relevant theorems. How many government funtionaries or politicians will have that? (which hints at a wider and deeper problem)

      2. Nick Kew Silver badge
        Boffin

        Re: Man on the sun

        Why not just counter with Turing's Halting Problem disproof?

        All you need is a super-Turing computer. Like, for instance, an Analogue X Machine.

        Turning your intended analogy on its head, I guess politicians and spooks can dream of an entirely new crypto framework. Then un-inventing our existing framework can be the next thing after brexit to keep them away from reality.

        1. John H Woods Silver badge

          Re: Man on the sun

          If we can put a man on the moon, surely we can calculate the exact value of π

          1. Symon Silver badge
            Boffin

            Re: Man on the sun

            "Contrary to popular belief and what most mathematicians will tell you, all of the digits in the decimal expansion of π are known! They are: 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. It is the order that they appear that is not known."

            Reminded me of π = 16·arctan(1/5) − 4·arctan(1/239)

            As proved In 1706 by John Machin, Professor of Astronomy in London. He used it to compute π to 100 digits.

            You can use the Maclaurin series for arctan. The smaller the value of x, the faster the series converges.

            arctan(x) = x − x³ /3 + x⁵/5 − x⁷/7 + x⁹/9 − x¹¹/11 + . . .

            http://turner.faculty.swau.edu/mathematics/materialslibrary/pi/piforms.html

            http://turner.faculty.swau.edu/mathematics/materialslibrary/pi/machin.html

            1. Kevin Johnston

              Re: Man on the sun

              "Contrary to popular belief and what most mathematicians will tell you, all of the digits in the decimal expansion of π are known! They are: 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. It is the order that they appear that is not known."

              Aha.....

              The Eric Morcambe reposte

            2. Michael Wojcik Silver badge

              Re: Man on the sun

              "Contrary to popular belief and what most mathematicians will tell you, all of the digits in the decimal expansion of π are known! They are: 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. It is the order that they appear that is not known."

              Hell, it's even easier if you use the pinary representation: 1π

          2. This post has been deleted by its author

          3. onefang Silver badge
            Boffin

            Re: Man on the sun

            "If we can put a man on the moon, surely we can calculate the exact value of π"

            Just move to one of those places where politicians declared that the legal value of π was 3, or something almost as exact. If I recall correctly, there's some USA states amongst them.

          4. Michael Wojcik Silver badge

            Re: Man on the sun

            If we can put a man on the moon, surely we can calculate the exact value of π

            I can. Send me a USB drive with infinite space, and I'll send you the answer shortly after infinite time has passed.

        2. Michael Wojcik Silver badge

          Re: Man on the sun

          All you need is a super-Turing computer. Like, for instance, an Analogue X Machine.

          Hypercomputing machines aren't counterexamples to the Halting Problem proof, since the proof only establishes that the HP is not computable (or, if you prefer, "effectively computable").

          You could just as well state that the HP can be solved by a magical all-knowing oracle. It's not an interesting claim. (That's not to say there's no value in hypercomputing research,1 just that "hey, a hypercomputing machine could solve the HP!" isn't in itself a productive observation.)

          The same applies to "secure" cryptographic backdoors. We can imagine various non-realizable systems for achieving them, but as we're unable to construct any of them, that doesn't support Wray's thesis.

          (Technically, of course, there are uncertain2 - possibly-correct - hypercomputing designs which can be realized. That doesn't help with the HP, though, and I don't see it helping with crypto backdoors; we already have classical protocols for converging on the correct output of a decryption function.)

          1Though certainly some people have argued there isn't.

          2And nothing is certain anyway, if you're logical. Doxastic logic shows that any reasoner of sufficient power can never believe in its own consistency, without thereby becoming inconsistent.

      3. Anonymous Coward
        Anonymous Coward

        Re: Man on the sun

        > Why not just counter with Turing's Halting Problem disproof? If one cannot accept formal proof of an impossibility, one doesn't believe in math, meaning one's not in touch with reality and should be dismissed.

        @ Charles9: your logic is impeccable but wasted: there are plenty of politicians whose preference for God over evolution is a positive advantage to being elected, so a preference for wishful thinking over mathematics will barely register.

      4. Michael Wojcik Silver badge

        Re: Man on the sun

        Why not just counter with Turing's Halting Problem disproof?

        (I take issue with the word "disproof", but whatever. I'm also not certain that the HP is isomorphic to "secure" cryptographic backdoors, but again that's peripheral to the main question.)

        Because the whole problem is that Wray, and others like him, either 1) know that it can't be done securely but don't care, or 2) are determined to remain ignorant.

        They use facile analogies like man-on-the-moon to sway public opinion and influence others who don't understand the technical issues.

        Countering that with technical arguments is rhetorically pointless. People who understand the math are either on the side of the angels, or mendacious. People who don't have no reason to find the argument persuasive, because they don't understand it.

    3. LDS Silver badge

      Re: Man on the sun

      Maybe he meant the Sun has no solid surface so you can't really put a man of the Sun, even if you can survive the heat and radiations, and be able to decelerate enough in such gravity well. It's not a matter of technological innovations.

      Anyway, to get to the Moon US needed a not so small number of 'available' German scientists and engineers... instead of dreaming about backdoors, it would be smarter to stop to piss off long time allies and collaborate efficiently in fighting crime.

      1. John Smith 19 Gold badge
        Unhappy

        even if you can survive the heat and radiations, and be able to decelerate enough in such g

        The "surface" gravity of the Sun is about 27 Earth g's.

        And of course there is no actual "surface" to land on.

        But idiot politicians will hike you their diapers and stream at the top of their lungs "We want you to land on the Sun" anyway.

        1. scrubber

          Re: even if you can survive the heat and radiations, and be able to decelerate enough in such g

          "The "surface" gravity of the Sun is about 27 Earth g's."

          Well that's a crushing disappointment.

        2. herman Silver badge

          Re: even if you can survive the heat and radiations, and be able to decelerate enough in such g

          The sun indeed does have a very solid surface. See this very nice astronomy web site: http://thesurfaceofthesun.com/

      2. herman Silver badge

        Re: Man on the sun

        Err... the sun does have a very solid surface. See this, it is a very nice astronomy web site: http://thesurfaceofthesun.com/

    4. JeffyPoooh Silver badge
      Pint

      Re: Man on the sun

      Dr. Parker is headed there shortly.

      649kw per square meter.

      Will hit 200 km per second.

      Just one thing, he's a solar probe.

    5. Ken Moorhouse Silver badge

      Re: Man on the sun

      Not sure what the journey time to the sun would be (judging by the queues to use the Channel Tunnel at present, due to a few temperature problems, probably infinite), google says 19 years. By that time any encrypted messages should easily have been cracked, so he just needs to be patient.

    6. kain preacher Silver badge

      Re: Man on the sun

      Actually you can't get near the sun with today tech.

      1. jmch Silver badge
        Flame

        Re: Man on the sun

        No, but I'm pretty sure we can shoot a man INTO the sun with today's tech. Maybe the FBI director can volunteer for the honour?

      2. Anonymous Coward
        Anonymous Coward

        Re: Man on the sun

        " Re: Man on the sun

        "if we can put a man on the moon, surely we can put a man on the sun"

        And as the great Ali G himself said: "We send them at night when the sun is cold."

        Well Mercury managed it, billions of years ago and its just a lump of rock!

    7. Anonymous Coward
      Anonymous Coward

      Re: Man on the sun

      "It's not physically impossible to put someone 'on' the sun, just insanely difficult."

      Without some form of force-field, it actually is impossible to put someone 'on' the Sun.

      The temperature of Sol's photosphere is ~5700K but the most refractive metal, Tungsten, melts at just 3695K. But even if you could find a usable compound that could maintain its integrity as a vessel at those temperatures then without a cooling system everything inside it would also soon reach the same temperature. That cooling system would have to remove the heat from inside the vessel to somewhere cooler, which would mean far away from the Sun - think heat-pipes that are tens of thousands of miles long. Trouble is, not only would the cooling system need to be able to transport heat energy away from the vessel but it would also need to be able to keep itself cool enough to maintain its own integrity.

      Then there's the issue of radiating heat away in space...

      1. Anonymous Coward
        Anonymous Coward

        Re: Man on the sun

        "Then there's the issue of radiating heat away in space..."

        The sun manages it. How hard can it be? :-)

      2. Someone Else Silver badge
        Coat

        @LeeE -- Re: Man on the sun

        The temperature of Sol's photosphere is ~5700K but the most refractive metal, Tungsten, melts at just 3695K.

        Just two words: Transparent Aluminum. (Maybe with some sunblock in it?)

        1. bombastic bob Silver badge
          Meh

          Re: @LeeE -- Man on the sun

          RE: Tungsten melting point, temperature on the sun's surface

          Well in theory as the metal vaporizes, it absorbs latent heat of fusion from whatever material it's attached to (and/or being heated by) - think of the heat shiield on the Apollo spacecraft as it was coming back to earth.

          But other materials would make a better heat shield. And they would be consumed, rapidly. So there's an obvious time limit involved.

          So it's possible, but not practical.

          That of course is a complete distraction to the original point, the absolutely STUPID comparison of 'man on the moon' to 'back-doorable encryption'. How about this Mr. FBI dumb-dumb: FREEDOM. PRIVACY. SELF-RELIANT SECURITY. SELF-DEFENSE. yeah you don't want THOSE either, do you?

          1. Tigra 07 Silver badge

            Re: Bob

            So...We need the X-men?

        2. herman Silver badge

          Re: @LeeE -- Man on the sun

          Transparent Aluminium exists actually. It is maybe better known as saphire or ruby.

  3. Waseem Alkurdi

    The researchers found a list of 809 targeted organizations, two thirds of which were in Saudi Arabia, the Lebanon, Israel and Kuwait also targeted. Occam's Razor would suggest that maybe the Iranian hacking teams have a new subgroup that's going to work.

    I could understand Iran targeting Saudi Arabia and Israel, but Lebanon and Kuwait? Why would they do that?

    Particularly Kuwait. This state has been long considered "neutral" in the Gulf tensions and whatnot.

  4. Waseem Alkurdi

    Of course, it's bollocks, but the social engineering was quite clever, using a stolen password to convince the recipient that the threats were real.

    Imagine you used porn. And the same password on everything.

    These two facts are enough to at least shake your and, at most, make you shit your pants.

    Just try putting yourself in the victim's shoes.

    1. Charles 9 Silver badge

      True, but a REAL blackmailer would provide proof it's not a bluff: just a little taste from something actually belonging to the victim, along with the address of the local police or your significant other. If the threat was real, they'd have ways of ensuring your full cooperation.

      1. Sureo

        "...True, but a REAL blackmailer would provide proof..."

        Why bother? Looks like there are plenty of victims ready to cough up without it.

        1. Michael Wojcik Silver badge

          Re: "...True, but a REAL blackmailer would provide proof..."

          Why bother? Looks like there are plenty of victims ready to cough up without it.

          Yes, but that's orthogonal to Charles9's point, as I understood it: there are some fairly obvious protocols for confirming the threat.

          Obviously a subset of potential victims won't think to employ those protocols. But that's always been true of phishing scams, which generally try to minimize costs to the attacker and gather the low-hanging fruit. Sometimes they're deliberately stupid to reduce the number of potential victims who initially engage but then bail out.

        2. bombastic bob Silver badge
          Devil

          Re: "...True, but a REAL blackmailer would provide proof..."

          I got one of those blackmail e-mails today, demanding 300 bitcoin or something. The FBI got a copy of it on their on-line complaint web site (with mail headers). Yes, NOTHING is too good for our new special friend!

          It's the best thing to do with it, forward to whatever law enforcement agency has jurisdiction. And the "you can't find me I'm in another country" taunt at the end was laughable, at best.

          [I wonder how many people received this e-mail, obviously a bulk mailing]

          1. JohnFen Silver badge

            Re: "...True, but a REAL blackmailer would provide proof..."

            "[I wonder how many people received this e-mail, obviously a bulk mailing]"

            As near as I can tell, everybody that I personally know has received one. I've received several, probably because I have several online identities.

            1. onefang Silver badge

              Re: "...True, but a REAL blackmailer would provide proof..."

              "As near as I can tell, everybody that I personally know has received one. I've received several, probably because I have several online identities."

              Awe, I missed out. Do I have to stick a camera on my porn computer now?

      2. JohnFen Silver badge

        "but a REAL blackmailer would provide proof it's not a bluff: just a little taste from something actually belonging to the victim"

        You mean like that new spam that's going around? I got a few over the past couple of days. It actually includes a password of mine, and claims that they used that password to hack into my computer and use the camera to record video of me jerking off, and if I don't pay them an outrageous amount of money, they'll send the video to all of my contacts.

        It's a nice try at providing a "little taste", but fails because I haven't used that password in over 10 years and my computer has no camera attached to it. Ignoring the fact that if someone did manage to get such a video, I'd much prefer that it was distributed to everyone in my contact list over paying those people even a single penny, they did try to make it sound like viable blackmail.

        Proof of having blackmail goods has to be more substantial than just a little taste.

        1. Charles 9 Silver badge

          "Proof of having blackmail goods has to be more substantial than just a little taste."

          For it to be an actual taste, it has to be a FRESH and PLAUSIBLE taste. They made the mistakes of (a) using stale data and (b) making a nonsense threat. A REAL blackmailer would actually have dirt and attach say one of the files they exfiltrated as proof.

    2. Rich 11 Silver badge

      make you shit your pants.

      For a small but non-zero segment of humanity, this would have an unintended effect. "More blackmail threats," they'd cry! "Oh god, more, more!"

    3. Michael Wojcik Silver badge

      Imagine you used porn. And the same password on everything.

      These two facts are enough to at least shake your and, at most, make you shit your pants.

      Well, no, it wouldn't, because I wouldn't use a machine with a camera for my recreational activities.

      I certainly understand the social engineering in this attack, and it's moderately clever. But let's not overstate the case.

  5. sanmigueelbeer Silver badge
    Unhappy

    The idea that we can't solve this problem as a society -- I just don't buy it.

    Well, I don't buy that the good US Government (as a whole) is going to use the power of "backdoor" to do any good. One good example is when US George Bush confronted Saudi Arabia about them buying from Airbus. The information came from an encrypted email between Saudi Arabia and Airbus which the NSA was able to intercept & decipher.

    Next, I don't also "buy it" that the good US Government knows how to keep this "backdoor" within the US Government. (I mean, ETERNAL BLUE, ring a ding-ding anyone?)

    Seriously, if the US Government want decryption keys or encryption back doors, then this should go "both ways": (Highly) Confidential documents be open to the public.

    1. Yet Another Anonymous coward Silver badge

      But that's a perfect example of using it for good.

      Since the US president is chosen by God, then anything they do is for the good.

      Certainly protecting the Saudis from buying heathen godless commie euro planes instead of honest God fearing righteous Boeings would be "for good"

  6. Chronos Silver badge

    Mr Wray

    "We're a country that has unbelievable innovation," he said. "We put a man on the Moon. We have the power of flight. We have autonomous vehicle. The idea that we can't solve this problem as a society -- I just don't buy it."

    Chris (and Theresa), here are a few facts for you:

    1) Encryption is mathematics. If you let one entity in on the algorithm, you potentially let everyone in.

    2) This behaviour isn't a problem, it's by design. We don't want to lose all semblance of privacy just because a few god-botherers and psychopaths have decided to misbehave. We, the people, wish to preserve our privacy.

    3) Nobody trusts you. The scope for misuse of a backdoor into anything is almost limitless. You may be all good intentions now but in the future we may want to discuss you without you knowing about it. That's not conspiracy or subversion, it's democracy, a principle you claim to support when you want a vote or two.

    4) Your record for keeping secrets when they're not yours is appalling. One visit to a motel with your "friend" and the USB drive with the keys to the world's encrypted communications is gone. Once it's gone, it never comes back and we'd have to re-work everything from scratch.

    If those aren't enough, I have more. All of these apply to our (the UK's) very own Snoophenge, too.

    1. Charles 9 Silver badge

      Re: Mr Wray

      What's needed is a way to make this so simple to describe that even a total idiot can understand it (failing that, they can be reasonably denounced as complicit). Something like, "How do you prevent your significant other from making a secret copy of your house key?" Or, "How can you be certain the guard holding all the keys to the building isn't a mole?" Something that doesn't even involve maths (since there are those who don't believe in math--yes, they consider it an acceptable break from reality just like President Trump) but even simpler.

      1. DCFusor Silver badge
        Holmes

        Re: Mr Wray

        Everyone, or nearly, is missing the bureaucrat-speak wording here; how to lie by making it easy to misconstrue what you're saying due to your cognitive bias- without actually lying. It's usually a thing pols are masters of. At that level, he's not a cop, he's just another politician, only not one we vote for.

        He's not trying to convince _us_ with this drivel. He knows, we know, we know who knows. He's providing cover for bad legislation, to come.

        "as a society" is the key part of the phrase. What he's saying is that we asked nicely, now instead of doing by math, we're just going to get encryption we can't break made illegal - "as a society". This talk isn't aimed really at us, but at legislators, after all, we asked nicely...and they're dumber than a box of rocks and love to be seen doing something.

        In his eyes, that means the encryption they can't break is itself a crime. Sure, you can do it - the math is the math - but if caught with it, also go to jail for having it, like drugs. Which allows them all kinds of fun - all they need to find is some random data and you can be accused of anything, stuff like that.

        I suppose you could go to jail for inventing it or supplying it, also like drugs, but the ability to not even need Cardinal Richelieu's "6 lines from the purest of men"...solid gold to them. Allows for all kinds of selective enforcement for the Just-Us system we all seem to have these days.

        1. John Smith 19 Gold badge
          Gimp

          He's providing cover for bad legislation, to come.

          not even need Cardinal Richelieu's "6 lines from the purest of men"

          You have nailed it in one

          He may understand this is actually impossible.

          But he's a data fetishist.

          He simply does not care. Mark him well and watch his social network.

      2. Milton Silver badge

        Re: Mr Wray

        Charles 9 wrote: "What's needed is a way to make this so simple to describe that even a total idiot can understand it ..."

        I get where you're coming from but actually I'm not sure this would work. Wray is clearly one of the majority whose knowledge of math is feeble, and a great many of those folks perceive it as both a bit magical but also malleable—rather like their superstitions: your god(s) can be whatever you want them to be.

        A tangible analogy referencing house keys might well get the response "Yeah, but they are physical, and math isn't: you can do/write/prove anything with math". They are wrong, but lack even sufficient knowledge to realise how completely wrong they are. This is, after all, a common problem with politicians and people who behave like them: their need to believe counterfactual evidence-free rubbish, coupled with ignorance of the topic, tends to produce mouths flapping earnest recitals of nonsense ... against all reasoned rebuttal.

        What I really cannot fathom is why Wray doesn't simply ring his pals at Ft Meade and ask them. One phone call would save him repeating embarassing drivel in public—and save our ears, and many calories of expended frustration.

        1. Charles 9 Silver badge

          Re: Mr Wray

          So like I said, he doesn't believe in math and should be dismissed, yet as another has said, people get voted in FOR not believing in math. Makes you wonder how we ever get things done outside of a crisis...

    2. Mark 85 Silver badge
      Black Helicopters

      Re: Mr Wray

      <tongue in cheek solution> When you send an email, it can be encrypted. But, a copy in plain text will be sent to the FBI via a "secure" connection (VPN?). <tongue in cheek mode off>

      I daresay this clown in charge would buy into something like that. <sigh>

    3. Rob D. Bronze badge
      Coat

      Re: Mr Wray

      At the risk of being pedantic, perhaps someone would like to point out where in the interview Wray makes any suggestion of a technical solution to the problem let alone mentions backdoors for encryption.

      https://aspensecurityforum.org/wp-content/uploads/2018/07/ASF-2018-A-Chat-with-Christopher-Wray.pdf

      Good luck searching, because it isn't in there - TechDirt made up the assertion and El Reg just copied it because, well, everyone's going to believe it. Bonus points for recognising that Wray actively avoided answering the direct question "Have you [found a solution]?" (page 13).

  7. Boohoo4u

    If someone ever contacts you for sextortion tell them “I need to contact my lawyer, so we can discuss royalties.”

  8. Sloth77

    if we can put a man on the moon, we can...

    - cure cancer

    - solve world hunger

    - divide by zero

    - have crypto backdoors

    - <insert other ridiculous claim here>

    1. Ken Moorhouse Silver badge

      Re: <insert other ridiculous claim here>

      - Organise Brexit

      1. Ken Moorhouse Silver badge

        Re: 4 thumbs up & 1 thumb down

        I wonder what Theresa May's username is on this forum.

        (Surely she is the only person on the planet who honestly thinks Brexit is going well).

      2. This post has been deleted by its author

      3. Anonymous Coward
        Anonymous Coward

        Re: <insert other ridiculous claim here>

        By "organise" I assume you mean "follow the will of the people"?

        Or do you mean just fuck it up so much that we just give in and let Treason May ride roughshod all over democracy?

    2. Voyna i Mor Silver badge

      Re: if we can put a man on the moon, we can...

      "- divide by zero"

      This one is solved - it's done in Javascript, based I believe on work done in the maths department at Reading. 0/0 = NaN, anything else divided by zero = Infinity.

      Using the result as part of a subsequent calculation is a different matter. It is a bit of an example of Titanic deckchair relocation.

      1. Whitter
        Boffin

        Re: divide by zero - this one is solved

        There is also NaN/0 = NaN

    3. Crazy Operations Guy

      Re: if we can put a man on the moon, we can...

      Actually, we can fix world hunger. Humanity currently produces about 30 trillion calories of food per day, enough for every human to have 3500-4000. We also have the technology and manufacturing capacity to solve the distribution problems. The only problem is getting the funding to do so (current estimates peg it at about 100-150 billion USD per year to cover >95% of the human population).

      1. Anonymous Coward
        Anonymous Coward

        Re: if we can put a man on the moon, we can...

        "Humanity currently produces about 30 trillion calories of food per day, enough for every human to have 3500-4000."

        But are those 4000 proper, balanced calories to include fruits, vegetables, and so on, also taking veganism and allergies into consideration? Plus when you mention distribution problems, do you include all the rural and isolated areas, including islands?

        1. JohnFen Silver badge

          Re: if we can put a man on the moon, we can...

          I think that putting food into starving bellies at all can be prioritized whether or not that food is the most ideal it can be.

      2. JohnFen Silver badge

        Re: if we can put a man on the moon, we can...

        "Actually, we can fix world hunger"

        Technically true. However, the real cause of world hunger is politics -- which means that the problem is even more intractable than if it were a technical issue.

    4. Jack of Shadows Silver badge

      Re: if we can put a man on the moon, we can...

      I'll take "Solve World Hunger." Pegged that one as part of mastering International Development. It's always governments that cause it, directly or indirectly with their policies. We've got the food. Getting it where it's needed is the problem. I've done boots on the ground which is why it ended up as part of my economics portfolio.

      Serious eyeopener on how this is used in, e.g. India's, politics in real life.

    5. quxinot

      Re: if we can put a man on the moon, we can...

      If we can put a man on the moon, why can't we put a man on the moon today?

      Suggests that perhaps our government isn't performing up to snuff to me.

      1. Charles 9 Silver badge

        Re: if we can put a man on the moon, we can...

        It's not so much whether we can or not. It's that we don't want to. Against the costs, the reply is usually, "What's the bloody point?"

  9. MrGutts

    Certain US agencies already have access, just not the FBI. Its called the FIPS program.

  10. vtcodger Silver badge

    ""We put a man on the Moon. ..."

    When, exactly, did the FBI put a man on the moon?

    And why?

    If the FBI genuinely can't operate without spying on the citizenry, perhaps it's time to consider whether there is any point to having an FBI.

    1. Anonymous Coward
      Anonymous Coward

      Consider Timothy McVeigh and Ted Kaczynski. Both were American-born terrorists, and the citizens don't like that kind of chaos...

    2. Spanners Silver badge
      Flame

      "We put a man on the Moon. ..."

      And then spent 50 years not doing so so that nutters can pretend we didn't.

    3. hplasm Silver badge
      Big Brother

      FBI??

      "If the FBI genuinely can't operate without spying on the citizenry, perhaps it's time to consider whether there is any point to having an FBI."

      Federal Bureau of Intrusion - Didn't you get the memo about the namechange?

  11. Frumious Bandersnatch Silver badge

    Politicians need to be introduced to Dedekindus cut

    Politics maintains that you can always shave the salami ever thinner, but even Zeno admitted that the loss of function was always binary.

  12. Speltier

    We already can break crypto in commercial use

    Just, the 3 letter agencies don't want to admit it.

    This constitutes a functional "back door" (with fine print). Virtually every mass produced device has enough implementation bugs to allow anyone in-- a classic example in the extreme is the continuing failure of QKD, works in theory but so far every commercial implementation has breaks (you can't break a true QKD path, although you can brute force comms using a key transmitted by QKD if the key is not equivalent to an OTP with sufficient entropy).

    So, Wray dude, build a machine that can break AES256 (and TDES, and...) in real time, preferably hundreds of streams at one time. Oh, surely this is an expensive moon shot so we can certainly do it for the FBI. Wait, you say you also want a CHEAP secure crypto break moon shot, pennies a flight? That dear sir is currently impossible. It is about resources, not ability to implement. Give me a big enough PO, and I'll give you the machine you want (well, not CHEAP).

    (fine print) "short" ciphertext messages may not brute force decrypt to plaintext reliably

  13. Hot Diggity

    You don't need back doors. Just Australian Law. As Australian Prime Minister Malcolm Turnball said, Australian Law trumps the laws of mathematics governing encryption.

    https://www.telegraph.co.uk/technology/2017/07/14/malcolm-turnbull-says-laws-australia-trump-laws-mathematics/

    1. onefang Silver badge

      "You don't need back doors. Just Australian Law. As Australian Prime Minister Malcolm Turnball said, Australian Law trumps the laws of mathematics governing encryption."

      Any day now I expect our Aussie governbent to redefine π to be 10, coz we is a metric country and it's just easier all 'round. Or maybe 1, that's even easier.

    2. hplasm Silver badge
      Devil

      The T word again...

      "Australian Law trumps the laws of mathematics governing encryption."

      AKA Fake News!!111!!

  14. Anonymous Coward
    Anonymous Coward

    Encryption? We don't need no steenking encryption!

    0 Ban/break encryption? Fine. Mathematicians already have the "next thing" up their sleeves: (7cfdd8)

    1 http://people.csail.mit.edu/rivest/chaffing-980701.txt (626648)

    2 Surrender my encryption keys on pain of prosecution? Well, sorry, I don't do any encryption... (12ac7c)

    1. Anonymous Coward
      Anonymous Coward

      Re: Encryption? We don't need no steenking encryption!

      They'll just declare stego another form of crypto (remember, these are legal definitions; they can make them whatever they want, they MAKE the laws) and catch you that way. What are you hiding with that cat video, comrade?

      1. Yet Another Anonymous coward Silver badge

        Re: Encryption? We don't need no steenking encryption!

        Britain already does - the law on handing over your encryption keys also requires you to reveal any hidden meaning in a message.

        Better not have a copy of the Torah or Finnegans Wake around

        1. JohnFen Silver badge

          Re: Encryption? We don't need no steenking encryption!

          "Better not have a copy of the Torah or Finnegans Wake around"

          That would be awesome. You could honestly testify that you'll provide the hidden messages as soon as you find them yourself.

  15. T. F. M. Reader Silver badge

    We can put a man on the moon...

    ...but we can't do it faster than the speed of light, despite all out "innovation".

    [Sounds better to me than the "can't put a man on the Sun" retort: we can, in principle, send the FBI Director to the Sun. He won't survive for long, but that's a different matter.]

  16. Dan 55 Silver badge

    "If a massive manufacturer like Samsung can't get security right..."

    Samsung shouldn't be trusted with software:

    Security Researcher Finds 40 Zero-Day Vulnerabilities in Samsung’s Tizen OS

    The Formal Code Review

    Enlightened (need a free hour to read all this)

  17. J.G.Harston Silver badge
    Facepalm

    Back door access

    Surely the answer is: if *we* can put a man on the moon, that means *everybody* *else* can too!

  18. Chad H.

    >>>"When I hear 'if we can put a man on the moon, we can do this' I'm hearing an analogy almost saying 'if we can put a man on the moon, surely we can put a man on the sun,'" he said.

    I am lead to believe the trick is to go at night.

  19. Rob D. Bronze badge
    FAIL

    El Reg, echo chamber?

    Describing Wray's position on his interview as having advocated back-doors for encryption because that's what the TechDirt article says is lazy journalism.

    Go and read the eff-ing transcript of the interview before echoing what other people have already written who also haven't paid attention. Try https://aspensecurityforum.org/wp-content/uploads/2018/07/ASF-2018-A-Chat-with-Christopher-Wray.pdf, see page 12.

    Wray was fairly careful in his selection of responses, and he kept his statements related to 'legal process' and not to a technical solution that isn't even mentioned in the interview. To a large extent he actively avoided answering the question. There is still a need to keep up pressure on legislative bodies to avoid all the shag and hassle of having to prove, yet again, that you can't backdoor encryption even through the magic of legislation, but that doesn't give tech journos the remit to make stuff up just because they want to believe in something.

    That part of the article is a bit of shoddy tat. Investigate then report - not cut-and-paste opinions from other outlets to make the copy up.

  20. John70

    Question to FBI Boss

    Why don't we have people on the moon now? It's been 46 years.

    1. Orv Silver badge

      Re: Question to FBI Boss

      Same reason I haven't been to Fargo in 18 years. Went there once, found there wasn't much to see.

  21. onefang Silver badge

    "tell them where to stick their blackmailing demands."

    Better yet, turn on your webcam, and show them where to stick it.

  22. Mad Chaz

    We did do it!

    Got to love those spooks trying to get encryption backdoors. We did "do it". Except IT was making sure assholes like you aren't able to get said back door. THAT is the problem that got solved.

  23. IanCa
    Angel

    just use a black ship for the sun-dive

    hotblack desiato / disaster area have the technology

    icon is for douglas adams

  24. MatsSvensson

    Question:

    Is it OK the backdoor is just painted on, like in cartoons?

    Yay or nay?

    I'm seeing some yay faces over here...

  25. FooCrypt

    F.B.I. riddle solved......

    CSIRO in partnership with NASA are currently seeking via seek a Computer Systems Administrator with experience in Sun, and scripting in TCL/TK, which is the majority of the code base for 'FooCrypt,0.0.1,Core', so I applied, and am currently seeking a response to my query :

    'On my reading of the Position Description, there appears to be no reference to security clearance requirements, can you clarify if a security clearance is required and whom conducts the security clearance.

    I'm assuming the position requirements is not in any way in correlation with the recent comments by the head of the F.B.I. in requirements for encryption back doors.'(sic)

  26. FooCrypt

    F.B.I. Riddle Solved....

    CSIRO in partnership with NASA are currently seeking via seek a Computer Systems Administrator with experience in Sun, and scripting in TCL/TK, which is the majority of the code base for 'FooCrypt,0.0.1,Core', so I applied, and am currently seeking a response to my query :

    'On my reading of the Position Description, there appears to be no reference to security clearance requirements, can you clarify if a security clearance is required and whom conducts the security clearance.

    I'm assuming the position requirements is not in any way in correlation with the recent comments by the head of the F.B.I. in requirements for encryption back doors.'(sic)

  27. philnc

    The correct metaphor

    The correct metaphor here is the burglar who breaks into your house when the family is away on vacation and then leaves the door off its hinges when he escapes into a stormy night. The house, of course, gets inundated and probably visited by both other nefarious humans and hungry wildlife. By the time you get back the place is near uninhabitable and certainly not a safe place for your kids to sleep.

    Tacked on that last sentence just to be able to say, "What about the children?"

    Can't really blame the FBI. Their brothers over in the NSA and CIA have been playing the vandal burglar for years while pretending to protect the public, and have only recently been getting called out for it by the technical community.

    1. FooCrypt

      Re: The correct metaphor

      I actually pounded 'End Game' [ C.I.A. Financed & staffed by ex N.S.A. head / other defence personal ] for their interference in my software this year via my submission report for the D.T.C.A. [ headed by the former Inspector General Of Intelligence ] review after it took them over 6 weeks to 'white list' it.

      http://www.defence.gov.au/publications/reviews/tradecontrols/Docs/Mark_Lane.pdf

  28. JohnFen Silver badge

    Anonymization is a lie

    Anonymization doesn't work in the face of Big Data, so any time someone claims it's all good because they anonymize user data, they're either intentionally lying or they have so little understanding of the issue that they can't be trusted with handling any data whatsoever.

    Checking terms and conditions of a service is all well and good, but 99% of them will tell you the same thing: "we'll use your data as we see fit". Also, let's not forget that a large number of these statements specifically include language that allows them to unilaterally change them, without notice, at any time. Which means that you can't trust them no matter what else they say.

    Cloudy services are like War Games: the only winning move is not to play.

    1. Ken Mitchell

      Re: Anonymization is a lie

      Lying, every time. They may ALSO not understand what they're doing, but they ARE lying.

  29. Someone Else Silver badge
    Facepalm

    Here's why

    We got to the moon in large part because of adherence to mathematics principles. We can't have gov't-only crypto backdoors due to mathematics principles. Got it?

    1. Palladium

      Re: Here's why

      Government asking for their own master key as a standard for a crypto scheme to thwart criminals is in the same vein as doing away the police and let just criminals report themselves because these are definitely the kind people that wants to get caught for their deeds. Both are equally just as retarded.

  30. Ken Mitchell

    While we did - a few times, 45 years ago - put men upon the Moon, we cannot do so NOW - nor will we be able to do so for longer than the entire Apollo Project took. If the cures for AIDS and all cancers were deposited on the Moon by godlike aliens, we couldn't go get it for at least 10 years.

    And going to the Moon was trivial compared to creating crypto that the USA could crack - but that nobody else ever could. Any crypto backdoor _WILL_ be used against us. Not only are there more Chinese and North Korean programmers working on that, one of our own people would most certainly sell it to them. Aldrich Ames; the Walker brothers; Edward Snowden; Bradley Manning - the list of traitors goes on and on.

    It MIGHT be possible to create crypto that they cannot hack - but not if there's a backdoor anywhere. By claiming that they want a way to hack our computers, they're flat out stating that the FBI and CIA and all the three-letter agencies DO NOT CARE about _OUR_ security. It's the "clipper chip" all over again!

    1. Palladium

      The real irony is how we were able to get to the moon in the 1960-70s but yet we can't do it now despite with our massively more collective global wealth. I think I know the answer why: unbridled capitalism concentrates said wealth into the hands of the few, who has no vision with their money other than getting more of it while spending them on their 1000th real estate, luxury yachts and Ferraris.

      1. Charles 9 Silver badge

        It's not that we can't do it. It's that we don't want to do on the grounds of, "What's the bloody point?"

  31. JJKing Bronze badge
    Coat

    Gee, that's a lot.

    "The "surface" gravity of the Sun is about 27 Earth g's."

    Well that's a crushing disappointment.

    I am pleased that you understand the gravity of this sort of operation.

    Mine's the one with the warm glowing pockets.

    "We send them at night when the sun is cold."

    Why do I hear Spike Milligan's voice when I read that line?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019