Get Ready for the FBI’s New Encryption Back Door Push


| Analysis

All or Nothing

The FBI most likely has every intention of keeping the master keys to our encrypted data safe, but the possibility they could leak is far too great. Microsoft demonstrated that brilliantly last month when it accidentally leaked the encryption key for the Windows Secure Boot feature, giving potential hackers what they need to bypass security measures designed to keep malware and spyware off user’s computers.

With that “golden key” in the wild, criminals, rogue governments, or hackers can code malware that appears legit to Windows.

Microsoft’s mishap was an egg on the face moment, but also shot down the FBI’s claim that companies could keep the backdoor keys and decrypt devices when requested by the government. Even Microsoft wasn’t able to keep its own keys secure.

Director Comey and the DOJ don’t seem willing—or aren’t concerned with—the binary nature of encryption: either you have it, or you don’t. Encryption where a third party has the means to decipher your data is encryption in name only because if someone else has the ability to decrypt your files, then encryption becomes little more than theater where it seems your data is secure.

The FBI argues, however, your data will be safe and encrypted—unless they really need to see it. That’s no consolation when major technology companies can’t prevent their encryption keys from leaking, and when the government thinks data is safe, secure, and private when third parties have government-mandated access to files and conversations.

Oh, Grow Up

Director Comey said next year, after the Presidential election, he plans to revisit the encryption back door discussion as an “adult conversation.” That sounds reasonable and mature on its face, but is actually painfully condescending to encryption and cryptology experts. The message Director Comey sent was that anyone who disagrees with the FBI’s encryption stance is foolish and irrational.

What Director Comey is either unwilling or unable to see is that the adult discussion already happened when the FBI pushed for a hackable iOS. The discussion even included a Congressional hearing where Director Comey, Apple’s general counsel Bruce Sewell, and other law enforcement and security experts testified.

iPhone encryption

FBI’s James Comey wants an “adult conversation” about encryption

The testimony distilled down to law enforcement saying tech companies can create encryption back doors so they should, and security experts saying if that happens the integrity and security of everything from private conversations to credit card transactions is lost.

Director Comey is really looking to craft a conversation that serves his purpose: crafting legislation or regulations requiring companies to ensure easy government access to private and encrypted data. Alternately, as Dave Hamilton posited on TMO’s Daily Observations podcast, Director Comey is orchestrating a scenario where the FBI backs down from the fight while he saves face.

Hopefully the Director is going for the latter. If not, we could face a scenario where U.S. based encryption tools are hackable, but those developed outside the country aren’t. That’ll be a hard blow to the technology industry, will put the U.S. at a competitive and political disadvantage, and drive people who want true encryption to use tools outside our government’s control. In the end, the people who will suffer are those the FBI claims it wants to protect.

5
Leave a Reply

Please Login to comment
5 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
Paul GoodwinJBSloughfurbiesgeoduck Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Paul Goodwin
Member
Paul Goodwin

Amen geoduck. That guy is a condescending jackass that has no respect for his citizen’s rights. Very Spiro Agnew-like. He’s a jacka$$.

Member
Bob Henry

I guess those warnings about slippery slopes when the government rammed the idea of seeing underneath our clothes at airport security fell on deaf ears. Now that they can see underneath our clothes, they figure why shouldn’t we be able to acess every citizen’s dearest, most private or intimate details on their phones, too?

I get it, they want to promise us absolute security. We need to tell them, “No thanks, just do your jobs as best you can. We know the world is dangerous.”

Member
JBSlough

I think the scariest thing I get out of this is how a political party or a single politician could use this. Nixon would have a field day with this.

furbies
Member
furbies

Why oh why can’t the FBI and it’s ilk get the message that as soon as it’s possible for the “good guys” to access encrypted data, the “bad guys” will know for certain that it’s possible to break the encryption too ! And anyway, as soon as the Gubbermint has the keys, the bad guys will just shift to a even less vulnerable mode of communication… Look at how hard the US government found it to find Bin Laden after he went into hiding. AQ shifted their communications setup very far away from their leadership geographically and used couriers. And… Read more »

geoduck
Member
geoduck

I find few things as offensive as a politician that says “It’s time for an adult conversation.” It’s patronizing. It’s condescending. It’s insulting. We’ve had an “adult conversation” and you lost. Politicians use this line when they don’t agree with either facts or the democratic process. This shows a shocking lack of respect, a massive amount of narcissism, and almost sociopathic thought processes. It’s something akin to Godwin’s law. As soon as a politician uses “adult conversation”, or “adults sort this out”, or “grownup conversation” the discussion stops. The politician has shown they have no respect for, and will jot… Read more »