{"id":535,"date":"2015-09-11T01:24:54","date_gmt":"2015-09-11T01:24:54","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=535"},"modified":"2024-12-23T07:51:03","modified_gmt":"2024-12-23T07:51:03","slug":"fbi-director-ability-to-unlock-encryption-is-not-a-fatal-security-flaw","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/fbi-director-ability-to-unlock-encryption-is-not-a-fatal-security-flaw-535\/","title":{"rendered":"FBI director: Ability to unlock encryption is not a \u2018fatal\u2019 security flaw"},"content":{"rendered":"<p><a href=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/09\/FBI.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-536 size-full\" src=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/09\/FBI.png\" alt=\"FBI director: Ability to unlock encryption is not a \u2018fatal\u2019 security flaw\" width=\"620\" height=\"428\" srcset=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/09\/FBI.png 620w, https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/09\/FBI-300x207.png 300w, https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/09\/FBI-1x1.png 1w\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" \/><\/a><\/p>\n<p>In the tug-of-war between the government and U.S. companies over whether firms should hold a key to unlock encrypted communications, a frequent argument of technologists and privacy experts is that maintaining such a key poses a security threat.<\/p>\n<p>But on Thursday, FBI Director James B. Comey pointed out that a number of major Internet companies do just that \u201cso they can read our e-mails and send us ads.\u201d<\/p>\n<p>And, he said: \u201cI\u2019ve never heard anybody say those companies are fundamentally insecure and fatally flawed from a security perspective.\u201d<\/p>\n<p>Comey was airing a new line of government argument in the year-old public debate over the desirability of compelling Internet companies to provide a way for law enforcement to have access to decrypted communications.<\/p>\n<p>Although he didn\u2019t name names, he was alluding to major e-mail providers Google and Yahoo, which both encrypt customers\u2019 e-mails as they fly between servers, but decrypt them once they land in order to scan them and serve customers relevant ads.<\/p>\n<p>Comey, who spoke at a cyberthreats hearing held by the House Intelligence Committee, has been a leading voice advancing the concerns of law enforcement that the growing trend of strong encryption \u2014 where devices and some communications are encrypted and companies do not hold the keys to decode them \u2014 will increasingly leave criminal investigators in the dark.<\/p>\n<p>The current debate, which echoes a bitter argument over encryption in the 1990s, was triggered by Apple\u2019s announcement last September that it would expand the use of a method of encryption on its mobile operating system in which it did not hold a key. That meant Apple could no longer unlock troves of photos and other data stored on iPhones and iPads where the user had turned off the automatic backup to Apple\u2019s servers. Such data \u201cat rest\u201d is useful in criminal investigations.<\/p>\n<p>Of great concern to counterterrorism officials are communications encrypted in transit, such as text and instant messages, where the companies do not hold a key and where users have turned off automatic backups. Such end-to-end encryption is a feature of Apple\u2019s iMessage and FaceTime \u2014 a video phone-call system, as well as Open Whisper Systems\u2019 Signal, and WhatsApp \u2014 both instant message platforms.<\/p>\n<p>But stored commercial e-mail is largely either unencrypted, or encrypted with a key known to the provider, Christopher Soghoian, principal technologist at the American Civil Liberties Union, said in an interview. And that\u2019s a recipe for insecurity, he said.<\/p>\n<p>\u201cAny data that\u2019s either unencrypted or encrypted with a key known to another party is inherently more vulnerable,\u201d he said. He added that Google and Yahoo have been criticized for their lack of e-mail security, and the Chinese breach of Gmail announced in 2010 was a case in point.<\/p>\n<p>During the hearing, Comey said that the bureau was \u201chaving some very healthy discussions\u201d with companies on the issue. \u201cI would imagine there might be many, many solutions depending upon whether you\u2019re an enormous company in this business, or a tiny company in that business. I just think we haven\u2019t given it the shot it deserves.\u201d<\/p>\n<p>Rep. Adam Schiff (D-Calif.) noted that the tech firms have stiff global competition. Other companies are offering encrypted platforms that customers might choose. \u201cSo what do we achieve, apart from harming our economic interests, by insisting on a key?\u201d he said.<\/p>\n<p>Comey said he thought that part of the solution would be \u201can international set of norms\u201d in which other countries join with the United States to establish a rule that companies should be able to provide law enforcement with communications in the clear. \u201cI hear from our allies all the time,\u201d he said. \u201cThe French want the same thing. The Germans. The British. So I think that\u2019s something that could be done.\u201d<\/p>\n<p>Soghoian noted, however, that more and more encryption platforms are being made available on the Internet for free by individuals or groups of open-source developers in the United States and Europe, which will make it difficult to regulate them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the tug-of-war between the government and U.S. companies over whether firms should hold a key to unlock encrypted communications, a frequent argument of technologists and privacy experts is that maintaining such a key poses a security threat. But on Thursday, FBI Director James B. Comey pointed out that a number of major Internet companies &hellip; <a href=\"https:\/\/www.dogoodsoft.com\/blog\/fbi-director-ability-to-unlock-encryption-is-not-a-fatal-security-flaw-535\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">FBI director: Ability to unlock encryption is not a \u2018fatal\u2019 security flaw<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[216,217,52],"class_list":["post-535","post","type-post","status-publish","format-standard","hentry","category-news","tag-communication","tag-e-mail","tag-encryption"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=535"}],"version-history":[{"count":1,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/535\/revisions"}],"predecessor-version":[{"id":537,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/535\/revisions\/537"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}