Microsoft may have your encryption key:here’s how to take it back

Featured

Microsoft may have your encryption key; here’s how to take it back

As happens from time to time, somebody hasspotted a feature in Windows 10 that isn’t actually new and has largely denounced it as a great privacy violation.

The Intercept has written that if you have bought a Windows PC recently then Microsoft probably has your encryption key. This is a reference to Windows’ device encryption feature. We wrote about this feature when it was new, back when Microsoft introduced it in Windows 8.1 in 2013 (and before that, in Windows RT.

Device encryption is a simplified version of the BitLocker drive encryption that made its debut in Windows Vista in 2006. The full BitLocker requires a Pro or Enterprise edition of Windows, and includes options such as integration with Active Directory, support for encrypting removable media, and the use of passwords or USB keys to unlock the encrypted disk. Device encryption is more restricted. It only supports internal system drives, and it requires the use of Secure Boot, Trusted Platform Module 2.0 (TPM), and Connected Standby-capable hardware. This is because Device encryption is designed to be automatic; it uses the TPM to store the password used to decrypt the disk, and it uses Secure Boot to ensure that nothing has tampered with the system to compromise that password.

The final constraint for Device encryption is that you must sign in to Windows with a Microsoft account or a Windows domain account to turn it on. This is because full disk encryption opens the door to all kinds of new data loss opportunities. If, for example, you have your system’s motherboard replaced due to a hardware problem, then you will lose access to the disk, because the decryption keys needed to read the disk are stored in the motherboard-mounted TPM. Some disk encryption users may feel that this is a price worth paying for security, but for an automatic feature such as device encryption, it’s an undesirable risk.

To combat that, device encryption stores a recovery key. For domain accounts, the recovery key is stored in Active Directory, but in the common consumer case, using a Microsoft account, it is instead stored in OneDrive. This recovery key can be used after, say, a motherboard replacement or when trying to recover data from a different Windows installation.

While device encryption is available in all versions of Windows 10, it has a particular significance in the Home version, where the full BitLocker isn’t available. Windows 10 Home also can’t use domain accounts. This means that if you enable device encryption (and on new systems that are set up to use Microsoft accounts, it may well be enabled by default) then the recovery key is necessarily stored on OneDrive.

Lawmakers push for commission on encryption

Featured

Lawmakers push for commission on encryption

Congress should create a national commission to investigate the difficulties encryption has created for law enforcement, a bipartisan pair of lawmakers argued Monday in a Washington Post op-ed.

“Congress must be proactive and should officially convene a body of experts representing all of the interests at stake so we can evaluate and improve America’s security posture as technology — and our adversaries — evolve,” said House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.).

It’s an idea that McCaul first floated several weeks ago, after terrorist attacks in Paris and San Bernardino, Calif.
The deadly incidents have given new urgency to a long-running debate over encryption. Lawmakers and investigators said they believe the people behind those incidents used encrypted communication to hide their plans.

“This presents an extraordinary security challenge for the United States and our allies,” McCaul and Warner said. “Because extremists are ‘going dark,’ law enforcement officials warn that we are ‘going blind’ in our efforts to track them.”

Officials looking into the Paris attacks said they have definitive evidence the terrorists used the popular encrypted apps Telegram and WhatsApp to help plan the assault that killed 130 people.

“Frustratingly, there are no easy answers,” said McCaul and Warner. “The same tools that terrorists and criminals are using to hide their nefarious activities are those that everyday Americans rely on to safely shop online, communicate with friends and family, and run their businesses.”

For some, the answer is legislation. Senate Intelligence Committee Chairman Richard Burr (R-N.C.) has called for a law that would require companies to decrypt data upon government request. But the tech community is balking at that, arguing that such a mandate would defeat the purpose of encryption.

Major tech players including Apple have even refused to comply with court orders to turn over encrypted data, arguing that they can’t access information secured by their own products. Only this type of inaccessible encryption truly protects data from hackers, technologists insist.

McCaul and Warner agreed with this assessment.

“Encryption is a bedrock of global commerce, and it has helped enhance individual privacy immeasurably,” they said. “It is also integral to our cybersecurity efforts — protecting individuals, U.S. businesses, intellectual property and our nation’s critical infrastructure.”

Yet because this same uncrackable technology is also used to hide nefarious activities, “digital innovations present us with a paradox,” they added.

A bill that would require companies to maintain a guaranteed entry point into their encrypted data would backfire, McCaul and Warner cautioned.

“Such a law could weaken Internet privacy for everyone and could have the unintended consequence of making our information systems more vulnerable to attack,” the pair said. “Moreover, in our globalized world, a U.S.-only solution would likely have only a limited impact and could encourage offenders to simply use technology developed overseas instead.”

But Congress must act, they said, suggesting a national commission of all relevant parties is the right step forward.

“We are seeking the brightest minds from the technology sector, the legal world, computer science and cryptography, academia, civil liberties and privacy advocates, law enforcement and intelligence to collaboratively explore the intersection of technology and security,” the duo said.

McCaul and Warner explained the group would tasked with “generating much-needed data and developing a range of actionable recommendations that can protect privacy and public safety.”

The effort may have momentum in Congress. Several Capitol Hill leaders have appeared hesitant to back Burr’s legislative efforts. McCaul and Warner’s alternative may be more palatable to lawmakers and the tech community.

“We cannot wait for the next attack before we outline our options,” they said.

China Antiterror Law Doesn’t Require Encryption Code Handovers

Featured

China Antiterror Law Doesn’t Require Encryption Code Handovers

BEIJING—China passed a new antiterrorism law that stepped back from previous language of concern to global technology firms, but which still raises questions about its scope and the potential impact on companies doing business there.

The law, passed Sunday by China’s rubber-stamp parliament, also authorized the armed forces and paramilitary police to take part in counterterrorism operations in foreign countries with the approval of those countries and Beijing’s military leadership.

Chinese authorities say the law is intended to help prevent terror attacks in China and better protect its citizens overseas, four of whom were killed by militants in Mali and Syria in November.

Beijing has blamed a series of recent attacks in China on jihadist separatists from the northwestern region of Xinjiang, where some of the mostly Muslim Uighur ethnic group have been resisting Chinese rule for decades.

The new law contains much of the language from a draft version released a year ago that U.S. officials, business groups and rights advocates criticized as having an overly broad definition of terrorism and onerous requirements for companies dealing with proprietary commercial information and private data in China.

The final version of the law requires telecom operators and Internet companies to help authorities with decryption of data and other counterterrorism efforts. Unlike the draft version, however, it leaves out some controversial language requiring tech companies to store their data locally and provide their encryption systems for review to be able to operate in China.

Still, the broad wording that tech companies must provide “technical means of support” to China’s government for counterterrorism has prompted concern among some U.S. tech firms, according to a person familiar with the matter.

“Telecommunications and Internet service providers should provide technical interfaces and technical support and assistance in terms of decryption and other techniques to the public and national security agencies in the lawful conduct of terrorism prevention and investigation,” says a final version of the law, published by the official Xinhua News Agency.

China’s law comes as data encryption has become a flash point globally between tech firms and law enforcement authorities. U.S. tech companies such as Apple Inc. and Google Inc. have been clashing with U.S. and European governments over new encryption technologies, which law-enforcement officials say hinder their ability to catch terrorists.

Apple criticized a U.K. proposal on Dec. 21 that would give national-security authorities more power to monitor communications. The proposal would require tech companies to retain “permanent interception capabilities” for communications, including “the ability to remove any encryption.”

U.S. President Barack Obama had spoken in support of the U.K. stance against encryption in January, but backed down from trying to change U.S. law in October.

U.S. Federal Bureau of Investigation Director James Comey said in November that the bureau had been stymied in tracking Islamic State’s recruiting efforts due to use of encrypted communication services.

Following Edward Snowden’s revelations that U.S. authorities inserted so-called backdoors in technology products to allow spying, U.S. tech companies have sought to distance themselves from government surveillance in order to regain the trust of consumers. Apple and Google have released software with encryption they say they are unable to unlock.

Chinese officials say they studied U.S. and European Union legislation while drawing up China’s counterterrorism law.

They have also stepped up efforts in recent months to persuade foreign governments that Uighurs resisting Chinese rule should be considered terrorists.

Beijing has long maintained that Uighur separatists have links to al Qaeda and Chinese officials have said in recent months that at least 300 ethnic Uighurs have joined Islamic State in Iraq and Syria.

Some recent attacks in China have borne the hallmarks of jihadist groups, but rights groups and Uighur activists say much of the violence is provoked by police abuses, excessive religious restrictions and a huge influx of non-Uighur migrants to Xinjiang.

The new law also restricts the right of media to report on details of terrorist attacks and the government’s response.

The counterterrorism law is part of a series of new pieces of legislation that many experts say are designed to tighten the Communist Party’s control over the economy and society, and promote a notion of rule of law that doesn’t undermine its monopoly on power.

President Obama has said he raised concerns about an early draft of the counterterrorism law directly with Chinese President Xi Jinping, saying technology companies would be unwilling to comply with its provisions.

U.S. officials and business groups have also expressed concern over a sweeping new national security law, passed in July, that the government says is needed to counter emerging threats but that critics say may be used to quash dissent and exclude foreign investment.

In May, China’s parliament also published a draft of a new law that seeks to tighten controls on foreign nongovernmental groups. Nearly four dozen U.S. business and professional groups signed a letter to the Chinese government in June urging it to modify that draft, which they said could hurt U.S.-China relations.

Senate Intel chair: “It’s time” for encryption legislation

Featured

Senate Intel chair: "It's time" for encryption legislation

Congress must enact a law that would require companies to decrypt data upon government request, Senate Intelligence Committee Chairman Richard Burr (R-N.C.) argued Thursday in a Wall Street Journal op-ed.

“Criminals in the U.S. have been using this technology for years to cover their tracks,” Burr said. “The time has come for Congress and technology companies to discuss how encryption — encoding messages to protect their content — is enabling murderers, pedophiles, drug dealers and, increasingly, terrorists.”

The recent terrorist attacks in Paris and San Bernardino, Calif., have reignited the debate over encryption. Lawmakers and investigators have said they believe the people behind those incidents likely used encrypted platforms to help hide their plans.
Burr has been one of Capitol Hill’s leading proponents of legislation that forces companies to crack their own encryption. But the tech community has pushed back, arguing that such a mandate would make encrypted data less secure.

Major tech players like Apple have even refused to comply with court orders for encrypted data, arguing that they can’t access their own secured information.

Burr said this has become a serious issue for law enforcement.

“Even when the government has shown probable cause under the Fourth Amendment, it cannot acquire the evidence it seeks,” he said, adding, “Technology has outpaced the law.”

Burr explained that the Communications Assistance for Law Enforcement Act of 1994 “requires telecommunications carriers — for instance, phone companies — to build into their equipment the capability for law enforcement to intercept communications in real time.”

“The problem is that it doesn’t apply to other providers of electronic communications, including those supporting encrypted applications,” he said.

It’s time for Congress to close that loophole with legislation, Burr insisted.

But it’s unclear if Burr would have the momentum to move his proposed bill. While Senate Intelligence Committee Ranking Member Dianne Feinstein (D-Calif.) has said she will work with him on his efforts, other congressional leaders seem more hesitant.

Many have suggested the government must simply do a better job of working with Silicon Valley to come up with a non-legislative solution.

House Homeland Security Committee Chairman Michael McCaul (R-Texas) recently proposed “a national commission on security and technology challenges in the digital age.” The commission, tasked with creating alternatives to legislation, would include tech companies, privacy advocates and law enforcement officials.

Burr countered that the tech community has almost forced Congress’s hand.

“I and other lawmakers in Washington would like to work with America’s leading tech companies to solve this problem, but we fear they may balk,” Burr said.

He noted that when Apple refused to comply with the court order seeking encrypted data, the company argued, “This is a matter for Congress to decide.”

“On that point, Apple and I agree,” he said. “It’s time to update the law.”

Best Disk Lock Has Been Updated to Version 2.62

Featured

The powerful data protection software-Best Disk Lock has been updated to version 2.62. There are many improvements in version 2.62, which are designed to make the program even easier to use. The latest version software not only improved the stability for disk elementary-lock, changed the Lock Log to Lock Record for easily unlocking, but also fixed the BUG that an error message occurred when the disk is opened after being unlocked in Windows XP.

Besides, six new features are introduced in this new version: added the feature to automatically open the disk when unlocking it, added the option for users that whether to recover the unlocked disk(s) to lock status, added the feature to automatically open the file or folder when unlocking it, added the option for users that whether to recover the unlocked file(s)  or folder(s) to lock status, added Lock Record for easily unlocking, added the feature Forbid using the unassigned drive letters for more control on USB storage devices.

Change Log of Best Disk Lock 2.60:

File Name: Best Disk Lock

Version: 2.62

File Size: 3.43MB

Category: System Security Software

Language: English

License type: Trial Version

OS Support: Win2000/XP/VISTA/Win 7/Win 8

Released on: Dec.22, 2015

Download Address: http://www.dogoodsoft.com/best-disk-lock/free-download.html

What’s New in This Version:

* Changed the Lock Log to Lock Record for easily unlocking.

– Fixed a BUG that an error message occurred when the disk is opened after being unlocked in Windows XP.

Why Choose Best Disk Lock:

Best Disk Lock Has Been Updated to Version 2.62

Best Disk Lock is a powerful utility that can not only completely hide disk partitions and CD-ROM drives on your PC, disable USB storage devices or set them as read-only, but also forbid using the unassigned drive letters . The partition with advanced-lock cannot be found in any environment by anyone else, so the security and confidentiality of your data on this partition can be ensured.

The feature Lock File is to change the access permissions of file, folder or disk in NTFS-formatted partitions, by which teh file/folder/disk will be prohibited or allowed to access. Besides, Best Disk Lock can configure the security of your computer system and optimize the system.

Apple CEO Tim Cook Mounts Defense of Encryption on “60 Minutes”

Featured

Apple CEO Tim Cook Mounts Defense of Encryption on "60 Minutes"

In a “60 Minutes” appearance Sunday, Apple CEO Tim Cook reiterated his support of encryption, in the face of renewed criticism from the U.S. intelligence community that these digital locks interfere with the ability to detect threats to national security.

Cook used an interview with CBS’s Charlie Rose to lay out his argument for why weakening encryption on consumer devices is a bad idea.

“If there’s a way to get in, then somebody will find the way in,” Cook said. “There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys.”

Following the mass murders in Paris and San Bernardino, Apple and other technology companies have come under mounting pressure to give U.S. law enforcement access to their consumers’ encrypted messages. FBI Director James Comey complained that potential attackers are using communications platforms that authorities can’t access — even through warrants and wiretaps.

“I don’t believe that the trade-off here is privacy versus national security,” Cook said in the interview. “I think that’s an overly simplistic view. We’re America. We should have both.”

Cook said modern smartphones such as the iPhone contain sensitive information: Personal health details, financial data, business secrets and intimate conversations with family, friends or co-workers. The only way to ensure this information is kept secure is to encrypt it, turning personal data into indecipherable garble that can only be read with the right key — a key that Apple doesn’t hold.

Apple will comply with warrants seeking specific information, Cook said, but there’s only so much it can provide.

Moving to other topics, Cook defended Apple’s tax strategy, which has drawn criticism from Congress. He described as “total political crap” charges that Apple is engaged in an elaborate scheme to pay little or no taxes on overseas income. He also discussed the company’s use of one million Chinese workers to manufacture most of its products, saying they possess the skills that American workers now lack.

“The U.S., over time, began to stop having as many vocational kind of skills,” Cook said in the interview. “I mean, you can take every tool and die maker in the United States and probably put them in the room that we’re currently sitting in. In China, you would have to have multiple football fields.”

The television news magazine also took viewers on a tour of Apple’s headquarters. Rose talked with design guru Jony Ive about the Apple Watch inside the secret design studio, where the wooden tables were draped with covers to shield future projects from the camera.

Apple CEO Tim Cook Mounts Defense of Encryption on "60 Minutes"

Retail chief Angela Ahrendts escorted Rose to a mock Apple Store in an unmarked warehouse off the main Cupertino campus.

And, armed with cameras and drones, Rose ascended a giant mound of earth to visit to the site of Apple’s future corporate headquarters, a building dubbed the “spaceship” by many. The $5 billion project, with 7,000 trees, fruit and vegetable gardens and natural ventilation system, is expected to one day house 13,000 employees.

Paris attack planners used encrypted apps, investigators believe

Featured

i

French counterterrorism investigators believe that the men suspected in last month’s Paris attacks used widely available encryption tools to communicate with each other, officials familiar with the investigation said, raising questions about whether the men used U.S.-made tools to hide the plot from authorities.

Investigators have previously said that messaging services WhatsApp and Telegram were found on some of the phones of the men suspected in the November attacks that claimed 130 victims. But they had not previously said that the services had been used by the men to communicate with each other in connection with the attacks. The two services are free, encrypted chat apps that can be downloaded onto smartphones. Both use encryption technology that makes it difficult for investigators to monitor conversations.

The findings of the investigation were confirmed by four officials, including one in France, who are familiar with the investigation. All spoke on the condition of anonymity because they were not authorized to speak publicly about the ongoing inquiry. A spokeswoman for the Paris prosecutor’s office, which is leading the investigation, declined to comment.

The investigators’ belief that WhatsApp and Telegram had been used in connection with the attacks was first reported by CNN.

The revelation is likely to add fuel to calls in Congress to force services such as WhatsApp, which is owned by Facebook, to add a back door that would enable investigators to monitor encrypted communications. Such demands have grown stronger in the wake of the Paris attacks and after other attacks in the United States in which the suspects are believed to have communicated securely with Islamic State plotters in Syria.

Already, security hawks in Congress, citing the likelihood that the Paris attackers used encrypted communications, have called for legislation to force companies to create ways to unlock encrypted content for law enforcement. Sen. Dianne Feinstein, D-California, vice-chairman of the Senate Intelligence Committee, has begun working on possible legislation. And Sen. John McCain, R-Arizona, chairman of the Senate Armed Services Committee, has promised hearings on the issue, saying, “We’re going to have legislation.”

FBI Director James B. Comey last week cited a May shooting in Garland, Texas, in which two people with assault rifles attempted to attack an exhibit of cartoons of the prophet Muhammad. Investigators believe they were motivated by the Islamic State. Comey told the Senate Judiciary Committee that encrypted technology had prevented investigators from learning the content of communications between the shooters and an alleged foreign plotter.

“That morning, before one of those terrorists left and tried to commit mass murder, he exchanged 109 messages with an overseas terrorist,” Comey told the committee. “We have no idea what he said, because those messages were encrypted.”

Tech firms such as Apple have opposed such calls, saying that such a requirement would render their services and devices less secure and simply send users elsewhere. Apple began placing end-to-end encryption on its chat and video call features several years ago. Then last year, in the wake of revelations by former National Security Agency contractor Edward Snowden about the scope of U.S. surveillance, Apple announced it was offering stronger encryption on its latest iPhones. And more tech firms began to question what had once been routine law enforcement requests to comply with court-ordered wiretaps.

A spokesman for Facebook declined to comment about whether the attackers used WhatsApp. A representative for Germany-based Telegram did not respond to a request for comment.

The officials familiar with the Paris investigation did not say when the services were used, how frequently or for what purpose. One of the officials said investigators believe that the attackers used Telegram’s encrypted chat function more frequently than they used WhatsApp. It was not clear whether authorities were able to obtain “metadata,” information indicating the times and dates of chat messages from either company’s servers. Nor was it clear whether authorities had been able to recover the messages from the phones themselves.

Not all encrypted apps are equal. WhatsApp offers end-to-end encryption between two users on some platforms, such as Android phones. That means the chat content is not visible to Facebook but only to the sender and receiver. WhatsApp is in the process a rollout for Apple’s iPhones. Telegram’s Secret Chat feature is end-to-end encrypted. However, a number of experts say that Telegram is not secure.

“It’s home-brew crypto style,” said Lance James, chief scientist at Flashpoint, a threat intelligence firm. The Telegram developers have “introduced unnecessary risk by making up their own cryptography rules.” He said he was “fairly certain” that advanced spy agencies could find ways around the encryption.

The group chat functions on the apps do not offer end-to-end encryption, which means anyone with access to WhatsApp or Telegram’s servers can read the chats.

European authorities have come under heavy criticism for failing to disrupt the Paris attacks, and it is unclear whether encrypted messaging played an important role in the plot’s success. Ringleader Abdelhamid Abaaoud, a Belgian citizen, was being monitored by European authorities but nevertheless managed to travel to Syria and back this year.

Another suspect, Salah Abdeslam, is still at large despite having been stopped by French police at the Belgian-French border hours after the attacks. He used his real identity documents, but he was not yet in a database, Belgian Interior Minister Jan Jambon told the Belgian VTM broadcaster in an interview aired this week.

“We were simply unlucky,” he said.

Then, investigators believe, Abdeslam went into hiding in a building in the Molenbeek district of Brussels, and Belgian Justice Minister Koen Geens said that a Belgian law banning police raids between 9 p.m. and 5 a.m. may have played a role in his subsequent escape.

FBI chief James Comey says Calif. killers used encrypted email, but not social media

Featured

FBI chief James Comey says Calif. killers used encrypted email, but not social media

The couple who killed 14 people and wounded nearly two dozen others this month in California chatted secretly of jihad long before they married or entered the United States, not on social media as politicians have claimed, FBI Director James Comey said Wednesday at a Manhattan law enforcement conference, where he urged the public to remain alert for signs someone close to them is being radicalized online.

Comey said those messages between Syed Rizwan Farook and Tashfeen Malik were direct, private messages well before their attack in San Bernardino, California.

“So far, in this investigation we have found no evidence of posting on social media by either of them at that period in time and thereafter reflecting their commitment to jihad or to martyrdom,” he said, referring to the reports suggesting that Malik had spoken openly on social media about jihad and that background checks had not detected those comments.

Comey made his statements at 1 Police Plaza, first at the NYPD Shield Conference, which included several hundred security personnel who work in the private sector and who collaborate with the NYPD, and again at a news conference.

“The threat comes from social media, which revolutionized terrorism,” Comey said.

Comey revealed for the first time that the shooting deaths last July of five people after attacks on two military installations in Chattanooga, Tenn., have now officially been classified as a terrorist attack. The assailant in that attack, Muhammad Youssef Abdulazeez, a naturalized U.S. citizen living in Hixson, Tenn., was killed by police gunfire after he shot and killed four Marines and a sailor and wounded three other people.

The White House on Wednesday said President Obama plans to visit San Bernardino on Friday and meet with the families of shooting victims there.

Comey said he understands Americans are jittery, but citizens should try to channel their awareness into vigilance, not panic. He said the threat from the Islamic State group, known as ISIS or ISIL, has not changed — but it’s vastly different from how terror cells operated around the time of the Sept. 11 attack. “Your parents’ al-Qaida is a very different model and was a very different threat that what we face today,” he said.

For example, he said, some Twitter messages cannot be “unlocked” by law enforcement, making it impossible for them to track communications between terrorists.

Comey said Farook and Malik communicated via encrypted email which investigators have not been able to crack.

“The bottleneck here is there are a lot people who have designed these products and they can’t access it themselves because that is what the market requires,” Comey said. He said he hoped further public debate on encryption will convince the public to accept that unlocking encryptions is needed by law enforcement to battle global terrorism.

Comey said the messages relayed from foreign terrorist groups are as succinct as “I will kill where I am.” Comey said such messages have inspired homegrown terrorists, who are receiving these messages on their phones daily.

Comey also urged the public not to “freak out” because they are anxious about another homegrown terrorist attack. Instead, he said, “We need the public to be aware and not to be fearful, but instead have a healthy awareness of their surroundings and report something if they see something. Tells us [law enforcement], because we need your help, and then live your life and let us do our job.”

NYPD Commissioner William Bratton echoed Comey’s comments. “To prevent crime, disorder and now terrorism we must go where it begins . . . in the minds of those who hate and feel victimized. People who see this are moms and dads.”

Bratton said the terrorists are “propagandizing messages that are slick and professional and are inspiring attacks.”

Encrypted Messages Stymied Probe of Garland Shooting — FBI Director

Featured

Encrypted Messages Stymied Probe of Garland Shooting — FBI Director

FBI Director James Comey Jr. testifies at a Senate Judiciary Committee hearing on Capitol Hill in Washington December 9, 2015. John McCain (R-Ariz.), who said after the Paris attacks that the status quo was “unacceptable”.

He said the Federal Bureau of Investigation was focused intently on the threat of homegrown violent extremism, “the radicalization in place” of people who become inspired, influenced and/or directed by a terrorist group or extremists.

Though he said the Obama administration was not seeking to address concerns over data encryption on smartphones, he said he remained concerns that criminals, terrorists and spies were using such technology to evade detection. This is why technologists must continue to dispel the myths behind the arguments against encryption. ”

This isn’t going to solve the whole problem”, Comey said. “I’m not questioning their motivations”, Comey said.

In response Comey appeared to counter his previous statement on the lack of a “technical issue”, and essentially admitted he doesn’t know how companies would comply with the order, but it would be their burden to figure it out. “In fact, the makers of phones that today can’t be unlocked, a year ago they could be unlocked”.

He also says tech companies should just accept that they would be selling less secure products.

William Binney, veteran NSA codebreaker and early whistleblower, said good intelligence is much more a matter of collecting the destinations and origins of communications – the “metadata”, which will not work if encrypted – than of breaking into people’s private messages to see what’s there.

Comey said he is engaged in ongoing and productive conversations with Silicon Valley. “I promise you that’s the way we conduct ourselves”. “We care about the same things”.

One of the attackers “exchanged 109 messages with an overseas terrorist” on the morning of the shooting, Comey said. “That is a big problem”, he said.

If firms have already decided that strong encryption is in their best interest, Sen. “Encryption is always going to be available to the sophisticated user”. FaceTime, Apple’s video call feature, has had end-to-end encryption since 2010.

In the wake of National Security Agency contractor Edward Snowden’s revelations about mass surveillance in 2013, there have been several discussions about governments’ need to be able to look at citizen data and individual privacy. Feinstein offered to pursue legislation herself, citing fear that her grandchildren might start communicating with terrorists over encrypted Playstation systems. ”

US tech companies do not want to be the middleman between law enforcement and their customers”, observed Utah Republican Orrin Hatch to Comey, who said he “wasn’t sure what [Hatch] meant by “middleman”. “Our ability to monitor them has not kept pace”. “We ought to remember the limits on what we can do legislatively, it wouldn’t necessarily fix the problem”. But law enforcement agents still have powerful tools to surveil suspects and gain information on terror plots.

FBI Director: Silicon Valley’s encryption is a “business model problem”

Featured

FBI Director: Silicon Valley’s encryption is a “business model problem”

Leaders in both major political parties have increasingly been calling on tech companies to give law enforcement encryption backdoors in the wake of recent terror attacks in Paris and California.

Today, FBI director James Comey has suggested that Silicon Valley isn’t faced with a serious technical problem, but rather a “business model problem,” according to a report on his comments in The Intercept, based on C-SPAN video of the hearing.

On the face of it, Comey’s statement would seem to back away from earlier suggestions that tech companies can and should find a way to allow access to data when law enforcement wanted it, but provide otherwise secure services. Critics have pointed out that any encryption backdoors that can be used by the “good guys” also lead to widespread insecurity, since they can also be exploited by not-so-good guys.

At one point, Comey identified the problem as encryption “by default,” leading even unsophisticated users to have encrypted phones. The exchange looked like a veiled jab at Google and Apple.

“There are plenty of companies today that provide secure services to their customers and still comply with court orders,” said Comey. “There are plenty of folks who make good phones who are able to unlock them in response to a court order. In fact, the makers of phones that today can’t be unlocked, a year ago they could be unlocked.”

Comey also provided a specific example of a situation in which he said encryption was an obstacle for law enforcement.

“In May, when two terrorists attempted to kill a whole lot of people in Garland, Texas, and were stopped by the action of great local law enforcement,” he said. “That morning, before one of those terrorists left to try to commit mass murder, he exchanged 109 messages with an overseas terrorist. We have no idea what he said, because those messages were encrypted. That is a big problem.”

In the end, Comey didn’t really make clear exactly what measures he expects tech companies to take, or whether he’d favor legislation to force them to do it. But he made clear, in a fairly confusing way, that he’s not satisfied with the current drive to encrypt devices.