FBI Director Ignores More Than 500 Ongoing Capitol Raid Prosecutions To Complain That Encryption Is Keeping Criminals From Being Caught

(Mis)Uses of Technology

from the why-are-all-these-trees-blocking-my-view-of-the-forest? dept

FBI Director Chris Wray needs to shut the fuck up about encryption.

It has been 1,112 days since the FBI promised to perform a recount of encrypted devices in its possession, after overstating it by thousands for months in service of former director Jim Comey’s “going dark” haymaking.

As of November 2016, the number in the FBI’s possession was only around 880 devices. It suddenly jumped to 3,000 six months later. Then it doubled to 6,000 in less than five months. By the end of that fiscal year, four months later, the FBI had added another 1,775 uncrackable devices to its total.

That brought the alleged total to nearly 8,000 devices. The actual number — should the FBI ever get around to releasing it — is expected to be under 2,000.

Add to this the fact that the FBI doesn’t seem to be having much trouble hunting down criminals and terrorists. The FBI ran its own backdoored encrypted chat software for months, leading to dozens of arrests around the world. It ran seized child porn servers in order to deliver malware that coughed up identifying info about visitors to illicit dark web sites. Its crack team of undercover agents and informants have put a large number of terrorists behind bars, even though these successes are tainted by the agency’s willingness to radicalize people just so it can bust them. And it has obtained all sorts of evidence to use against more than 500 defendants in the January 6th Capitol raid cases.

Despite all of this, Chris Wray is still complaining about encryption’s supposed ability to render the FBI (and other law enforcement agencies) blind and useless. His recent testimony before the House Judiciary Committee takes time to highlight all the FBI’s successes. But it also allows Wray to show off the latest in dead horse-beating rhetorical devices.

The proliferation of end-to-end and user-only-access encryption is a serious issue that increasingly limits law enforcement’s ability, even after obtaining a lawful warrant or court order, to access critical evidence and information needed to disrupt threats, protect the public, and bring perpetrators to justice.

If this were true, the FBI wouldn’t have nearly as many success stories to entertain its Congressional oversight with. The FBI appears to be doing just fine, despite Wray’s protestations otherwise.

And he’s preaching to a choir that remains unconverted. The FBI has been complaining for the better part of a half-decade and it’s no closer to obtaining favorable legal precedent or encryption-breaking legislation than it was back then. The FBI’s directors have only one record. And it’s broken. Enjoy this supremely shitty tune you’ve all heard too many times before.

The FBI remains a strong advocate for the wide and consistent use of responsibly-managed encryption—encryption that providers can decrypt and provide to law enforcement when served with a legal order.

Ah, yes. “Responsibly-managed encryption.” Apparently allowing the government on-demand access through built-in flaws or storage of encryption keys where anyone — even criminals — can access them is more “responsible” than what’s being offered to the public now. The only acceptable encryption is broken encryption, according to the FBI. Backdoors, keys under the doormat, keys behind the counter at the front desk that can be obtained by request… all of these euphemisms fit the FBI’s encryption ideal, which is obviously far from ideal and anything but a net gain for public safety.

Chris Wray refuses to move past the “denial” stage of his self-inflicted grief.

What we mean when we talk about lawful access is putting providers who manage encrypted data in a position to decrypt it and provide it to us in response to the legal process. We are not asking for, and do not want, any “backdoor,” that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else.

It’s a backdoor. Providers holding keys presents an opening for others… you know, “law enforcement or anyone else.” It may present itself as a front door with a doorman willing to oblige visiting cops, but it’s still an entrance that isn’t there presently, when providers allow users to hold their own encryption keys. To meet Wray halfway, it’s a door. But it’s a door whose presence exists solely because law enforcement desires it and which will present an enticing target for enterprising cybercriminals and state-sponsored hackers.

As I was saying, Chris Wray can fuck right off.

Unfortunately, too much of the debate over lawful access has revolved around discussions of this “backdoor” straw man instead of what we really want and need.

Hey, it’s your straw man, dude. While other people present the facts — that encryption cannot be “safely” broken — Wray and his DOJ/FBI ilk continue to insist this common sense response is nothing more than a straw man offered up by people arguing in bad faith.

But it’s the FBI that’s been arguing in bad faith for years. It also insists encryption is zero sum: either law enforcement has access or the criminals win. This willfully ignores the FBI’s numerous options for obtaining communications and data that do not require forcing its way through the front of someone’s seized phone. And since the FBI won’t be honest about the extent of the problem it claims it faces — i.e., not updating the number of locked devices in its possession for more than THREE YEARS — no one should feel obliged to meet it halfway, much less engage in an “adult conversation” with a bunch of children who have misrepresented the facts for years.

Filed Under: backdoors, chris wray, encryption, fbi, going dark