FBI's James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It's Because They Haven't Really Tried
from the that's-the-spirit dept
As was widely expected, FBI Director James Comey appeared before two separate Senate Committees yesterday — the Judiciary and the Intelligence Committees — to talk about the “risks” of “going dark” if the government is not allowed to backdoor encryption. You can watch the Judiciary Committee hearing and the Intelligence Committee hearing at those two links. I’d embed the videos here on Techdirt as well, but I can’t because (guess what?) neither offers an encrypted HTTPS version, so they wouldn’t appear on our site, since we force HTTPS connections.
Most of Comey’s comments were pretty much what you’d expect him to say, with a few clear themes repeated over and over again:
- American ingenuity is great, so I don’t really believe all these computer science experts who say that it’s “too hard” to give the government access. I think they haven’t really tried.
- I don’t have a proposal myself (which experts would ridicule for the problems it would create), but rather I’m just trying to “start a conversation” on this.
- We have no data to actually support the fact that encrypted communication has become a real problem, but I can tell you scary stories about (boo!) ISIS.
That was about the crux of it. There were a few times where he would kind of admit that maybe, just maybe the computer scientists were right, but he still thinks they could try harder. The most ridiculous was where he literally said:
“Maybe the scientists are right. But, I?m not willing to give up on that yet.”
Earlier in that same hearing, he said:
“A whole lot of good people have said it?s too hard ? maybe that’s so…. But my reaction to that is: I?m not sure they?ve really tried.”
There are a few problems with all of this. First, he keeps claiming that people are saying it’s “too hard.” But they’re not. They’re saying it’s impossible to give him what he wants without seriously undermining the basic foundations of private communications online. And that’s not just private communications in the form of messaging, but also financial transactions, medical records, business dealings and the like. In short, the “solution” the FBI wants puts everyone at risk.
The second big problem is that it’s fairly stunning that Comey keeps insisting that those bright minds in Silicon Valley can sprinkle some magic pixie dust and give him what he wants, but at the same time claims it’s too difficult for the FBI to actually quantify how big a problem encryption is for its investigations. Furthermore, he can’t even provide a single real world example for where encryption has been a real problem. Even when pushed on this, he noted that when the FBI comes across encrypted communications, they move on to other avenues to investigate those individuals. Which sounds a lot like encryption really isn’t that big of a problem.
The lack of an actual proposal, and the idea that he’s just “starting a conversation” is equally ridiculous, since this conversation was conducted twenty years ago and it was shown what a bad idea it was to backdoor encryption. The idea that we need to do this all over again is just stupid.
Two other quick comments: A few times Comey noted that some big companies are able to encrypt data, but still get access to the underlying content. He used this to argue that it’s “possible.” But he leaves out the fact that those are not end-to-end encryption, but something different entirely which is much less secure than end-to-end encryption. He’s comparing two very different things without recognizing the massive trade off in security associated with what he’s talking about. His technical ignorance — which he underlined multiple times, is kind of bizarre. If he admits he’s so ignorant, why does he brush off the arguments from people who have been in this field working on these issues for decades.
The other comment: multiple times he and some of the Senators hinted that the FBI actually stopped some sort of nefarious plot that was supposed to happen on July 4th weekend. As we noted, despite lots of hype on cable news, the FBI has been making these kinds of failed predictions ever since 9/11 without a single one turning out to be accurate. So it seemed curious that he and others kept hinting at the idea that the FBI had to work overtime last week to actually stop an attack. If true, then you’d think there would be an arrest somewhere, but nothing appears to have been announced. It seems likely that this was just more FUD, but we’ll be curious to see if the FBI ever explains something that it actually did to prevent a real attack.
We’ll likely have a few more posts about some of what was discussed at the hearing a little later. But it’s not just troubling that Director Comey is pushing for efforts to backdoor encryption, he’s wasting the time of lots and lots of smart people who should be focusing on making our communications more secure, rather than proving to Comey and elected officials how ridiculously short-sighted it is to make communications less secure.
Filed Under: backdoors, encryption, experts, james comey, security, senate intelligence committee, senate judiciary committee
Comments on “FBI's James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It's Because They Haven't Really Tried”
Sounds like James Comey would blame the mathematicians for not trying hard enough when they say they cannot make 2+2=5;
Re: Response to: Anonymous Coward on Jul 9th, 2015 @ 4:21am
But 2+2=5 for large enough values of 2. 2.3+2.3=4.6 and when rounded using normal rounding rules you get 2+2=5.
Why can’t cryptographers just do that. Where is the sarc mark when you need one.
Re: Re:
2 + 2 = 5 for large values of 2.
Re: Re:
Eh, keep waterboarding ’em until they see five lights.
Re: You laugh at trying to make 2+2=5 by fiat.
But imagine how easy things would be if we could pass a low making Pi=3.
Wow! All of a sudden circles are so much easier to understand!
Now I get how mathematicians may look at that and feel such a notion is ridiculous. That’s why we need a magical mathematics fairy, some kind of mechanism that allows pi to be 3.
Seriously, I think we have a conversation about this.
Re: Re: You laugh at trying to make 2+2=5 by fiat.
That is not as outlandish as you think. See the Indiana Pi Bill. see the Indiana Pi Bill.
American ingenuity is great, so I don’t really believe all these FBI directors who say that it’s “too hard” to catch all the bad guys. I think they haven’t really tried.
Re: Re:
Actually, we know for a fact that they aren’t trying. There are several well-known ways to bypass encryption no matter how strong it is (plant hardware or software bugs to directly intercept keystrokes and display output, intercept EM noise emissions to remotely reconstruct keystrokes and display output). The FBI prefers to pretend that these alternatives don’t exist because they’re too much work and effectively limit them to individual targeted surveillance (i.e. what they’re supposed to be doing) rather than mass surveillance (i.e. what they want to do, laws to the contrary be damned).
“The other comment: multiple times he and some of the Senators hinted that the FBI actually stopped some sort of nefarious plot that was supposed to happen on July 4th weekend.”
If they’re able to stop these nefarious plots without backdoors…then why do they insist they need backdoors?
If I were these tech companies, I’d be ignoring the troll until an ACTUAL law was make them do ‘backdoor encryption’…
Otherwise, just keep encrypting everything…
they haven’t really tried.
Yea, because human beings are well known for their flawless creations and the later flawless working with those creations. Combine that with the kindness humans show fellow humans and the guidance under the Rule of Law and it is no wonder the position of ‘didn’t really try’ was taken.
RSA?
banks are getting hacked all the time? do they use RSA encryption, as backdoored by NSA?
Re: RSA?
But for sovereign immunity those banks would have overwhelmed the US government with lawsuits over the damage that bit of industrial self-espionage has done over the years.
Talk about friendly fire.
Anyone know what grade Comey got in first year Calculus, assuming he qualified to even take it?
Suggestion: ALL public officials whose jobs involve making decisions on computer security issues be required to get at least a 2 year degree in computer science. If they can’t cut it then they’re disqualified from participating in those decisions. Not really that much to ask, given how many of them have gone out an earned an MBA on the public’s dime to prepare for a future career in the private sector.
Tanks
I want you to build a weakness into your tanks that only we know about. We want to be able to attack the tank just right that it gets destroyed, but is not immediately obvious to others.
I think you've hit his _actual_ agenda
I think you might have stumbled upon his _actual_agenda_:
You see he knows that what he wants isn’t possible, he’s just trying to slow things down by keeping all of the worlds top crypto minds tied up in this debate instead of focusing on making cryptography, stronger, more secure, easier to use, and by extension, more ubiquitous.
He’s not stupid, quite the opposite, he’s being very very devious. It’s a good thing for us that you have seen through his ruse.
Why?
Because its imposible to prove something is NOT true. That’s why.
They, like big media, just can’t fathom the concept that they’ve lost absolute control. You can bet that this will pop up every so often until they figure out a way to get what they want, however impossible it may be. They’ve had a taste of the drug that is full access and they will never settle now for anything less.
In their mind, laws and privacy don’t exist. They are at the point now where they truly believe that it would be better to sink all the ships coming to port rather than let them dock not knowing whats inside of them.
They won’t ever stop, even if it means destroying the internet.
“FBI’s James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It’s Because They Haven’t Really Tried”
We havent all tried murder yet…….shall we all try it tomorrow and see if we like it or not?!
There are just somethings you KNOW Mr Comey………the fact that you dont makes me question your morality, your agenda and ponder whether it is fucking wise to have you hold the position you have
fun with words
I thought “backdooring” was one of the NSAs enhanced interrogation techniques?
The purpose of encryption is to keep information private.
Handing over keys to the government defeats that purpose.
Even if I somehow lost my mind and trusted the thieving, torturers and killers with my information – I wouldn’t trust them to keep it safe.
Jurisdictional issue
Despite it being brought up multiple times, he still hasn’t talked about the jurisdictional issues. If the US has a backdoor, other countries will either have their own back door. If they can’t have their back door, they simple will not allow the US products into their country knowing the US has a backdoor.
“A whole lot of good people have said it’s too hard … maybe that’s so…. But my reaction to that is: I’m not sure they’ve really tried.”
It is not “too hard” … it is hugely stupid.
Re: Criteria for Testimony
Since he is claiming to be an expert, he should be held to the “Expert Witness” criteria from the Federal Rules for Civil Procedure, found in Section 702 thereof (see https://www.law.cornell.edu/rules/fre/rule_702 et seq.).
Under those conditions, he is NOT qualified to testify. His testimony should be stricken for cause.
I think Comey is stuck in a Moebius loop of ignorance and grandstanding. I have no other reasons to explain his continued crusade in this. I’d cite issues like the OPM breach, his lack of cases where encryption hindered investigations or anything credible, but you can’t engage someone like this. Not with verifiable facts it seems
“I know all the experts insist shooting yourself in the face is a bad idea, but maybe it’s because they haven’t really tried it”. -Jame Comey
and so he ignores all the effort of the NSA in backdooring encryption
D'oh!!
Paging Dunning-Kruger, Dunning-Kruger. Would Mr. Dunning-Kruger please call FBI headquarters? Your assistance is urgently needed.
Sheesh.
Drinking
I’m Mormon and don’t drink. I have seen what happens when people get drunk off their rocker and think it’s a bad idea. Do I need to hammered to make sure it is?
Advise would be helpful.
Mathematicians have been trying for over 2,000 years to find a better way to do prime factorization of very large numbers and no one has found the better mouse trap. In the U.S., more than 50% of mathematicians are employed by the government. Mr. Comey has all of the resources he needs in order to backdoor encryption.
Methinks Mr. Comey is a moron.
Re: I thought there was a quantum solution
This is where I get to reveal my ignorance on this subject.
I know the current quantum computers on the market can’t do this fast large-number factorization yet but we have a quantum algorithm — Shor’s Algorithm — to do it once we can make such a computer.
…And guess who wants the first one off the block…
“>Here we go. Tick tock tick tock tick tock…
To be fair, I think perfect forward secrecy serves as a workaround for the problem, but still miles to go before the internet sleeps.
Re: Re: I thought there was a quantum solution
A better version of that stupid link.
Re: Re: I thought there was a quantum solution
I did not expect a Robert Frost reference in an FBI surveillance story. 🙂
Re: Re: I thought there was a quantum solution
Yes, but the other side of that coin is that quantum computers also theoretically allow new forms of encryption that are prohibitively difficult for quantum computers to break.
This sort of thing has been going on for the thousands of years of crypto history. It’s always a back-and-forth where strong crypto is developed, then a stronger way of breaking it is developed, then even stronger crypto, and so forth and so on.
Re: Re: Re: I thought there was a quantum solution
I think the advantage to quantum-only encryption / decryption is that the early computers will be prohibitively expensive for small-time criminal enterprises. Only large governments and larger corporations will be able to afford to run a quantum mainframe, or gain access to one.
Some of the time of the Google / NASA D-Wave is made accessible to students worldwide who have jobs that require quantum computing, so it’s possible for the public to get some access to the quantum machines we have.
It’s going to be a while before our phones or personal data are encrypted with technology that requires quantum manipulation, however we may find non-quantum encryption that still can stump quantum cryptanalysis.
But the current asymmetrical encryption that we rely upon for secure data exchange on the internet is going to fold once we develop a device that can quickly factor large numbers. And we don’t have another asymmetrical scheme yet in place to replace it when that happens.
Can you keep America safe without destroying people’s right to privacy and due process of law?
“A whole lot of good people have said it’s too hard … maybe that’s so…. But my reaction to that is: I’m not sure they’ve really tried.”
Proof, or it didn't happen!
See that is the really big whopping evidence for me that they really don’t need the powers they have been granted, or anymore power for that matter. If they had just once done something great with things like torture, mass surveillance and all those filthy ways they use, then they wouldn’t be reluctant to share their achievement. They would post it in big letters with a huge show of bragging and justification.
They have released information about cases that were disproven, they have lied and they have told scary stories.
I very much suspect that is the only things they have at all. If they had anything more, at all, they would have released it to hold over our heads every single time anyone tried to oppose them.
The single greatest proof is the very lack of proof.
I don’t think James Comey understands what the word “expert” means.
All the medical experts seem to agree that self inflicted gunshot wounds to the head are a bad idea. Comey needs to put a gun to his head and see if those experts are right, before ignoring those other experts on backdoors.
Is there no one out there who will rid us of this troublesome director?
James Comey is the guy who binge watches “Scorpion” because he thinks it’s realistic.
what about this idea?
how about the FBI send up some spy satellites on a $100us budget and a pack of gum? It should be possible just very very hard to do, right? What he fails to realize is that some things are just flat out impossible to do.
Then why?
Even when pushed on this, he noted that when the FBI comes across encrypted communications, they move on to other avenues to investigate those individuals. Which sounds a lot like encryption really isn’t that big of a problem.
Then why is Comey so obsessed about it?
– he’s just stupid (simple answer but probably too simple)
– this is a smokescreen (for what?)
– encryption makes bulk collection useless
– he wants everyone to think the FBI can’t deal with encryption so they feel safe using it
Put on your foil hats and come up with some other reasons!
Re: Then why?
In the case of someone like New York County District Attorney Cyrus R. Vance (yesterday’s testimony before Senate Judiciary), it’s reasonable to presume that he just doesn’t have enough foreign policy or economic affairs experience to have really thought through the various factors.
But, in contrast to Mr Vance, FBI Director Comey has a counterintelligence mission for his agency. In addition, Mr Comey’s agency is also tasked with intellectual property cases, and with corporate espionage case, so that his brief includes some matters of economic affairs.
If one really starts speculating why Mr Comey would advocate destroying American technology’s competiveness in the world market…
Re: Re: Then why?
If one really starts speculating why Mr Comey would advocate destroying American technology’s competiveness in the world market…
Go on…
Re: Re: Re: Then why?
If Mr Comey is acting as an agent of influence for a foreign power, then we should probably expect to be able to find two things:
• A means of communication with the foreign power or individuals.
• A motive: money, ideology, compromise, or ego.
Re: Then why?
Because he is a politician, and anything that limits what he can do is abhorrent.
FBI wants to backdoor all shredders, as well
The FBI wants to put a wifi scanner into every shredder, so that the bad guys can’t shred stuff w/o the FBI getting a copy.
He's a "privacy denier"
He knows exactly what he’s doing. It’s the same political and rhetorical trick developed by the cigarette companies of “keeping the controversy alive.” disregard the experts, deny the science, insist its an open question, keep repeating he just wants a conversation, repeat. We see it used by the the creationists, the anti-vaxxers, the climate deniers.
I hate dumbth.
Sigh. Hasn’t every high tech startup geek heard that from his (nominal) superiors? “Boss: I have this brilliant idea! All we need to do is $Something_Magical_Happens_Here, and we’ll all be rich and famous!”
Oh, and I (tech geek) need to figure out what $Something_Magical_Happens_Here means.
Comey’s a twit.
It's a kind of magic
Sounds to me like this guy expects developers to do magic.
He doesn’t want to do work, as he (more or less) proved that he can arrest terrorists without backdoors. He just has to actually do work and he doesn’t like it.
What he wants is a magical button on his computer “press here to arrest terrorists” and the terrorists get magically teleported in prison.
On second thoughts, no, he doesn’t want that. He wants a magical button “press here to arrest terrorists” and FBI agents are teleported to the terrorists (along with a TV crew) to show how much the FBI is needed.
James Comey demonstrates the faith-based approach to cryptography.
The debate is over. It’s been over since the 1990’s with the last Crypto War. Director Comey is just a sore loser.
Have you asked your pig to flap its legs really really hard to see if it can fly?
Have you tried making it grow wings?
“I just want to start a conversation”, isn’t that how you get shanked or is it just before you start shanking people.
Next up, Comey insists that American chemists can turn lead into gold and American doctors can resurrect the dead if they’d just try harder.
Re: Re:
Next up, Comey insists that American chemists can turn lead into gold…
Not chemists, but I think maybe nuclear physicists could do it.
Re: Re: Re:
And indeed they would turn lead into gold except for that simple problem – the one that led directly to the end of the use of Nukes in war – Radioactive Gold is a bitch to spend.