from the trust-us-we're-the-government dept.
The Washington Post has a story which says:
FBI Director Christopher A. Wray on Tuesday renewed a call for tech companies to help law enforcement officials gain access to encrypted smartphones, describing it as a "major public safety issue."
Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it tried to crack in that time period — despite having a warrant from a judge.
"Being unable to access nearly 7,800 devices in a single year is a major public safety issue," he said, taking up a theme that was a signature issue of his predecessor, James B. Comey.
Wray was then quoted as saying:
"We're not interested in the millions of devices of everyday citizens," he said in New York at Fordham University's International Conference on Cyber Security. "We're interested in those devices that have been used to plan or execute terrorist or criminal activities."
He then went on to promote the long-disparaged idea of key escrow:
As an example of a possible compromise, Wray cited a case from New York several years ago. Four major banks, he said, were using a chat messaging platform called Symphony, which was marketed as offering "guaranteed data deletion." State financial regulators became concerned that the chat platform would hamper investigations of Wall Street.
"In response," Wray said, "the four banks reached an agreement with the regulators to ensure responsible use" of Symphony. They agreed to keep a copy of their communications sent through the app for seven years and to store duplicate copies of their encryption keys with independent custodians not controlled by the banks, he said.
To me this is more of the utter nonsense the government has spouted. When will they understand that key escrow only works when one trusts the government and the keeper of the keys?
Agents at the US Federal Bureau of Investigation (FBI) have been unable to extract data from nearly 7,000 mobile devices they have tried to access, the agency's director has said.
Christopher Wray said encryption on devices was "a huge, huge problem" for FBI investigations. The agency had failed to access more than half of the devices it targeted in an 11-month period, he said.
One cyber-security expert said such encryption was now a "fact of life". Many smartphones encrypt their contents when locked, as standard - a security feature that often prevents even the phones' manufacturers from accessing data. Such encryption is different to end-to-end encryption, which prevents interception of communications on a large scale.
Cyber-security expert Prof Alan Woodward at the University of Surrey said device encryption was clearly frustrating criminal investigations but it would be impractical and insecure to develop "back doors" or weakened security.
In a time when the government is committing criminal acts, is it not advisable for citizens to do what they can to protect themselves from that crime?
Submitted via IRC for SoyCow1
Trump's Department of Justice is trying to get a do-over with its campaign to get backdoors onto iPhones and into secure messaging services. The policy rebrand even has its own made-up buzzword. They're calling it "responsible encryption."
After Deputy Attorney General Rod J. Rosenstein introduced the term in his speech to the U.S. Naval Academy, most everyone who read the transcript was doing spit-takes at their computer monitors. From hackers and infosec professionals to attorneys and tech journalists, "responsible encryption" sounded like a marketing plan to sell unsweetened sugar to diabetics.
Government officials -- not just in the U.S. but around the world -- have always been cranky that they can't access communications that use end-to-end encryption, whether that's Signal or the kind of encryption that protects an iPhone. The authorities are vexed, they say, because encryption without a backdoor impedes law-enforcement investigations, such as when terrorist acts occur.
[...] "Look, it's real simple. Encryption is good for our national security; it's good for our economy. We should be strengthening encryption, not weakening it. And it's technically impossible to have strong encryption with any kind of backdoor," said Rep. Will Hurd (R-Texas), when asked about Rosenstein's proposal for responsible encryption at The Atlantic's Cyber Frontier event in Washington, D.C.
At a press conference, an FBI spokesman blamed industry standard encryption for preventing the agency from accessing the recent Texas mass shooter's locked iPhone. Reuters later reported that the FBI did not try to contact Apple during a 48-hour window in which the shooter's fingerprint may have been able to unlock the phone. Apple said in a statement that after seeing the press conference, the company contacted the FBI itself to offer assistance. Finally, the Washington Post reports (archive) that an FBI official acknowledged Apple's offer but said it did not need the company's assistance:
After the FBI said it was dealing with a phone it couldn't open, Apple reached out to the bureau to learn whether the phone was an iPhone and whether the FBI was seeking assistance. An FBI official responded late Tuesday, saying that it was an iPhone but that the agency was not asking anything of the company at this point. That's because experts at the FBI's lab in Quantico, Va., are trying to determine if there are other methods, such as cloud storage or a linked laptop, that would provide access to the phone's data, these people said. They said that process could take weeks.
If the FBI and Apple had talked to each other in the first two days after the attack, it's possible the device might already be open. That time frame may have been critical because Apple's iPhone "Touch ID" — which uses a fingerprint to unlock the device — stops working after 48 hours. It wasn't immediately clear whether the gunman had activated Touch ID on his phone, but more than 80 percent of iPhone owners do use that feature. If the bureau had consulted the company, Apple engineers would likely have told the bureau to take steps such as putting the dead gunman's finger to the phone to see if doing so would unlock it. It was unclear whether the FBI tried to use the dead man's finger to open the device in the first two days.
In a statement, Apple said: "Our team immediately reached out to the FBI after learning from their press conference on Tuesday that investigators were trying to access a mobile phone. We offered assistance and said we would expedite our response to any legal process they send us."
Also at Engadget.
Related: Apple Lawyer and FBI Director Appear Before Congress
Apple Engineers Discussing Civil Disobedience If Ordered to Unlock IPhone
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
Submitted via IRC for SoyCow1984
"We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he [Rod Rosenstein] told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption."
[...] In the interview, Rosenstein also said he "favors strong encryption."
"I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption."
[...] He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable."
[...] Rosenstein closed his interview by noting that he understands re-engineering encryption to accommodate government may make it weaker.
"And I think that's a legitimate issue that we can debate—how much risk are we willing to take in return for the reward?" he said.
In recent testimony before Congress, the director of the FBI has again highlighted what the government sees as the problem of easy-to-use, on-by-default, strong encryption.
In prepared remarks from last Thursday, FBI Director Christopher Wray said that encryption presents a "significant challenge to conducting lawful court-ordered access," he said, again using the longstanding government moniker "Going Dark."
The statement was just one portion of his testimony about the agency's priorities for the coming year.
The FBI and its parent agency, the Department of Justice, have recently stepped up public rhetoric about the so-called dangers of "Going Dark." In recent months, both Wray and Deputy Attorney General Rod Rosenstein have given numerous public statements about this issue.
Remember to use encryption irresponsibly, and stay salty, my FBI friends.
Previously: FBI Chief Calls for National Talk Over Encryption vs. Safety
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
PureVPN Logs Helped FBI Net Alleged Cyberstalker
FBI Failed to Access 7,000 Encrypted Mobile Devices
Great, Now There's "Responsible Encryption"
FBI Bemoans Phone Encryption After Texas Shooting, but Refuses Apple's Help
DOJ: Strong Encryption That We Don't Have Access to is "Unreasonable"