Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Encryption Government Technology

Senator Asks FBI Director To Justify His 'Ill-Informed' Policy Proposal For Encryption (gizmodo.com) 372

In a speech earlier this month, FBI Director Christopher Wray said the inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue." He proposed that Silicon Valley companies should add a backdoor to their encryption so that they could both "provide data security and permit lawful access with a court order." One person is not amused by Wray's proposal. Senator Ron Wyden criticized Wray on Thursday for not consulting him before going public with the proposal for encryption. Wyden said today, via Gizmodo: Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers. For years, these experts have repeatedly stated that what you are asking for is not, in fact, possible. Building secure software is extremely difficult, and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.

[...] I would like to learn more about how you arrived at and justify this ill-informed policy proposal. Please provide me with a list of the cryptographers with whom you've personally discussed this topic since our July 2017 meeting and specifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity. Please provide this information by February 23, 2018.

This discussion has been archived. No new comments can be posted.

Senator Asks FBI Director To Justify His 'Ill-Informed' Policy Proposal For Encryption

Comments Filter:
  • by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Thursday January 25, 2018 @12:05PM (#55999627) Homepage Journal

    I'll just leave this [wikipedia.org] here [epic.org].

    The problem is not at all new, and the Senator is right to allude to the Lawman's predecessors.

    • by Gaxx ( 76064 ) on Thursday January 25, 2018 @12:13PM (#55999681)

      Yes - both parties have been pretty bad on the issue. Nice to see that _someone_ is taking it seriously and listening to the experts, though :)

    • Not trolling. Serious question. Different states have different policies and it seems likely have acceptable outcomes in their respective societies. North Korea allegedly is the worst, with the mandated document editors saving copies of, and watermarking everything you write. But even in the US we've lived with having all printers watermark all documents (why you run out of yellow ink so fast) as well as PRISM and other data slurps. On the flip side law enforcement has had to confront cryptography for

      • by Anne Thwacks ( 531696 ) on Thursday January 25, 2018 @12:44PM (#55999903)
        The key difference is ubiquity and the accessibility to the tools by a non-expert.

        Nope - the key difference is whether your government is into control freakery.

        Uncrackable encryption is available to anyone who bothers to ask, and has been since before the invention of paper. Anyone can create completely uncrackable one-time-pad based systems with a pencil and paper and the use of a few brain cells. Steganography was known to ancient Greeks, and plenty of ancient codes have still to be broken.

        I bet there are quite a large number of languages in regular use that no-one in the CIA, FBI or TSA can speak. It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't. Mandating buckets with holes in is not going to eliminate theft of liquid either. Sometimes you will have to do detective work to solve crimes but "You can't win them all". Mandating that everyone writes all their thoughts in a placard and holds it above their heads at all times won't stop people from lying. Hell, nothing stops politicians from lying. And there is clearly no limit to stupidity.

        • by gnick ( 1211984 )

          It is also true that some TLA agencies can crack Rot13, but presumably quite a few can't.

          Rot13? [decode.org] Vs gurer'f n GYN gung pna'g penpx Ebg13, fbzrguvat vf irel jebat.

        • by AmiMoJo ( 196126 )

          You have to remember that most criminals are not particularly bright. How often do you hear that they were scuppered by posting incriminating photos on Facebook, or using the phone they just stole without wiping and disabling "find my phone"?

          They probably don't realize that WattsApp is encrypting their messages, or that the NSA is trying to read them. They only become aware when they get arrested and they find that the police can't get past the unlock code on their iPhone.

          So from the FBI's point of view if

          • You also have to remember that most people are not criminals, and are unlikely to be investigated for a crime (presuming proper due-process), as they are unlikely to be the victims of a crime for which evidence from a phone is likely to make a difference to their outcome.

          • You have to remember that most criminals are not particularly bright. How often do you hear that they were scuppered by posting incriminating photos on Facebook, or using the phone they just stole without wiping and disabling "find my phone"?

            Yes, you hear about those.

            It's the ones you don't hear about that aren't dumb.

        • by TheRaven64 ( 641858 ) on Thursday January 25, 2018 @01:08PM (#56000167) Journal

          One-time pads are not really feasible. An earlier Slashdot post suggested not thinking of one-time pads as encryption, but as a way of time shifting use of a secure channel. If you have a secure channel now over which you can distribute n bits of data, then you can distribute an n-bit one-time pad and then later you can use an insecure channel to send an n-bit message securely. Having to distribute a key as long as a message is not very easy, and the requirement that the pad be generated with a cryptographically secure random number generator makes it a bit harder.

          That said, algorithms like RSA and AES are pretty simple to implement. Most of the attacks on implementations of these have been timing vulnerabilities (requiring an attacker either on the same machine or very close on the network), or attacks on incorrect use of the crypto primitives in more complex cryptosystems. You can take the code examples from Applied Cryptography, change the #defines to give you longer key lengths (many of the examples use insecure key lengths to avoid export restrictions), and you've got an implementation of a secure algorithm. If you're encrypting offline and exchanging messages via some channel where an attacker has no control over or visibility of your timing, it's probably secure.

        • by houghi ( 78078 ) on Thursday January 25, 2018 @01:24PM (#56000345)

          I just want to say this from Radio Free Slashdot:
          Jean has a large moustache.
          Aunt Irma is feeling better.
          A cigar is not in the package.

          I repeat the message
          Jean has a large moustache.
          Aunt Irma is feeling better.
          A cigar is not in the package.

          This concludes the broadcast of Radio Free Slashdot

        • by houghi ( 78078 )

          The TSA has backdoors in luggage locks. I always just use zip ties, because then I will know that they where in there. Buy non-standard ones like pink ones.

      • Not all printers. EFF maintains a list. Reward OKI for their finger to the NSA. Don't buy from collaborators.

      • by AHuxley ( 892839 )
        By recovering the keys from anyone offering a telco product on their networks.
    • by Rick Schumann ( 4662797 ) on Thursday January 25, 2018 @12:39PM (#55999863) Journal
      As I just said to someone else: sadly typical law-enforcement type: obsessed with control, doesn't want silliness like 'civil rights', 'human rights', or 'common sense' getting in the way of controlling everything 24/7/365.
      • As I just said to someone else: sadly typical law-enforcement type: obsessed with control, doesn't want silliness like 'civil rights', 'human rights', or 'common sense' getting in the way of controlling everything 24/7/365.

        Well said, sir! I could not agree more.

        • To be fair, I should also say: Not all law enforcement types are like this, it's just what's (sadly) typical of the breed. It's not that being in law enforcement creates this type of person, it's that it attracts this type of person. They try to screen them out, but they have a way of hiding their natural tendencies.
          • by Blymie ( 231220 )

            Also -- many of such obsessive types MEAN WELL. They see short term, not long term, and it PAINS them that those that they know are guilty, might get off. Even for a second. Their risk assessments are also way out of wack, seeing small issues as MAJOR HOLY HELL! issues, where the entire planet will explode because one person got away.

            In such a scenario, tossing the bill of rights, ignoring or destroying individual rights is 100% secondary to the fact that someone GOT AWAY WITH IT! In their mind, they're

            • Well, you know what they say: nothing more dangerous than a 'true believer'.
              It's often the case that people who know in their heart-of-hearts that they're 100% right who commit the worst atrocities, cause the most damage.
    • by HiThere ( 15173 )

      Sorry, but I *will* blame those folks currently calling themselves conservatives. (I deny that they have any right to that name.) This doesn't either mean or imply that they are alone in this evil idiocy. As you point out, they aren't. But that doesn't let them off the hook for complicit behavior. One can point to an entire series of control freaks of both the left and the right (mainly the right, even in leftist controlled administrations, but definitely not solely of the right).

      Read "The Authoritaria

  • Score (Score:5, Insightful)

    by DontBeAMoran ( 4843879 ) on Thursday January 25, 2018 @12:19PM (#55999723)

    Senator Ron Wyden: intelligent and well-informed
    FBI Director Christopher Wray: either imbecile and/or not to be trusted

    • Shady as heck, preying upon the fears of those poor uninformed politicians! That's so mean!

    • by gtall ( 79522 )

      Yes, but so far he's resisted pressure from Trump and his oompa-loompas to fire lower level people. Wray is going to retire soon, it will be interesting (or disheartening) to see who is the successor.

    • Not imbecile or untrustworthy, at least not in the way you might mean; he's just (sadly) typical law enforcement type: obsessively wants to control everything and everyone around him, regardless of silly inconsequential little things like 'civil rights' or even 'human rights', to the point of throwing common sense out the window.
      • How is that not untrustworthy in every sense?

        • by HiThere ( 15173 )

          Well, if you can predict his opinion, then in a sense he's trustworthy. You may not like what you can trust him to do, but that's, technically, a different matter.

    • by amiga3D ( 567632 )

      Don't worry, Wray is about to be fired from his job on The Apprentice-White House Edition.

  • Spot fucking on. (Score:5, Insightful)

    by rogoshen1 ( 2922505 ) on Thursday January 25, 2018 @12:20PM (#55999735)

    As a republican living in OR, thank you Mr. Wyden. I wish more of legislature had an iota of common sense and understanding relating to tech before shitting out half-assed regulation with absolutely no care taken to unintended consequences.

    We should be more focused on keeping the pigs honest than catching the *incredibly* rare bogeymen.

    • Wyden is a Democrat.
      • And?

        Sadly, common sense and intelligence is a rare enough trait that it should be celebrated whenever and where ever it's found.

        I hate all politicians, but I appreciate this particular one's stance on this particular issue.

        • by gtall ( 79522 )

          That fellow Kennedy from La. nailed el Presidente Tweetie's court nominee (one of the lessor courts) when the nominee couldn't answer legal questions posed by Kennedy. The nominee withdrew in shame.

      • Re:Spot fucking on. (Score:4, Informative)

        by Strider- ( 39683 ) on Thursday January 25, 2018 @01:10PM (#56000203)

        Ahh, but some people, of which I presume rogoshen1 is, realize that people from the other side of the aisle aren't always the enemy, but can in fact do things that you like. It's not "Us" vs "Them" it's all "Us" just that we may not agree 100% with some of the othe othe rparts of "us"

    • Re:Spot fucking on. (Score:4, Interesting)

      by Tailhook ( 98486 ) on Thursday January 25, 2018 @01:55PM (#56000675)

      thank you Mr. Wyden

      I'm much less impressed with this. Wyden has as a premise that a backdoor is legitimate if only the mechanism can be made secure. Wyden does not assert that we are supposedly free people and may use whatever algorithm we wish, but that they should have such a backdoor capability once they can convince him that their backdoor can't be exploited.

      • It's a start, though. It's a short step from that viewpoint to "no backdoor can be made secure" to "I guess we shouldn't do that."

    • what makes you stick with the Rs? They've been pushing the 'Tough on Crime' / 'Think of the Children' agenda for ages. Sure, Clinton (Bill) pushed it too, but largely to court Republicans. While I'm not saying the Dems are saints I think it'd be much easier to purge and/or marginalize the corporatist schelps & authoritarian types from their party than the Rs.
  • by Fringe ( 6096 ) on Thursday January 25, 2018 @12:24PM (#55999761)
    Given that the FBI can't even track down messages sent between their own agents that they were required to "compliance" and archive, I'm not sure how encryption can add more difficulty. They've got a Keystone Cops vibe going there.
  • Can we mod this senator up?
  • In a few weeks, an avalanche of dirt (both true and untrue) from "anonymous whistle-blowers" about this Senator Wyden will start mysteriously appearing in news stories all over the country.

    They'll continue at least until he resigns in disgrace, is imprisoned due to the absolutely totally not photoshopped(*) donkey-fucking kiddie-porn incest home movies, or commits suicide.

    (*) The FBI have access to far better software than photoshop.

  • Well, then, there's at least one Congresscritter in our government who has a working brain! Who knows, maybe he can educate the rest of them?
  • by TheFakeTimCook ( 4641057 ) on Thursday January 25, 2018 @12:35PM (#55999837)

    I don't know anything about this Senator; but on this one topic alone, he would have my vote!

    I'd suggest we all write him and thank him for his courage and intelligence...

    https://www.wyden.senate.gov/c... [senate.gov]

    • I am glad that Wyden had the courage to call out the crap that the FBI has been spewing.
    • Surprised you don't know his name, Wyden has always been good on issues like encryption and is too often one of the very few voices of reason in Congress on some of these issues.

      • Surprised you don't know his name, Wyden has always been good on issues like encryption and is too often one of the very few voices of reason in Congress on some of these issues.

        I have probably heard his name before, but before this article, it didn't "register".

    • by swell ( 195815 )

      Or try this edress from http://hrlibrary.umn.edu/peace... [umn.edu]
      wyden@teleport.com

      They only respond to constituents in Oregon.

      Sadly, comedian and senator Al Franken, D-MN, who is tech savvy, is no longer able to speak for justice on the Hill.

  • So strange (Score:5, Funny)

    by Anonymous Coward on Thursday January 25, 2018 @12:44PM (#55999897)

    It just hit me that one of the reasons this story is so strange, is that someone in government (who is this Senator Wyden?) is treating the situation in a way that you might expect from an adult. I'm not used to this.

    Are we sure he's a Senator from a state in America? I don't want to later find out that Oregon is a place in Wales or something like that.

    • by clovis ( 4684 )

      Most legislators are indeed like Ryden. That's why you've never heard of them.
      No thanks to CNN, FOX, and their ilk for only quoting the spewings of the ones who are clowns.

    • by gtall ( 79522 )

      Wyden is fairly well-known.

  • by AHuxley ( 892839 ) on Thursday January 25, 2018 @12:48PM (#55999941) Journal
    What will wealthy criminals, cults, faiths, political groups, competitors, spies do when they work out the US gov has the keys to most consumer communications?
    They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.
    Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.
    If that fails they will watch for nations the US trusts and get a copy for that nations mil/police/gov.

    Dont tell anyone the FBI has the keys, ever.
    Build up a voice print database and cell phone ID matching system within the FBI. Stop using other agency/teloc/contractor support within the USA. Too many ex and former workers who might have gov methods to sell to keep track of.
    Start investigations internally but always have another reason for lawyers, FOIA, human rights groups, mid and low ranking cult members, faith groups, corrupt military/police to guess at. Informers, witnesses, luck, past investigative work. Anything to keep the interesting people guessing and talking as to FBI skill sets and methods.
    The bad people do not need to know the FBI has their conversations, voice prints, locations, files.
    Let the bad people keep trusting their computers, cell phones, big brand junk crypto.
    Ensure criminals feel confident to keep talking to their friends and with corrupt people in the military/police/gov/big brands/telcos.
    Suggest to the media and lawyers that every next generation of computer and cell phone is very/too difficult for law enforcement.
    Once bad people know the backdoor exists in every gen of cell phone they can just stop using that live mic and GPS they carry around.
    They can return to community, faith, their own networks.
    Consider how the GCHQ worked in Ireland to stop the flow of support entering Ireland. Lots of interesting people had a theory but nobody worked out the methods used to track interesting people, support moving, funding globally.
    If the crypto is junk, don't tell the world, use the data gathered and win.
    • by eth1 ( 94901 )

      What will wealthy criminals, cults, faiths, political groups, competitors, spies do when they work out the US gov has the keys to most consumer communications?

      They will ask their dual citizens, faith members, criminals, corrupt military/police/gov for the federal backdoor keys.

      Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.

      If that fails they will watch for nations the US trusts and get a copy for that nations mil/police/gov.

      It won't even last that long. Most likely someone involved in building said back doors will release the info before it's even live just to kill the whole thing before it starts.

    • Well that made a whole lot of sense .... NOT!
    • by sconeu ( 64226 )

      Interesting people/cults/criminals will use the junk crypto to run real time counter surveillance on US police/federal/state/city task forces and mil.

      They're so cute when they're naive. You think that the Feds will use the backdoored encryption?

      • by AHuxley ( 892839 )
        Re You think that the Feds will use the backdoored encryption?
        Just find who has that not 'backdoored encryption". The consumer systems/networks will decrypt once the keys are in the wild.
        If the gov/mil encryption holds and all surrounding consumer junk is decrypted? Thats all that is needed to track gov/mil.
  • He's talking about "baseless attacks on professional law enforcement", "professional law enforcement" being the FBI in this case.

    https://twitter.com/RonWyden/s... [twitter.com]

    I can personally reconcile those two things, but the optics aren't good. I know the response: "But my attack wasn't *baseless*." Okay. The problem is that it's a matter of opinion.

    • Actually it's a matter of fact.

      "Your stated position parrots the same debunked arguments espoused by your predecessors, all of whom ignored the widespread and vocal consensus of cryptographers."

      "Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely."

      "I would like to learn more about how you arr
  • The FBI is saying that the public law enforcement need justifies weakening already strong encryption.

    Though others will disagree that encryption should be anything but the strongest available.

    • The FBI is saying that the public law enforcement need justifies weakening already strong encryption.

      Though others will disagree that encryption should be anything but the strongest available.

      Precisely. It's a political decision (meaning, one that we resolve peacefully through our elected representatives), not a technical issue per se.

      Technical details, yes, bring on the tech experts. Deciding which trade-offs to make, well, that's what the political system is for.

  • by v1 ( 525388 ) on Thursday January 25, 2018 @01:02PM (#56000117) Homepage Journal

    It looks like the senator gave him a month to dig up an excuse, and left him with very little wiggle room. It's nice to see a tech-savvy representative, and specifically one that knows how to close all the escapes at the same time to speed up the process. I'm sure the director would love to be able to stall for 30 days and then step back up into the light and kick the can down the road another 30 days, but I don't see that happening this time.

    He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter. (though in this case it's almost certainly coming down to just doing specifically what he's been told to do, more of a "trump by proxy" move) It's rather irritating to see we've set things up so that certain people can't make certain rules, but then we go and let them replace the person responsible for that rule with someone that will do whatever they tell them to - it defeats the purpose of the separation.

    I'm also a little bit curious why I haven't seen this whole idea get compared with the TSA's baggage locks? Isn't that basically the same idea as this, though on a much more limited scale? Mandating a government back-door, and all the unintended as well as the widely-anticipated problems that you get as a result?

    • He's either going to have to dig up some at least semi-reputable cryptographers to throw under the bus, or admit that he's "pulling a trump" and ignoring all the experts around him in favor of his own opinions on the matter.

      It's at least partly a political question though, not just a technical question (I mean the whole issue, not the senator's question).

      Fire exits make stores less secure, for example, but we still require stores to have them.

      Now if this requires the director to be explicit about the tradeoffs, fine.

    • by gtall ( 79522 )

      No, he'll simply ignore Wyden. Unless Wyden comes back with a subpoena which would have to come from the entire Committee, Wray will simply fade away when he retires shortly.
       

    • That's all he needs to say. The damage from occasional breach by criminals will be dwarf by the gains from proper law enforcement. His arguments will be non technical. They'll pass the 'truthiness' test. Emotional if you will. To be honest such arguments usually win out in the end, if only because the people making them keep pushing for it.
  • If the authorities have keys to everyone's houses then you have:

    1. Made the location of those keys a target for criminals with a huge payoff.
    2. Made it easy for certain of the authorities themselves to abuse those keys for illegitimate purposes.

    The sickening thins is that this is a bi-partisan issue, that BOTH sides have horrible track records for. It seems that privacy and security of their constituents takes a back seat to anything else. Wonder why that is.

  • this guy's a hoot! look at the list - calling out the bullshit on so many topics, including pointing out the nonsense on industrial hemp being classified as a schedule 1 drug when there's BELOW 0.3% THC in it! i like this guy :) https://www.wyden.senate.gov/n... [senate.gov]

  • by Jody Bruchon ( 3404363 ) on Thursday January 25, 2018 @01:51PM (#56000637)
    I guess this isn't the best time to remind Mr. FBI about the Clipper Chip near-disaster. The government though they'd force people to use backdoored encryption chips in the 90s that contained a "Law Enforcement Access Field (LEAF)" and it not only compromised security but the LEAF check hash was also easily spoofed [wikipedia.org] plus the Skipjack algorithm used was ripped to shreds by cryptography researchers pretty quickly after declassification. [wikipedia.org] Had we been forced to use the Clipper Chip, we'd have had a major security mess on our hands since it was practically a placebo at its one main job: security.
  • by 31415926535897 ( 702314 ) on Thursday January 25, 2018 @02:33PM (#56001011) Journal

    As a conservative, I stand with Democrat Ron Wyden in his position. And that fact made me realize something.

    To liberals who often want to ban firearms: if you support Ron Wyden's reasoning about encryption, then please realize conservatives have been making the same arguments about firearms and the second amendment since forever. (e.g. if you ban strong encryption de jure, then only criminals will have strong encryption and that will be used against the average law abiding citizen).

    To conservatives to often want the state to have strong enforcement powers: don't be hypocrites. If you support the FBI/NSA/CIA desires for compromised encryption for the effectiveness of law enforcement, realize that the same logic will be used against your second amendment rights.

    We the people need to work together to make sure that the state doesn't abuse it's power, and this relates to encryption and firearms. Don't let the government use partisan politics to turn us against each other so that they can do as they please.

  • by Anonymous Coward on Thursday January 25, 2018 @03:31PM (#56001629)

    First, just common sense, it is essential to self defense to have reliable encryption.

    Second, the fed gov't already treats encryption technology like "arms" in some ways, i.e., export controls.

    So NRA, where are you now? Why aren't you protecting our rights?!?!

In 1869 the waffle iron was invented for people who had wrinkled waffles.

Working...