FBI Keeps Crying About Encryption Backdoor, so Who's Lying to the Feds?
The Feds are keeping up with the demand for some way to access encrypted devices, even after being repeatedly told that it's not a feasible request. FBI director Christopher Wray attended the FBI Boston Conference on Cyber Security where he discussed many topics before lamenting again about all those devices the FBI couldn't crack last year and about the encryption backdoor they crave.
As expected, he backtracked a bit before going into this mindboggling comparison by saying the crypto issue can be solved because the tech industry managed to create cloud platforms that can be accessed by users from anywhere in the world.
That train of thought is a bit ambiguous, to say the least. The point he was trying to make was that if the tech industry managed to create such a wonderful thing as "the cloud", then it can surely help law enforcement crack open those pesky phones. They want the tech industry to take law enforcement's lawful need to access data seriously.
As a reminder, the FBI has said that in the fiscal year of 2017, they were unable to access the content of nearly 7,800 phones, more than half the devices they attempted to access in that period. Then, there's that whole saga with the iPhone of the San Bernardino shooter where the Feds sued Apple and Apple said there was nothing they could do since that's just how the on-device encryption works. The FBI then allegedly spent close to $1 million to crack the device through a method that was not revealed and dropped the case.
There's no question that encryption is hindering investigations. "This problem impacts our investigations across the board - human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation, and cyber," Wray said during his speech. He wasn't specific on what should be done, but he wants some action to be taken by the big companies of the tech world.
He went on to say that he doesn't want encryption backdoors because those are some type of secret, insecure means of access. They're merely asking for the ability to issue a warrant and have that device open in front of them.
Of course, there's no real way around this. A device is either encrypted, or it's not. Companies are putting encryption into gadgets and giving the key to opening them only to their owners for many reasons; the main one is to allow these people to completely control their devices and their data. The whole point of encrypting something is that someone else doesn't get to look at it, including the company that made the device, or the app, or whatever service you're using, because that weakens security.
The FBI keeps pushing and pushing, and we get why. They need results in their work, just like everyone else does. And they can't get those results if they don't have access to all the data. It's frustrating, but this battle is at a standstill. What the FBI wants, the tech world can't deliver without breaking people's trust. And there's nothing to say users won't take back control and use their own encryption algorithms to secure data or build their own apps to use instead of the ones that broke their trust. It's been proven in the past that terrorists use their own tools and not popular apps to communicate, for instance.
Who's feeding the FBI lies about encryption?
Recently, a US Senator started a campaign to get the FBI to explain how exactly a backdoor that can be used only by the Bureau would work and how it would affect strong and secure encryption. Just as befuddled are crypto gurus who decided to send a letter and maybe figure out who's been lying to the FBI that such a thing is possible. Martin Hellman, a professor at Stanford who put the bases for the crypto systems of today, Steve Bellovin, USENET co-creator, Paul Kocher, cryptographer, and Bruce Schneier, security guru, signed the letter.
More specifically, they want to find out "with whom the bureau has been consulting and which cryptographic experts believe an exceptional access system can be built securely."
They go on to explain that introducing backdoors into software is a flawed policy that would harm American security, liberty, and economy. "Just because a non-technical person believes that such a system can be developed does not make it so. In fact, and as your letter notes, many experts have warned that security would be weakened by exceptional access mechanisms," the letter reads.
Whether the FBI will make a move and reveal the names remains to be seen, but it is quite unlikely.
It’s also worth the mention that such a backdoor could increase the chances that hackers either manage to force their way into the systems through the cracks in the wall or turn to social engineering. Plus, there’s really no telling that someone in law enforcement wouldn’t turn rogue and use the backdoor key for their own gain, much like it happened to the NSA tools that were revealed by the Snowden files. Several NSA employees were fired then after it was revealed they were using the various NSA mass surveillance programs to snoop on spouses. This shows that just because law enforcement holds the keys, it doesn’t mean they’re safe.