To hear consecutive FBI directors tell it, unless legislators are willing to mandate encryption backdoors, the criminals (including terrorists!) will win. That's the only option — at least according to Jim Comey and Chris Wray — given that the FBI, with its billions in funding and wealth of brainpower, is apparently unable to decrypt files and devices simply by waving a warrant at them.
All evidence points to the contrary. What FBI directors refer to as "going dark" is actually just the temporary blindness that results from staring directly at the Golden Age of Surveillance sun. While FBI directors waste their time making everyone stupider, law enforcement agencies around the world (including the one represented by these particular misguided loudmouths) are putting plans into action.
Twice in 2021 alone, investigators around the world announced the end results of long investigations that involved taking over message servers or otherwise compromising encrypted communication services that were allegedly marketed almost exclusively to criminals. The FBI, in conjunction with Australian law enforcement, subverted and ran an encrypted messaging server for three years, intercepting millions of messages — something that led to hundreds of arrests around the world. A second investigation targeted a Canadian encrypted service provider, resulting in a number of charges being brought against its CEO.
It has happened again, as Joseph Cox reports for Motherboard. And once again, we can attempt to put FBI director Chris Wray's pouty, anti-encryption bullshit to bed.
Dutch police have cracked another encrypted phone company, this time reading messages from, and then shutting down, "Exclu," according to announcements from the police and Dutch prosecution service.
The news demonstrates law enforcement agencies' continued targeting of the encrypted phone industry, part of which has served organized criminal syndicates for years. The Dutch police specifically have been behind many of these hacks and shutdowns, working on other investigations into companies such as Ennetcom and Sky.
Whether or not these arrests will result in convictions or any perceptible decrease in crime is unknown. But what is certain is that the mere existence of encryption is not a dead end for investigators. The FBI knows this. Its upper management, however, continues to pretend otherwise. Until the FBI can be honest about the challenges posed by encryption, its opinion on the matter can't be trusted.
(Score: 5, Insightful) by SomeRandomGeek on Wednesday February 15, @09:41PM (9 children)
The FBI wants a investigative tools that fit the way they like to investigate. One of their favorite existing tools is the law that makes it a felony to lie to an FBI agent. Everybody lies, constantly, about everything. So, all they have to do is squeeze the subject. They conduct a few interrogations, catch their subject in a lie, then use the crime they have manufactured to blackmail the subject into cooperating with the investigation. A cyber investigative tool that worked like this would be some mechanism that guaranteed that they could either get the subject's computer records, or slap the subject with a hiding/destroying/falsifying records charge.
The example investigations from TFA involved breaking into those computers that they could and then waiting for years for them to be used for something incriminating. That is a completely different style of investigation.
Either way, we're fucked, because the supreme court has decided that our right to be free of unwarranted searches applies only to those kinds of searches that existed when the constitution was written, and as new kinds of searches are invented they are permissible until specifically outlawed.
(Score: 4, Interesting) by JoeMerchant on Wednesday February 15, @09:57PM (6 children)
>The FBI wants a investigative tools that fit the way they like to investigate.
And, why wouldn't they petition Congress for ways to do their job easier, cheaper and faster?
What we need, but seem not to have, is equal representation in Congress for the rest of us who suffer material damages from backdoors in commercial encryption products.
Because, only a moron would believe that real criminals won't roll their own undetectable steganography layered with unbreakable cryptography. Ergo, the entire debate is about lightweight criminals (which is pretty much all that the FBI has ever been able to interdict, anyway.)
Oh, and the effort involved in becoming a heavyweight "so dark the Feebs don't even know you are operating" crypto-user? Something akin to a 2 year AA degree in computer science, and a few weeks effort in making the applications which probably can run on hardware you can cobble together off of Amazon for less than $100 per endpoint.
Wild tangent: it took a F-ing 200' tall Chinese surveillance balloon with three schoolbuses full of equipment hanging under it for NORAD to recalibrate their radar apertures and "discover" not one, but three, so far, privately operating high altitude balloons in US-Canadian airspace that "might be a threat to civilian aviation".... again, your average middle-class high school nerd with a little bit of interest currently has the resources and ability to launch and maybe even operate one of these things... I am bi-partisanly disappointed in our leadership's apparent blindness to this reality for the past several decades... I mean, if Russia wanted to, they could have delivered a 50MT nuke pretty much anywhere in the mainland USA, up until a couple of weeks ago, and with altitude controlled steerage they probably could have managed a synchronized delivery and detonation on Los Angeles, NYC, Washington DC, Atlanta, Miami, Chicago, Dallas, Houston, Denver, San Francisco and St. Louis before we ever knew what was happening.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 4, Interesting) by SomeRandomGeek on Wednesday February 15, @11:32PM (2 children)
Not at all. The FBI doesn't want to outlaw strong encryption so that they can get into the computers of people who will be forced to use weak encryption. No, they know that their target criminals will use strong encryption anyway, and they want to be able to arrest them for that. It's like busting Al Capone on tax evasion. The only problem is that they think everyone who cheats on their taxes is Al Capone. And, of course, being able to spy on innocent people is just gravy.
(Score: 1, Interesting) by Anonymous Coward on Thursday February 16, @01:17AM
Don't forget the FBI might abuse the backdoors in order to plant/forge evidence, can you really trust the FBI not to?
https://soylentnews.org/comments.pl?noupdate=1&sid=53750&page=1&cid=1291963#commentwrap [soylentnews.org]
(Score: 2) by ChrisMaple on Thursday February 16, @03:45PM
Unbreakable strong encryption can be made indistinguishable from noise. Until decrypted, it cannot be proved that the file is not noise. This leads to all sorts of problems: if the investigative agency is honest, it can't prove that encryption is being used, so it shouldn't be able to get a warrant. If the agency is dishonest, it can get a warrant by claiming that a file of noise is evidence of encryption.
(Score: 2) by MIRV888 on Thursday February 16, @01:47AM (1 child)
Just put it in a cargo container bound for Boom Port USA. Doing it via a North Korean front company would be icing on the cake.
I'm offering pure conjecture, but I strongly suspect they've been aware of these balloons for some time.
(Score: 2) by JoeMerchant on Thursday February 16, @11:00AM
I'd like to think they have been aware of the balloons, but if they had there should have been recon missions to check for radiation, etc. and no reason to keep those missions (which I have never heard about) secret.
The only reason the boom box hasn't happened yet is because the shielding required to make a critical mass of plutonium undetectable is heavier than a standard container carries...
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 1) by crotherm on Thursday February 16, @04:19PM
Japan did just that in WWII with the Fu-Gu balloon bomb. https://en.wikipedia.org/wiki/Fu-Go_balloon_bomb [wikipedia.org]
(Score: 1, Interesting) by Anonymous Coward on Thursday February 16, @01:14AM
See also: https://theintercept.com/2015/03/16/howthefbicreatedaterrorist/ [theintercept.com]
https://www.theguardian.com/world/2011/nov/16/fbi-entrapment-fake-terror-plots [theguardian.com]
https://www.ted.com/talks/trevor_aaronson_how_this_fbi_strategy_is_actually_creating_us_based_terrorists?language=ha [ted.com]
(Score: 2) by janrinok on Thursday February 16, @07:02AM
The Supreme Court might shoulder some of the blame - but 2 of the 3 cracked systems involved other governments and were not necessarily US led. Those other governments will be keen to ensure that what they do meets their legal obligations to provide some protection if/when the investigation becomes public - but equally that any dirty work will, if possible, be attributed to the FBI.
(Score: 1, Insightful) by Anonymous Coward on Wednesday February 15, @11:30PM (4 children)
You can go dark, but you have to be willing to go old school. We make fun of the Russians now because they're bogged down in Ukraine, but a number of years ago they allegedly went back to typewriters for some things in their intelligence community. Plans to meddle in US elections are most likely not accessible at any server, at any IP. Hacking a rusty file cabinet in the Kremlin is not impossible of course, just difficult and I have a feeling we don't have too many of those kinds of agents left... or so I'm told.
If encrypted communications really matter, if the message is critical, if the bandwidth requirements aren't too high, then use a physical random number generator that dumps out a bunch of one-time pads, make sure people know how to use them, and distribute using trusted agents.
People are lazy though, even with real high risk stuff. People get complacent. I think that's how we got Bin Laden. They were doing all kinds of controlled contact and message drops, but somebody got careless or dropped a dime on him. Intelligence isn't just methodology, it's trust.
(Score: 0) by Anonymous Coward on Wednesday February 15, @11:53PM (2 children)
Is not a problem, my fine Yankee Doodle. I am the kind of agent that you refer to. You tell me which documents you want, and I'll manufacture - errr - liberate them. You want love letters between Vlad and his gay boyfriends? I get!
(Score: 0) by Anonymous Coward on Thursday February 16, @01:57AM
Yes, double-agents are a problem when you go old school too. Feed disinformation to both sides. Collect two paychecks. I bet those guys were some sick adrenaline junky psychopaths who didn't care about either side.
(Score: 2) by Freeman on Thursday February 16, @05:42PM
Made much easier in the age of ChatGPT.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by bart on Friday February 17, @07:32PM
Thanks Edward Snowden for making all this so completely clear.
(Score: 2, Insightful) by Anonymous Coward on Thursday February 16, @12:16AM (1 child)
If a criminal is using encryption effectively, and not picking the wrong services that happen to be compromised, then they will be able to Go Dark.
With more mainstream services implementing end-to-end encryption with no backdoors, even some of the dumber criminals will be protected, if only by accident.
This is a typical biased rant from TechDirt. The FBI has good reasons to be whining about encryption, as it impedes their jobs. At the same time, citizens are also correct to tell the FBI and other three letter agencies to shove it. You have no obligation to give up your privacy to make it easier for the government to catch criminals. If a murderer goes free because damning chat logs and searches aren't available, oh well, better luck next time.
(Score: 4, Interesting) by sgleysti on Thursday February 16, @03:55AM
Even if messaging services properly implement end-to-end encryption, I have the sneaking suspicion that modern smartphone and desktop operating systems are essentially swiss cheese from a security standpoint.
(Score: 3, Insightful) by MIRV888 on Thursday February 16, @01:39AM
Handing out 'super encrypted' phones via a bs corporate entity to various criminal / intelligence targets was absolutely brilliant.