{"id":381,"date":"2015-07-09T03:22:45","date_gmt":"2015-07-09T03:22:45","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=381"},"modified":"2024-12-23T07:52:20","modified_gmt":"2024-12-23T07:52:20","slug":"fbi-chief-wants-backdoor-access-to-encrypted-communications-to-fight-isis","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/fbi-chief-wants-backdoor-access-to-encrypted-communications-to-fight-isis-381\/","title":{"rendered":"FBI chief wants ‘backdoor access’ to encrypted communications to fight Isis"},"content":{"rendered":"

\"FBI<\/a><\/p>\n

The director of the Federal Bureau of Investigation has warned US senators that the threat from the Islamic State merits a “debate” about limiting commercial encryption \u2013 the linchpin of digital security \u2013 despite a growing chorus of technical experts who say that undermining encryption would prove an enormous boon for hackers, cybercriminals, foreign spies and terrorists.<\/p>\n

In a twin pair of appearances before the Senate\u2019s judiciary and intelligence committees on Wednesday, James Comey testified that Isis\u2019s use of end-to-end encryption, whereby the messaging service being used to send information does not have access to the decryption keys of those who receive it, helped the group place a \u201cdevil\u201d on the shoulders of potential recruits \u201csaying kill, kill, kill, kill\u201d.<\/p>\n

Comey said that while the FBI is thus far disrupting Isis plots, “I cannot see me stopping these indefinitely”. He added: “I am not trying to scare folks.”<\/p>\n

Since October, following Apple\u2019s decision to bolster its mobile-device security, Comey has called for a “debate” about inserting “back doors” \u2013 or “front doors”, as he prefers to call them \u2013 into encryption software, warning that “encryption threatens to lead us all to a very, very dark place.”<\/p>\n

But Comey and deputy attorney general Sally Quillian Yates testified that they do not at the moment envision proposing legislation to mandate surreptitious or backdoor access to law enforcement. Both said they did not wish the government to itself hold user encryption keys and preferred to “engage” communications providers for access, though technicians have stated that what Comey and Yates seek is fundamentally incompatible with end-to-end encryption.<\/p>\n

Comey, who is not a software engineer, said his response to that was: “Really?” He framed himself as an advocate of commercial encryption to protect personal data who believed that the finest minds of Silicon Valley can invent new modes of encryption that can work for US law enforcement and intelligence agencies without inevitably introducing security flaws.<\/p>\n

While the FBI director did not specifically cite which encrypted messaging apps Isis uses, the Guardian reported in December that its grand mufti used WhatsAppto communicate with his former mentor. WhatsApp adopted end-to-end encryption last year.<\/p>\n

“I think we need to provide a court-ordered process for obtaining that data,” said Dianne Feinstein, the California Democrat and former intelligence committee chair who represents Silicon Valley.
\nBut Comey\u2019s campaign against encryption has run into a wall of opposition from digital security experts and engineers. Their response is that there is no technical way to insert a back door into security systems for governments that does not leave the door ajar for anyone \u2013 hackers, criminals, foreign intelligence services \u2013 to exploit and gain access to enormous treasure troves of user data, including medical records, financial information and much more.<\/p>\n

The cybersecurity expert Susan Landau, writing on the prominent blog Lawfare, called Comey\u2019s vision of a security flaw only the US government could exploit “magical thinking”.<\/p>\n

Comey is aided in his fight against encryption by two allies, one natural and the other accidental. The natural ally is the National Security Agency director, Michael Rogers, who in February sparred with Yahoo\u2019s chief of information security when the Yahoo official likened the anti-crypto push to “drilling a hole in the windshield”, saying: “I just believe that this is achievable. We\u2019ll have to work our way through it.” The Guardian, thanks to Edward Snowden\u2019s disclosures, revealed in September 2013 that the NSA already undermines encryption.<\/p>\n

The less obvious ally is China, whom the FBI blamed last month for stealing a massive hoard of federal personnel data.<\/p>\n

In May, China unveiled a national security law calling for “secure and controllable” technologies, something US and foreign companies fear is a prelude to a demand for backdoor entry into companies\u2019 encryption software or outright provision of encryption keys.<\/p>\n

Without ever mentioning his own FBI director\u2019s and NSA director\u2019s similar demands, Barack Obama castigated China\u2019s anti-encryption push in March. Obama has also declined to criticize efforts in the UK, the US\u2019s premier foreign ally, to undermine encryption. Prime minister David Cameron is proposing to introduce legislation in the autumn to force companies such as Apple, Google and Microsoft to provide access to encrypted data.<\/p>\n

Under questioning from some skeptical senators, Comey made a number of concessions. When Ron Wyden, an Oregon Democrat, asked if foreign countries would attempt to mandate similar access, Comey replied, “I think they might.” The director acknowledged that foreign companies, exempt from any hypothetical US mandate, would be free to market encryption software.
\nIn advance of Comey\u2019s testimony, several of the world\u2019s leading cryptographers, alarmed by the return of a battle they thought won during the 1990s “Crypto Wars”, rejected the effort as pernicious from a security perspective and technologically illiterate.<\/p>\n

A paper they released on Tuesday, called “Keys Under Doormats”, said the transatlantic effort to insert backdoors into encryption was “unworkable in practice, raise[s] enormous legal and ethical questions, and would undo progress on security at a time when internet vulnerabilities are causing extreme economic harm”.<\/p>\n

Asked by Feinstein if the experts had a point, Comey said: “Maybe. If that\u2019s the case, I guess we\u2019re stuck.”<\/p>\n

Kevin Bankston of the New America Foundation called into question the necessity of Comey\u2019s warnings that encryption would lead to law enforcement “going dark” against threats. Bankston, in a Tuesday blogpost, noted that the government\u2019s latest wiretap disclosure found that state and federal governments could not access four encrypted conversations out of 3,554 wiretapped in 2014.<\/p>\n

Yet Yates said both that the Justice Department was “increasingly” facing the encryption challenge and that she lacked the data quantifying how serious the challenge was. Yates told the Senate judiciary committee that law enforcement declined to seek warrants in cases of encrypted communications and did not say how often it made such a decision.<\/p>\n","protected":false},"excerpt":{"rendered":"

The director of the Federal Bureau of Investigation has warned US senators that the threat from the Islamic State merits a “debate” about limiting commercial encryption \u2013 the linchpin of digital security \u2013 despite a growing chorus of technical experts who say that undermining encryption would prove an enormous boon for hackers, cybercriminals, foreign spies … Continue reading FBI chief wants ‘backdoor access’ to encrypted communications to fight Isis<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[143,142,52],"class_list":["post-381","post","type-post","status-publish","format-standard","hentry","category-news","tag-data-and-computer-security","tag-data-protection","tag-encryption"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=381"}],"version-history":[{"count":1,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/381\/revisions"}],"predecessor-version":[{"id":383,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/381\/revisions\/383"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}