– The New Crypto Wars – FBI Director James Comey Threatens Silicon Valley:
I’ve covered in detail how the U.S. establishment has been aggressively pushing against the American public’s right to private communications, i.e. encryption, ever since the terror attacks in Paris. This push continues unabated, with the latest shots fired earlier today by FBI chief James Comey at a Senate Judiciary Committee hearing.
We learn the following from the Intercept:
FBI Director James Comey on Wednesday called for tech companies currently offering end-to-end encryption to reconsider their business model, and instead adopt encryption techniques that allow them to intercept and turn over communications to law enforcement when necessary.
Comey had previously argued that tech companies could somehow come up with a “solution” that allowed for government access but didn’t weaken security. Tech experts called this a “magic pony” and mocked him for his naivete.
Now, Comey said at a Senate Judiciary Committee hearing Wednesday morning, extensive conversations with tech companies have persuaded him that “it’s not a technical issue.”
“It is a business model question,” he said. “The question we have to ask is: Should they change their business model?”
Comey’s clear implication was that companies that think it’s a good business model to offer end-to-end encryption — or, like Apple, allow users to fully encrypt their iPhones — should roll those services back.
Comey indicated that these companies should be satisfied providing customers with encryption that allows for interception by the providers, who can then turn over the information to law enforcement.
Privacy experts say that the same holes in encryption that allow for authorized interception also allow for unauthorized interception — and therefore provide insufficient security.
Comey acknowledged that encrypted apps would still exist. But, he said, encryption “by default” is the real problem. He told Sen. Mike Lee, R-Utah, that “I think there’s no way we solve this entire problem. … The sophisticated user could still find a way.”
That didn’t stop him from calling for an international standard for encryption technologies, however. Many popular encrypted applications are not U.S. based. Any action imposed on American companies would likely handicap them and lead customers to turn to overseas options.
Comey did not request specific legislation to compel companies to abandon end-to-end encryption, but told Sen. Dianne Feinstein, D-Calif., that he would like to see all companies responding to lawful requests for data. Feinstein offered to pursue legislation herself, citing fear that her grandchildren might start communicating with terrorists over encrypted PlayStation systems.
Does that seriously keep you up at night Feinstein? You need to get out more.
Toward the end of the hearing, Comey seemed to contradict his earlier comments urging companies to reconsider their business models. “I don’t want to tell them how to do their business,” he said. Then, moments later, he added that “there are costs to being an American business — you can’t pollute.” The implication there was that American businesses might need to comply with new standards regardless of what the rest of the world does — as if providing end-to-end encryption to protect the average person’s communications is the same as destroying the environment.
The worst part about all of this, as noted above, is that getting large tech companies to cease end-to-end encryption will only affect average Americans. Motivated players, such as the rich and powerful, criminals and terrorists, will have no problem accessing tools for strong encryption. As I previously highlighted in the post, Government is Lying – New Study Shows No Increase in Use of Encryption by Jihadists Since Snowden Revelations:
Bottom line: banning encryption or enforcing tech companies to backdoor communications services has zero chance of being effective at stopping terrorists finding ways to communicate securely. They can and will route around such attempts to infiltrate their comms, as others have detailed at length.
Here’s a recap: terrorists can use encryption tools that are freely distributed from countries where your anti-encryption laws have no jurisdiction. Terrorists can (and do) build their own securely encrypted communication tools. Terrorists can switch to newer (or older) technologies to circumvent enforcement laws or enforced perforations. They can use plain old obfuscation to code their communications within noisy digital platforms like the Playstation 4 network, folding their chatter into general background digital noise (of which there is no shortage). And terrorists can meet in person, using a network of trusted couriers to facilitate these meetings, as Al Qaeda — the terrorist group that perpetrated the highly sophisticated 9/11 attacks at a time when smartphones were far less common, nor was there a ready supply of easy-to-use end-to-end encrypted messaging apps — is known to have done.
Point is, technology is not a two-lane highway that can be regulated with a couple of neat roadblocks — whatever many politicians appear to think. All such roadblocks will do is catch the law-abiding citizens who rely on digital highways to conduct more and more aspects of their daily lives. And make those law-abiding citizens less safe in multiple ways.
Moreover, as was recently noted by Marcy Wheeler, the criminal mega banks are already moving fast to secure their communications. Yet, somehow Comey doesn’t seem particularly bothered by that…
From EmptyWheel:
I doubt he had the Transnational Crime Organizations on Wall Street in mind when he talked about the bad guys “still not be able to be decrypted.”
But HSBC, JP Morgan Chase, Citi, Deutsche Bank, Goldman Sachs and the other big banks supporting Symphony Communications — a secure cloud based communications system about to roll out — are surely among the world’s most hard-core recidivists, and their crime does untold amount of damage to ordinary people around the globe.
Which is why I’m so amused that Elizabeth Warren has made a stink about the imminent rollout of Symphony and whether it will affect banks’ ability to evade what scant law enforcement might be thrown their way.
I have [] concerns about how the biggest banks use of this new communications tool will impact compliance and enforcement by the Department of Justice [Warren sent versions of the letter to 6 regulators] at the federal level.
My concerns are exacerbated by Symphony’s publicly available descriptions of the new communications system, which appear to put companies on notice — with a wink and a nod — that they can use Symphony to reduce compliance and enforcement concerns. Symphony claims that “[i]n the past, communication tools designed for the financial services sector were limited in reach and effectiveness by strict regulatory compliance … We’re changing the communications paradigm” The company’s website boasts that it has special tools to “prevent government spying,” and “there are no backdoors,” and that “Symphony has designed a specific set of procedures to guarantee that data deletion is permanent.”
Warren is right to be concerned. These are serial conspiracists on a global scale, and (as Warren notes elsewhere) they’ve only been caught — to the extent that hand slaps count as being caught — when DOJ found the chat rooms in which they’ve colluded.
If Jim Comey is going to bitch and moan about criminals potentially exploiting access to encrypted communications, then he should start his conversation with the banks, not Apple. If he remains silent about this gang and their secure communications, then he needs to concede, once and for all, that actual humans need to have access to the same privilege of secure communications.
Just in case you still have any doubt that this is all about spying on the citizenry, as opposed to stopping elite crime or terrorism.
For related articles, see:
U.S. Government Moves to Exploit Paris Terror Attacks to Ban Privacy
In Liberty,
Michael Krieger