FBI Director Chris Wray Says Secure Encryption Backdoors Are Possible; Sen. Ron Wyden Asks Him To Produce Receipts
from the not-so-great-when-you're-on-the-receiving-end-of-a-bludgeoning-interrogation dept
I cannot wait to see FBI Director Christopher Wray try to escape the petard-hoisting Sen. Ron Wyden has planned for him. Wray has spent most of his time as director complaining about device encryption. He continually points at the climbing number of locked phones the FBI can’t crack. This number signifies nothing, not without more data, but it’s illustrative of Wray’s blunt force approach to encryption.
I’m sure Wray views himself as a man carefully picking his way through the encryption minefield. But there’s nothing subtle about his approach. He has called encryption a threat to public safety. His lead phone forensics person has called Apple “evil” for offering it to its users. He has claimed the move to default encryption is motivated by profit. And if that’s not the motivation, then it’s probably just anti-FBI malice. Meanwhile, he claims the FBI has nothing but the purest intentions when it calls for encryption backdoors, even while Wray does everything he can to avoid using that term.
He claims the solution is out there — a perfect, seamless blend of secure encryption and easy law enforcement access. The solution, he claims, is most likely deliberately being withheld by the “smart people.” These tech companies that have made billionaires of their founders are filled with the best nerds, but they’re just not applying themselves. Wray asserts — without evidence — that secure encryption backdoors are not only possible, but probable.
Senator Ron Wyden has had enough. He’s calling out Director Wray on his bullshit. Publicly. His letter [PDF] demands Wray hand over information on his encryption backdoor plans. Specifically, Wyden wants Wray to name names. [via Kate Conger at Gizmodo]
Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.
I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you’ve personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.
Remember how FBI directors (Wray, Jim Comey) claimed they just wanted to have “an adult conversation” with tech experts and cryptographers? My guess is they’ve never even tried. Wray hasn’t held the post for long, but he’s been beating Comey’s weathered anti-encryption drum as long as he’s held the title. And in all this time, I doubt he has talked to anyone in the tech industry directly about his encryption backdoor theory. Even if he has, he certainly hasn’t found anyone who agrees such a thing can be done without weakening device security. Wray will have no answers for Wyden. We can only hope being publicly embarrassed by Senator Wyden will force him to rethink his position.
Filed Under: backdoors, chris wray, encryption, fbi, going dark, responsible encryption, ron wyden
Comments on “FBI Director Chris Wray Says Secure Encryption Backdoors Are Possible; Sen. Ron Wyden Asks Him To Produce Receipts”
Wait, someone on Capitol Hill recognizes reality?
He is so not getting re-elected.
Re: Re:
Wyden’s been cited on EFF so many times I’ve lost count. If they can’t get rid of him after this long, he’s probably in it for the long haul, especially after three consecutive re-elections.
Re: Re:
…he’s been reelected three times.
Re: Re: Re:
We’ll keep on electing him too!
I’m proud to have TWO great Senators from Oregon
Wish I could respect every Senator as much as I do Wyden and Merkley.
Re: Re: Re: Re:
Isn’t there some Gerrymandering that can be done to get rid of him with all the reasonable talking making everyone dizzy..
Re: Re: Re:2 Re:
No. Senatorial elections are pretty much immune to gerrymandering because they are run on a state-wide basis.
So you're saying the whole public / private key thing is wrong.
Seems "cryptographers" are of two opinions, both
wrong. I’d avoid everything NSA advises, just
because the method is known if not the keys.
Use any custom method instead.
It’s "hoist with your own petard", meaning blown
up by your own bomb. There is NO "bomb-hoisting"
even possible if you understand the notion!
Then there’s "weathered anti-encryption drum"!
Where DO you come up with these concatenations of
ordinary words? They’re unique and practically
INHUMAN, and I mean that this minion MAY be "AI".
Re: So you're saying the whole public / private key thing is wrong.
I’m sorry English is so difficult for you. It’s a strange language.
Re: Re: So you're saying the whole public / private key thing is wrong.
I guess google tramslate English -> Russian doesn’t handle idioms very well.
Re: So you're saying the whole public / private key thing is wrong.
” ‘petard-hoisting’ — What is it with mangling this standard phrase this week?”
Perhaps he should have said, petard-hoisted?
Re: So you're saying the whole public / private key thing is wrong.
Have you done much reading on encryption? If so I doubt you would be suggesting “Use any custom method instead.” I will freely admit I am no expert, but as someone fascinated by math who has taken some time to understand the basics of encryption… trying to make your own encryption will fail horribly verses any real attacker.
Encryption relies on scrambling data so it appears to be random even if it isn’t. All it takes is a very slight mistake for it all to come apart. The enigma machine was cracked because of someone sending a message that was one letter repeated over and over. Once someone finds a pattern your encryption falls.
Building a solid encryption system is well beyond the skill level of most people.
Re: Re: Ouch
Oh wow. No, that’s not what encryption relies upon. That’s a side effect, and only so if you don’t package the result with steganography afterwards.
Given the understanding displayed in the above, this conclusion is doubly valid.
Re: Re: Re: Ouch
Look, since you seem so sure about this, then instead of me trying to explain “indistinguishability” to you—how ’bout you explain it to me. Please.
My question is… simply… what is IND-CPA, IND-CCA1, and IND-CCA2 all about?
I can handle a moderate amount of math in your explanation, but listen, I’m an EE, not a mathematician.
Re: So you're saying the whole public / private key thing is wrong.
_There is NO “bomb-hoisting” even possible if you understand the notion!_
Wuh? Bomba nu explody? Modern warfare is a lie!
Re: So you're saying the whole public / private key thing is wrong.
Nobody’s saying PKI is wrong. However, it’s irrelevant to this topic: you cannot have PKI where the private key is publicly held, which is what the FBI appears to be proposing.
For an illustration of how this falls apart, look at the FAA’s public/private key solution for suitcase locks.
Someone took a picture that just happened to include the keys handed out to appropriate personnel, and suddenly that key wasn’t so private. And ALL locks made for the program were suddenly useless.
And yes: in the FAA illustration, “rolling your own” is likely better, although it will result in your own lock being destroyed by the TSA eventually.
In the case of cryptography, rolling your own has ALWAYS resulted in something that didn’t work. Real cryptography is done in public, with industry feedback. Even the smartest cryptographer is going to miss something, because the subject is insanely complex.
Re: Re: Rolling your own encryption
These days, rolling your own means taking one of the several well-tested sans-backdoor encryption schemes available and using one of them. Contrast the 1990s in which security through obscurity was still regarded as a valid encryption tactic. And it was in vogue for mathematics freshmen to try their hand at amateur crypto.
We’ve gotten really good at both cryptanalysis and guessing human-created passwords, and this has been established by the late aughts. So it’s commonly known (at least should be within the tech sector) that it is dangerous to attempt to construct an encryption scheme without a lot of study, practice and rigorous testing. And if passwords are easy to guess or stowed while lightly encrypted themselves, they’re going to be discovered.
(Curiously, it’s less well known that cracking TPMs is expensive but doable and has been since 2011. Generally, something that is expensive to crack is regarded as acceptable. Regarding the San Bernadino Shooter iPhone affair, either the FBI lied about having cracked it, or the consulting firm broke the unit’s TPM with a tunnelling electron microscope.)
And granted, programming is a messy, buggy process, but that puts the vulnerability of roll-your-own encryption not in the encryption algo but its implementation.
Re: Re: Re: Rolling your own encryption
Contrast the 1990s in which security through obscurity was still regarded as a valid encryption tactic.
That’s not how I remember the 90’s. I think you need to go back a lot further to get to the point where anyone competent thought that. I was looking at ASIC implementations of RSA in 1983.
Re: Re: Re:2 Rolling your own encryption
Agreed; there were a group of us working with Phil Z in the 90s to find secure implementations of accepted crypto routines.
The problem with "rolling your own" isn’t limited to rolling your own key crypto: the problem extends to rolling your own implementation of known-secure crypto. All it takes is for your random seed to not be so random, or your inputs to be subject to a replay or timing attack, and it doesn’t matter which crypto lib was used. This stuff needs many eyes from end to end to ensure that the implementation doesn’t have a fatal flaw.
Adding the complexity of third party keys into the mix basically makes the "acceptable security" part of it impossible. If one person doesn’t control the keys, they don’t control the security.
So the only way this could possibly work is if, say, the FBI had a PKI program where they held the master key, but access to that key was role based and time boxed. You could even have multipart keys, where, say, the FBI and the manufacturer both held key parts, and they both had to present their tokens within a specific timeframe to gain access to the master key. This access would then be used alongside the individual’s public key to generate a decryption key for the individual product.
Works fine in napkin theory. However, such a model is rife with holes in security management: not only will those keys need constant rotation to stay secure (due to the known bug in PKI and human fallability), someone still has to manage the servers that manage the private keys. And we’ve created a single point of failure that every single hacker in the world is going to see as the ultimate target, and this single point HAS to be connected to the Internet.
TL;DR: Sure there’s plenty of bright people out there, but in order for good enough security, the entire process needs many eyes and few inputs. What the FBI wants is few eyes and many inputs, which isn’t secure.
Re: Petard Hoisting
I assumed this meant I wasn’t the only one who listened to the Idle Thumbs and Important If True podcasts.
Hoists by one’s own petard is a major theme
Re: So you're saying the whole public / private key thing is wrong.
How’s that TOR exit node working out for you, blue boy? I think you’d like it if you got a backdoor in your encryption.
When is Masnick going to put up that article in support of breathing?
“And in all this time, I doubt he has talked to anyone in the tech industry directly about his encryption backdoor theory.”
He absolutely has, no doubt. He was also advised it’s not possible… without making everyone less secure. He (FBI, NSA, ETC) could give 2 shit about the latter and it is acceptable collateral damage as long as they get the backdoor.
Re: Re:
Yeah, maybe he has, and they told him it was impossible. But when your basic position is “it’s a conspiracy and they’re all in on it”, every denial just reinforces that position…
Re: Re:
Actually, you can be absolutely certain that he’s found a government contractor – probably small and almost certainly fly-by-night – that specializes in telling government officials what they want to hear, who can absolutely accomplish what’s considered to be impossible (by actual experts) as long as there are enough zero’s on the check.
…this from the guys who lost all those texts…
Let me pick one tidbit from the intro:
Re: Let me pick one tidbit from the intro:
I mean, it is. Because it is a feature that customers want.
Re: Re: Let me pick one tidbit from the intro:
Because we know that making profit is inherently evil.
That’s why we’re so proud of being a capitalist economy. Because making profit is evil. Right?
Right?
Re: Re: Re: Let me pick one tidbit from the intro:
It’s neither good nor evil, it just is. The problem (or not) is in how the profit is generated — and at whose expense.
Before the smart phone and Internet, all this evidence he is complaining about was not recorded and available. Have the FBI forgotten how to do real police work so fast that they cannot solve crimes without criminals preserving every little bit of evidence and making it accessible to them?
Re: Re:
But then they had an age of unencrypted http traffic and clear-text passwords because it was probably judged to be safe enough for the relatively small amount of people who knew enough to make use of the poor security. IT was a niche thing for nerds and a lot of people thought it a fad that would never be a major necessity in neither business as well as other places.
In 2000 – 2010 they said that we educated too many people in IT and the bubble was bursting again.
Today it is easy with very little knowledge to “hack” as long as you have $50 and know the right place to look (or can do the right search) and then we have “home-grown” IT people without an official education but with access to the greatest gathering of knowledge ever known.
My point is that the agencies loved the clear-text age, because they had the people with the knowledge to use (or misuse) that… today they are outdone by many forms of encryption that everyone has access to. So yeah, they have forgotten how to investigate, because for years it was so very easy for them.
Re: Re: Re:
I was thinking of police work before the clear text age, where most of the infomation they are now gathering was conveyed by that most ephemeral of methods, talking face to face. Policing was carried out long before the phone, an the capability of recording, existed.
There are TWO choices
Pick one choice:
1. Securely encrypted devices. Hackers can’t get into them. But neither can the government.
2. Insecure devices. The government can get into them. But so can hackers.
Let me pick one tidbit from the intro:
If the offer of encryption is enough of an added value for enough customers to make their phone choice (and it’s not like the price spread is all that large) profitable, it seems like enough customers care for their privacy that should be protected from government intrusion by the Fourth Amendment (but isn’t really anymore) that it counts.
So how about some representatives offering to work on making the Fourth Amendment heeded? There is a market for it, you know. It’s just that the market is getting bled dry because of partisan politicsmaking and either of the two ingrained parties being a lousy choice for heeding any of the amendments coined against government overreach because either are too accustomed to getting their turn in the seat of power occasionally.
A person must not be running more than twice for president. How about a party being only permitted to rule not more than 5 times at all? Now that would upset the party system continuity that rides roughshod over democracy.
To: FBI Director Christopher Wray
From: Senator Ron Wyden
Re: Backdoors without weakening security
To: Senator Ron Wyden
From: INS
Re: Dreamers
Re: Re:
Nuts. Mixed up the To/From on the second message.
Re: Re: Re:
Still made me almost choke on the water I was drinking.
FBI...
As in “Federal Bureau of Investigation”
not
“Freely Browse Information”!
The Nerd Harder Song
Nerd Harder (played to the tune of Eye of the Tiger)
———————————————————
Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Loggin’ in, startin’ up Windows
Worst OS on the planet
But the spooks, they just love it to death
They want us all insecure all the time
Clapper’s
lied on and on about this whole goin’ dark
wants to go
and install some useless backdoors
But it’s
not gonna work and it’ll make us less safe
Now Wray still says tech needs to go
nerd harder
Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Nerd! Nerd! Nerd!
Ignorant, that’s what Chris Wray is
Not a clue about nothin’
Safe backdoors, it just cannot be done
But he still asks for the impossible
Clapper’s
lied on and on about this whole goin’ dark
wants to go
and install some useless backdoors
But it’s
not gonna work and it’ll make us less safe
Now Wray still says tech needs to go
nerd harder
Just got to nerd harder
Re: The Nerd Harder Song
I love you, TDR! Thank you for the chuckle.
"These tech companies that have made billionaires of their founders are filled with the best nerds, but they’re just not applying themselves."
In otherwords, nerd harder. So far that hasn’t worked for eliminating the effects of gravity for physicists. It’s a dodge for trying to say, "That’s not my problem, I just know what I want. Someone else make it possible".
If it were that easy, I want to be able to go to other galaxies. Not next year but tomorrow. Has the same ring of reality to it.
Re: Re:
They keep ignoring the better nerds who actually do encryption. If Apple is actually rolling their own, the FBI probably already has what it wants and just doesn’t know it. Or again, broken encryption isn’t really what they want, or only part of it. They want to keep shifting what the public is used to, and probably even for no really good police-state reason, but just to suit their authoritarian tastes.
Another consequence of backdoored encryption
If US companies are forced to build insecure systems and backdoored encryption, it will put the US at a competitive disadvantage compared to the other 96% of the world’s population.
The other 96% of the world population will know better than to use products from US companies — because of baked-in backdoors. If you’re looking for a security product, or a secure product, DON’T BUY FROM THE US!
Quasi-related: Intel’s Management Engine is going to come back to bite them so hard they will hate the day they ever built it. These things just take time. But I suppose I should consider that Windows is used all over the world and Microsoft can totally pwn your Windows computer at its whim.
Re: Another consequence of backdoored encryption
“But I suppose I should consider that Windows is used all over the world and Microsoft can totally pwn your Windows computer at its whim.”
LOL, You mean like how Windows 10 is a huge malware program pretending to be an OS? They demand control over your computer any time they feel like they need an update. Then they spy on all that you do on your computer. If you try and stop all the spying then they make sure the next forced update “fixes” all your settings preventing the spying.
Re: Re: Another consequence of backdoored encryption
Q. Father, please tell me, is it a sin to use Windows 10?
A. No dear child, using Windows 10 is not a sin, it is a penance.
Re: Another consequence of backdoored encryption
I think you’re being optimistic.
Intel’s share of the processor market is already decreasing, but that’s mostly due to the rise of ARM in mobile devices. Intel has very little competition in the desktop/laptop market; AMD has made some positive steps in the past year, but the vast majority of people buying a desktop or laptop are not the kinds of consumer who pay attention to whether it’s got an Intel or AMD processor under the hood. (And the kinds of users who are likely to switch to AMD are enthusiasts who are more interested in performance for the buck than security — if security were their highest priority, they wouldn’t be using Windows.)
If IME is going to dent Intel’s bottom line, it’s going to be because OEMs become wary of Intel processors, not end users. I don’t see much evidence of that happening yet. If a major remote exploit shows up in the wild, that could change things, but so far most of the exploits have required physical access, and there’s no evidence of any attacks as yet.
I’d like to see users rise up against IME, but I just don’t think it’s a priority for most users — hell, most users aren’t even aware that it exists.
Re: Re: Another consequence of backdoored encryption
OEMs will switch to AMD, at least in some portion of their offerings, for similar reasons as when they used AMD in the past: cost, or some feature. Considering AMD and Intel both have other IME flaws, and i don’t see security as being a big point of consideration with OEMs anyway, i imagine you have a fair point here.
Re: Re: Intel's share of the processor market is already decreasing
Intel is currently at number 3 in the processor market:
Re: Re: Re: Intel's share of the processor market is already decreasing
RISC architecture CPUs are still used differently than 86/64 CPUs. The continuing drop in the x86 market is the general purpose desktop being killed off. (I’d go for a RISC system for an open source OS, at least with one of the more current chips that basically are comparable in function to x86, or with board design that covers what the main processor doesn’t.)
Re: Re: Re:2 Intel's share of the processor market is already decreasing
The x86/x86-64 ISA is CISC, but the in-silicon processor architecture of the processing cores have been RISC for over a decade.
Their front-ends are CISCy, but the decode step in the pipeline breaks the instructions down into RISC instructions – what Intel calls micro-ops – for processing on the ALU/FPU. The actual processing cores – ALUs, FPUs, etc – are RISC engines.
Re: Re: Re: Intel's share of the processor market is already decreasing
That is a crazy statistic, and has been the case since 2011.
https://www.theatlas.com/charts/Ek18VmbP
Re: Another consequence of backdoored encryption
I’m pretty sure that Microsoft and Apple already create regional versions of their products.
US customers would get the backdoor distribution, while others – and no doubt the US government and FBI – would get the secure one.
"Purest Intentions"
The FBI has demonstrated from the Hoover years forward that it never has pure intentions.
Remember this is the same institution that entraps mentally disabled people in terrorist sting operations by gaslighting them and isolating them from all their friends.
Even if it _was_ possible to design encryption with a backdoor safe from hackers, The FBI (and the rest of our Law Enforcement) have demonstrated they should not be trusted with the keys.
Wray doesn’t follow codes of ethics or honor. He just trumpets for his team — a team to which the rest of us do not belong.
Re: Dangit!
I keep forgetting to check my boxes.
Maybe put on the Techdirt wishlist the option to set the defualts for the comment options into our account settings
Maybe the FBI needs to attract more "Smart People" to their side
If the “Smart People” are withholding solutions the FBI needs, maybe they should do more to attract “Smart People”. They wont find a secure encryption with a back door but they might get a leg up in the hacking arms race against Silicon Valley. As the Senator said, there are often vulnerabilities right from the design stage of many encryption schemes and hackers working for the government have found zero-day vulnerabilities before as in the Stuxnet virus. In modern times, there are costs to alienating people in STEM fields and the FBI is experiencing them now.
It’s a giant conspiracy. All the nerds say is that it can’t be done, and every single one of them is lying.
Hasn’t this guy ever heard of Occam’s Razor?
Re: Re:
Occam’s Razor? Isn’t that a nerd thing? And don’t we already know that all those nerds are lying?
“We know it’s possible to make tobacco cigarettes that don’t harm the health of smokers and passive smokers. We just don’t know how, but you must find a way, or else.”
Making a secure encryption backdoor is impossible because in order to work the backdoor must be able to break the encryption. If the encryption can be broken, it is not secure.
Authorized persons would have the key to the encryption.
Unauthorized persons would not have the key and have to find a backdoor to get in.
If a backdoor exists, they will be able to get in. If it doesn’t, they won’t.
Re: Re:
The argument is that a secure backdoor could be one where any given ciphertext can be decrypted by either of two keys: the unique one controlled by the person who the encryptor means to be able to decrypt the data, and a single central key which is in the control/custody of law enforcement (or of a company which is obligated to use it upon demand of law enforcement).
No encryption-breaking is involved in that backdoor; it’s just that the encryption is designed to have two valid keys. (This is also why they try to argue that it’s not a backdoor, it’s a second front door, or something like that.)
Of course, even leaving aside the problems with securing the central key and the likelihood that that central key would be abused even by its authorized holders, the counterargument is that a system which is designed to have two keys in this way would be inherently easier to crack than one which is designed to have only one key, because of the mathematical underpinnings of the encryption.
That counterargument is where I understand the "nerd harder" line to come in; "if you think making one that’s not less secure would be impossible, you must not be trying hard enough".
Re: Re: Re:
A central key also has the huge risk that it will leak out, and the system becomes completely equivalent to no encryption..
Re: Re: Re: Re:
And you have got to wonder: with all the knowledge and potential company secrets, which could be worth billions, if a 3’rd party offered 10 million $ or even 100 million for either the ability to decrypt or even just a peek, can we then ever be sure that it would be safe?
Re: Re:
They (anyone) can get in if they crack the encryption.
Choice
“He has claimed the move to default encryption is motivated by profit. And if that’s not the motivation, then it’s probably just anti-FBI malice.”
I certainly hope the choice list is longer, including at least sane, sober considerations of the security needs of private citizens and an entire web of national and international commerce. However, if no other options ARE on the list, I hope it’s malice. When it comes to malicious retaliation for deceitful attacks on Constitutional rights, I can think of no more deserving group than the FBI.
Hmmm...
Maybe there’s a bright side to Fox News claiming that the FBI contains a vast left-wing conspiracy to discredit the Trump presidency. If the Republicans get on board with Sen. Wyden with questioning the FBI’s truthiness, we might actually get some answers rather than obfuscation.
Re: Hmmm...
Right, because it’s not like they’d ever claim something that contradicted something else they’d previously claimed.
“So, we’ve just rolled out our ‘secure encryption backdoor.’ How long do you think we can keep this to ourselves?”
“Ten…”
“Ten Ten what?”
“Eleven…”
“Wait, if this is a countdown, aren’t you counting the wrong way?”
“Twenty…”
“… And now it’s accelerating?!”
“…Fifty. This isn’t a countdown, it’s just a count – of how many malicious hacker groups already have possession of our ‘secret secure master key’. One hundred…”
Are you willing to conduct all of your personal banking with this backdoor encryption system, Mr Wray?
When it comes to literally putting your money where your mouth is, I would like to see any person who is proposing a backdoor encryption model move all of their personal banking, stocks, bonds, loans, retirement accounts… really all financial data over to using that encryption. Given all the bad actors out there, do they really trust all of their money with this system? I think we all know the answer…
Re: Are you willing to conduct all of your personal banking with this backdoor encryption system, Mr Wray?
Absolutely right. If they’re willing to put the public’s security at risk by mandating a security hole for things like banking, medical data, email and so on they should be required to put their own data under the same protections to demonstrate that they really believe that it’s secure.
Anything less should be treated as a flat out admission that they don’t trust what they claim is secure, and as such need to shut up.
Re: Re: And… it's gone!
https://www.youtube.com/watch?v=TGwZVGKG30s
Re: Re: Are you willing to conduct all of your personal banking with this backdoor encryption system, Mr Wray?
Maybe he should talk to Todd Davis…
https://www.wired.com/2010/05/lifelock-identity-theft/
“Apparently, when you publish your Social Security number prominently on your website and billboards, people take it as an invitation to steal your identity.
LifeLock CEO Todd Davis, whose [social security]number is displayed in the company’s ubiquitous advertisements, has by now learned that lesson. He’s been a victim of identity theft at least 13 times,…”
Re: Re: Re: Are you willing to conduct all of your personal banking with this backdoor encryption system, Mr Wray?
Credit where it’s due, he did put his money where his mouth was and learned personally why what he was pushing was a bad idea.
… Well, I was going to say I hope he learned his lesson, but a quick check at their wikipedia page and it seems that whether or not he learned his lesson the company at large apparently just brushed it aside and carried right on, to the point that they’ve been hit with multiple fines by the FTC, one in 2010 for deceptive advertising and another in 2015 for violations of the 2010 ‘agreement’.
It is refreshing...
that someone is finally and openly protesting this and asking the good questions. One of the most frustrating aspects of this whole debate is how we have to entertain the notion that what these people say should be taken seriously, while the media and even opponents dance around the blatant lies and immature attacks because “terrorists” and “for the children” tales that are used in all their arguments.
These people with an impossible demand of “safe backdoors” keep demanding that we have an adult conversation, all the while acting like children, stomping the ground, going on like a 7 year old screaming “Waaah! I want a rocket launcher! Why can’t I have it?! You are so mean!”
Re: It is refreshing...
No wait… that is wrong. There is a possibility that somewhere a 7-year old could actually get a rocket launcher.
Replace with Unicorn, Flying carpet or a Genie.
"Experts in the field agree with me." "Name them." "Uhh..."
Why do I get the feeling that there’s going to be another ‘least untruthful answer’ forthcoming? That or a dodge which may or may not include an answer to a completely unrelated question that Wyden didn’t ask?
History repeating itself...
The USG’s desire to backdoor encryption used by it’s citizens and around the world is long known. This particular moment in history is just a repeat of the clipper chip push from the early 90’s. Look what happened there – Backlash against the USG from the public and private sector combined with release of strong (somewhat easy to use) encryption onto the internet, it all rendered the USG’s plan completely useless. The cat is out of the bag, you can’t outlaw math.
It’s almost as it Wray and his like keep reading Nineteen Eighty-Four where INGSOC is the benevolent dictator and Winston Smith is the enemy. Or maybe they’re reading it as a ‘how to’…
deliberately being withheld by the "smart people."
So, Director Wray, are you telling that the “smart people” at the NSA are withholding this great secret from you?
Re: deliberately being withheld by the "smart people."
No, he’s saying that only stupid people work for the FBI.
Which makes the FBI Director the King of the Stupid 🙂
Brilliant
We could do with some forthright politicians like Mr. Wyden here in the UK. His letter is brilliant and he obviously understands what he’s talking about, unlike most of OUR waffling parliamentary members – and I am especially directing that comment at our lovely P.M; Mrs. May, who, once again, is up to her usual grandstanding tricks of trying to outlaw encryption. Do they not take any notice whatsoever of all the cryptographic experts who say that safe backdoors can’t be done? I despair.
Re: Brilliant
Do they not take any notice whatsoever of all the cryptographic experts who say that safe backdoors can’t be done?
Giving them the benefit of the doubt, they know, they just don’t care.
Under that view it’s simply grandstanding about how the terrible encryption helps criminals(ignoring the millions of non-criminals it protects), and how it allows them to avoid government scrutiny (again, ignoring that it also makes it harder to go on baseless fishing expeditions).
Besides, it’s not like their data will be protected by broken encryption, because while every person is equal, some are more equal, and therefore more deserving of protection, than others.
This is very VERY simple.
Everyone is forced to ‘backdoor’ encryption for banks etc and the FBI holds the backdoor key.
if there is ANY breach, whether malicious or not, no matter who breached or why, the FBI’s payroll budget is on the hook for compensation.
I’d say we match copyright at say $150,000 per item per breach. Sound fair to everyone else?