The Washington Post has a story which says:
FBI Director Christopher A. Wray on Tuesday renewed a call for tech companies to help law enforcement officials gain access to encrypted smartphones, describing it as a "major public safety issue."
Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it tried to crack in that time period — despite having a warrant from a judge.
"Being unable to access nearly 7,800 devices in a single year is a major public safety issue," he said, taking up a theme that was a signature issue of his predecessor, James B. Comey.
Wray was then quoted as saying:
"We're not interested in the millions of devices of everyday citizens," he said in New York at Fordham University's International Conference on Cyber Security. "We're interested in those devices that have been used to plan or execute terrorist or criminal activities."
He then went on to promote the long-disparaged idea of key escrow:
As an example of a possible compromise, Wray cited a case from New York several years ago. Four major banks, he said, were using a chat messaging platform called Symphony, which was marketed as offering "guaranteed data deletion." State financial regulators became concerned that the chat platform would hamper investigations of Wall Street.
"In response," Wray said, "the four banks reached an agreement with the regulators to ensure responsible use" of Symphony. They agreed to keep a copy of their communications sent through the app for seven years and to store duplicate copies of their encryption keys with independent custodians not controlled by the banks, he said.
To me this is more of the utter nonsense the government has spouted. When will they understand that key escrow only works when one trusts the government and the keeper of the keys?
Previously:
(Score: 3, Touché) by frojack on Wednesday January 10, @09:07AM (5 children)
Seven thousand terrorists in 2017, and we know about maybe 5 or 7 in the US.
Where is he hiding all these terrorists. How is he covering up all these attacks. Who is dropping all these phones, but otherwise making a clean get away?
When anything bad happens, the authorities rush to assure everyone that it was just and accident or a common criminal. Yet it appears any common shooting, apartment fire, train crash, tanker truck crash becomes a terrorist attack when it suits the.
Show me the phones, and the list of names of their owners.
(Score: 3, Interesting) by takyon on Wednesday January 10, @09:23AM (1 child)
OR criminal activities. Could include a whole host of crimes including murder, fraud, hacking, etc.
As for when they do claim high numbers of terrorists:
The Sting: How the FBI Created a Terrorist [theintercept.com]
The FBI Pressured a Lonely Young Man Into a Bomb Plot. He Tried to Back Out. Now He’s Serving Life in Prison. [theintercept.com]
Undercover FBI Agents Swarm the Internet Seeking Contact With Terrorists [theintercept.com] - "The FBI’s online activities are so pervasive that the bureau sometimes finds itself investigating its own people."
(Score: 3, Funny) by realDonaldTrump on Wednesday January 10, @10:12AM (1 child)
So true, we do have big problems with terrorism. But it's not just the terrorists, we have many kinds of crime & violence going on. We need to liberate our citizens from the crime and terrorism and lawlessness that threatens their communities. To restore safety. We need to lock up many, many crooks. People always say that crooks have two phones. One for the bitches and one for the dough, right? Let me tell you, that's a SMALL TIME crook. Crooked Hillary had 13 phones! According to President Obama's FBI, she had 13. You know they didn't look very hard, she probably had more. Maybe, probably, she had a lot more than 13. But the FBI couldn't get its hands on even one. They got ZERO phones from her. They did a terrible investigation! Huma Abedin from her staff said Hillary "lost" a lot of phones. And she smashed many phones with a hammer. 📱🔨 According to the guy who ran her EMAIL server, she would smash them. The only guy in 40 years that said she's smashing!
(Score: 4, Informative) by frojack on Wednesday January 10, @09:13AM (2 children)
Every government secret gets leaked sooner or later, every credit card gets compromised, every merchant gets hacked, entire nations cough up their identify systems, cpu manufacturers can't keep one process out of another processe's clutches.
But key escrow could work you say? If only there was trust in governments?
Trust all you want. All your keys are belong on sale on the "Dark Web"tm.
(Score: 1) by anubi on Wednesday January 10, @10:04AM (1 child)
Totally agree.
Besides, how much stuff that the people are interested in... like how much of our tax monies are spent for stuff is cloaked under "that's classified".
I will concede that some things, like what's said in a football huddle, or our national defense capabilities and strategies, should be classified. For a little while, anyway.
But our own government certainly isn't any shiny bastion of righteousness, either.... but have the benefit of "classified".
So, now everyone is going "classified".
Monkey see, monkey do... first monkey complains that the second monkey's doing it too.
Its called a "balance of power" and is necessary for a free society to continue.
If we can not protect ourselves from our own government ( covertly organize if it comes to that ), we become quite vulnerable to slide into the same muck-ass condition NK is now in.
(Score: 0) by Anonymous Coward on Wednesday January 10, @11:12AM
Actually, communist regimes come to power as a result of underground conspiracies, and first thing they do is to remove the ladders they themselves used, while there is still genuine popular support for them.
Covert organization by itself is not a tool (or weapon) only for good, it is just a means for underdogs to evade identification and purge by topdogs, for any (underdog, topdog) couple and any combination of moral alignments.
For freedom, while still in democracy, anonymity and visibility is much more important, but there is problem with verification - any dictatorship, either soft or hard, can prevent or fake checking of facts published by leakers if the source of information is under its control.
Also, a dictatorship (or any organized interested party) can pressure any choke points such as public forums (it could happen here too, and I've seen it before on the green site), by flooding them with fake (or just recruited) shill commenters comments or moderation.
So, I would say, we need some novel cryptographic solutions for novel problems. We need safe anonymity for everyone, and participation by almost everyone (or immediate census of amount of public participation) in determining real public opinion, possibility of independent verification of facts (that would probably require that every information of potential public significance must be signed and signatures protected by a distributed blockchain), assignment of exactly single vote for each poll to every verified real but at same time anonymous identity, ... etc.
And, if all that fails, or creates yet another dystopia, then, we would once again need covert communication and storage of information. However, if it comes to that, that covertness is last resort of good, that usually means that reason and courage among the people are in deep retreat, and then perhaps it is a better strategy to let it all rot on its own (like it always does, for exactly the lack of reason and courage) and start over again from remaining muck or ashes. No need for heroes and martyrs, just for inventors, teachers and philosophers. As they say, the proof of the pudding is in the eating.
(Score: 0) by Anonymous Coward on Wednesday January 10, @09:14AM (10 children)
scenario:
encryption of messages is illegal.
I send an encrypted message to a friend.
law enforcement intercepts the message, makes a copy of the encrypted message.
I get arrested, placed in front of a judge.
I testify that I like sending random bits to my friend.
my friend testifies that he likes receiving random bits from me.
according to "innocent until proven guilty", I should go home with no problem after this.
bad consequence of law that cannot be enforced:
I learn that as long as I can get away with it, I can break the law as much as I want.
(Score: 2) by frojack on Wednesday January 10, @09:33AM (5 children)
News flash: You're guilty.
If even one partial sentence can be decrypted out of that message, you'd go to jail for encrypting a message. Remember there are large numbers of possible decryption of a message, depending on what algorithm you used. I'm sure they will choose a good algorithm to decrypt the random bits.
There will come a time when it is safer to say something intelligible, with meaning obscured by actual words and phrases.
Maybe we need an encryption method that reads as clear text, not totally disjoint collections of words, or song lyrics, and religious rantings. With the real message buried somewhere in the drivel.
(Score: 3, Funny) by Dr Spin on Wednesday January 10, @09:45AM (2 children)
Are you implying that there is a sane message underpinning one or two of Trump's tweets?
(Score: 0) by Anonymous Coward on Wednesday January 10, @09:49AM (1 child)
The Trump Rosetta Stone is carved onto Bannon's inner thigh.
(Score: 0) by Anonymous Coward on Wednesday January 10, @10:25AM
No, it's Rosie O'Donnell's thighs you should check.
(Score: 0) by Anonymous Coward on Wednesday January 10, @11:23AM (1 child)
If using a one-time pad, *every* sentence and its opposite can be "decrypted" from the random data (more exactly, everything of the same length is a possible decryption).
"So you say he sent an encrypted message. How do you know?"
"We've decrypted a sentence, it says 'kill them'"
"How did you decrypt it?"
"We just flipped some bits so that the message appeared."
"You flipped bits?"
"Yes, about half of them."
"Any pattern in the bits?"
"No. But you wouldn't expect that from a one-time pad encrypted message."
"Ah, but then, couldn't you always change some bits to get that message?"
"Errr … yes, sure."
"And if starting with random data, how many bits would you have to switch?"
"About half of them."
"In any specific pattern?"
"No."
"The defence has no more questions."
(Score: 2) by mhajicek on Wednesday January 10, @11:45AM
This relies on an intelligent and informed jury. Most would only hear that as technobabble.
(Score: 2) by ledow on Wednesday January 10, @11:19AM (2 children)
Destroyed by "reasonable doubt".
In that two people who aren't, say, mathematicians working on random number analysis, would be sending a bunch of random numbers back and forth (excluding the fact that if it starts with --- RSA PUBLIC KEY -- then likely it's not for that purpose).
They'd convict you for being a smartarse, if nothing else.
(Score: 0) by Anonymous Coward on Wednesday January 10, @11:27AM
If encryption were illegal, only morons would send messages that start with "--- RSA PUBLIC KEY ---".
Indeed, I'd expect steganography to rule in that situation. Is this just noise in that photo, or an encrypted message?
(Score: 2) by Kromagv0 on Wednesday January 10, @02:08PM
You've apparently never seen my facebook posts. I will from time to time post some base64 encoded random numbers just to mess with whoever may be watching.
Yes I am serious when I say that.
(Score: 2) by DannyB on Wednesday January 10, @02:22PM
Suppose you and your friend are actually exchanging random bits rather than encrypted messages.
Should that be illegal?
(Score: 3, Insightful) by takyon on Wednesday January 10, @09:17AM (1 child)
Congratulations. According to the latest FBI Director, cypherpunks and Silicon Valley alike pose an "urgent public safety issue" due to their use of effective ("strong") encryption. FBI Director Christopher Wray can confirm that encryption is working as intended...
It's clear that you don't get it. But don't worry, Mr. Wray. I'm sure your agency is hoarding vulnerabilities and hardware backdoors, or borrowing them from the NSA and CIA.
Also in the news, Wray is paying a little more attention to Twitter [go.com] now.
(Score: 2) by FakeBeldin on Wednesday January 10, @01:50PM
Let's be fair: he's also right in one aspect: strong encryption is a major public safety issue.
As in: Nowadays, the public needs strong encryption to be safe (on the internet).
Privacy is not about whether or not I have a right to hide something from you. It's about whether or not you have a right to spy on me.
Alas, in the USA the times of "Better that 10 guilty men go free than one innocent suffer [wikipedia.org]" have passed. It feels more like "10 innocent better not go free".
(Score: 5, Insightful) by Phoenix666 on Wednesday January 10, @09:19AM (3 children)
The bit that the US government has forgotten, and which most governments forget, is that they are not our master. We are their masters. They cannot demand, and get, anything they want from us because they are servants we have hired to do a job we want doing. We employ the FBI to fight crime, not to fight our freedom. If they demand such things as this from us, they want to reduce us to slaves beholden to them.
The FBI, the NSA, and the CIA are the threats to public safety now, and I worry about them far more than I worry about anything else, because there are thousands of them, working everyday, stealing billions of our dollars, and invading every level of our society. They're an existential threat.
Washington DC delenda est.
(Score: 2) by Dr Spin on Wednesday January 10, @09:48AM
The FBI, the NSA, and the CIA are the threats to public safety now.
Indeed. It would appear they are "crypto-fascists"!
(Score: 0) by Anonymous Coward on Wednesday January 10, @09:48AM
There are certain DC offices where people are paid to do almost no real work. Telework and goof off most of the week, come in 1 day a week. Weeks or months allocated to write a report that takes a day or two.
You get a choice of wasted money or trampled freedom. You don't get a choice.
(Score: 2) by DannyB on Wednesday January 10, @02:24PM
Idealistic to the end.
As a patriotic American, I am proud to stand up and cheer for the freedoms we once had.
(Score: 2) by FatPhil on Wednesday January 10, @10:04AM
(Score: 0) by Anonymous Coward on Wednesday January 10, @01:01PM
there's a physical device (key) that allows to reprogram GPS satellites ... as seen in 007. fact or fiction? i dunno.
if this tech were possible, then having physical possession of the (encrypted-)device AND a search warrant should allow
to connect the (encrypted-)device to the key-device at the "factory" where the device was built to unlock it.
if this tech where possible, then the algorithm that changes the key on the device and the key-device is destroyed
and ONLY the device and the (physical) key-device know the secret?
ofc, the key-device is behind a physical door to which only the government has the real-physical key? or such?
maybe a new department is required: Department of key keepers, DoKK?
(Score: 4, Insightful) by AthanasiusKircher on Wednesday January 10, @01:09PM
...Yes, encryption is definitely a "major public safety issue." Everyone should be using it all the time to avoid hacking of your financial data, protection of other critical private personal data, even avoiding tech-savvy stalkers etc. It's critical that the public has the tools to maintain its safety and privacy, so it's a major safety issue.
Oh wait... I just read TFS beyond the headline. Bloody hell. Why is it that federal government officials seem dead set to do the exact opposite of what would make sense in a more rational world??
(Score: 0) by Anonymous Coward on Wednesday January 10, @01:19PM
I don't where this logic could go, but I don't get to choose my own facts.
To implement an unlocking scheme Apple would have to have a 'master key' to unlock a phone.
With PKI, unlocking a phone should not disclose the key.
There is risk that the key will get stolen and then anybody could unlock it.
The risk is greater if they only have one master key for all phones, but that is fixable in the implementation.
I would rather this did not happen, but doesn't Apple already effectively have this in their ability to update phones?
Or hopefully the update is enabled only after the user logs onto the phone?
In which case, they would only have the ability during the update process.
