Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government Privacy Security United States

FBI Slammed On Capitol Hill For "Stupid" Ideas About Encryption 174

blottsie writes: At a hearing in Washington, D.C., on Wednesday, the FBI endured outright hostility as both technical experts and members of Congress from both parties roundly criticized the law enforcement agency's desire to place so-called back doors into encryption technology. "Creating a technological backdoor just for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate. "That's just stupid. Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have," Lieu said.
This discussion has been archived. No new comments can be posted.

FBI Slammed On Capitol Hill For "Stupid" Ideas About Encryption

Comments Filter:
  • by UnknownSoldier ( 67820 ) on Thursday April 30, 2015 @05:43PM (#49590023)

    At the risk of being down-modded: ... it is the people that allow them to get away with this stupid shit in the first place.

    • by Touvan ( 868256 ) on Thursday April 30, 2015 @05:49PM (#49590075)

      You could say that about anyone who does anything stupid. It's just a cop out - usually to avoid the work part of coalition building. This discussion is part of the process of not allowing them to get away with it.

      • by monkeyzoo ( 3985097 ) on Thursday April 30, 2015 @08:18PM (#49590735)

        I'm so pleased on multiple counts... First of all, that legislators would be smart enough to understand what a stupid idea this is and not just believe it la-di-da, public safety, terrorism, the FBI says we have to do it or we'll all die. Second, I'm pleased to see there is something that Congress can agree on bipartisanly.

    • by ShanghaiBill ( 739463 ) on Thursday April 30, 2015 @06:16PM (#49590227)

      it is the people that allow them to get away with this stupid shit in the first place.

      Except they are NOT getting away with it ... because of the people. We are not going to accept it, and our elected representatives know that. They already tried this crap with the Clipper Chip [wikipedia.org], which died in a firestorm of protest. The same is happening now. There is no way that the TLAs are going to LEGALLY get a backdoor. It is not going to happen.

      • by AK Marc ( 707885 ) on Thursday April 30, 2015 @06:26PM (#49590291)

        Except they are NOT getting away with it ...

        Until you can name an FBI agent or administrator in prison, they *are* getting away with it.

      • by epyT-R ( 613989 )

        Ever heard of CALEA ports?

        http://en.wikipedia.org/wiki/C... [wikipedia.org]

        • by Damarkus13 ( 1000963 ) on Thursday April 30, 2015 @08:16PM (#49590729)
          A CALEA port does no good if the communication is encrypted by the parties communicating. This is why the FBI is bitching.
          • by epyT-R ( 613989 )

            I was referring to the CALEA legislation which 'the people' also fought and lost, not that CALEA and crypto are the same thing. However, making it legal for TLAs to force backdoors in crypto is certainly similar.

            • Re: (Score:3, Informative)

              It certainly sounds similar but it's really not.

              The CALEA ports aren't really a backdoor though, more like a side utility door it is just to make it easier for the police to do something they could already lawfully do with cause. Get the traffic that goes through the companies equipment with a warrant. The police have always been able to get a warrant to get data from anyone on anything either electronic or paper if they have cause. They can already right now get a warrant forcing you to allow them to insta

      • Put in back doors, and you can kiss any American "security" software goodbye. Let's not even bother with the whole issue that a backdoor will be found and opened, then all hell will break loose, and stick with the fact that nobody on the planet will knowingly buy or use "security" software that is known to have a backdoor.
        If they get away with this backdoor crap, how long until they are demanding master keys to your house. (Yeah, that's a bit of hyperbole, but only because the physical expense would be huge
    • by Bob9113 ( 14996 ) on Thursday April 30, 2015 @06:38PM (#49590377) Homepage

      Whistleblowers have been coming forward, the people have been loudly criticizing it, we elected the Presidential candidate who was most opposed to it in both of the last two elections (the second guy was distinctly more of a "lesser of two evils" than the first), and we've been taking them to court.

      So, to recap, that's soap box, ballot box, and jury box that we've been using. To claim that we're letting them get away with it is to betray your ignorance of the facts. Short of revolution, we have done everything we can. This is the oligarchy ignoring the law and the will of the people.

    • by gweihir ( 88907 ) on Thursday April 30, 2015 @07:11PM (#49590513)

      A police state is what happens when the citizens forget that police-people always want more control and power that is good for society and forget to kick them in the nuts from time to time. The mind-set of most people joining the police and similar (like the FBI) is not compatible with a free society, hence oversight and democratic control. They literally cannot police themselves. Of course, many police states an even quite a few totalitarian regimes where cheered in by the people that later suffered under them.

      • by dwillden ( 521345 ) on Friday May 01, 2015 @05:58AM (#49592111) Homepage
        <quote><p> The mind-set of most people joining the police and similar (like the FBI) is not compatible with a free society, .</p></quote>

        I would beg to differ on this. The mind set of most people joining these agencies is actually a love of country and law and order. But then they get drawn into the task of investigating crimes and continually run into the brick wall of the constitution in their well meaning efforts to root out criminals. That and the continual push from above to arrest the bad guys leads to them trying to make their jobs easier and more effective, thus looking for back-doors or to get them added to crypto software, or other work-arounds to the challenges on collecting information/evidence/intelligence without alerting the suspect(s). These limits and road blocks are good and absolutely necessary to a free society, but that doesn't mean these well meaning officers and agents don't get frustrated and try to seek other ways on occasion.

        But that desire comes from a desire to capture and see the guilty punished, yes it can, has and will in the future lead to overstepping bounds (occasionally egregiously), but that does not mean they joined for want of power or control. (Okay some may become police officers for such but not the FBI.)
  • Sure would be nice (Score:5, Insightful)

    by oic0 ( 1864384 ) on Thursday April 30, 2015 @05:45PM (#49590039)
    Sure would be nice if this were the new climate in D.C. instead of their current 1984 theme.
    • by Virtucon ( 127420 ) on Thursday April 30, 2015 @05:49PM (#49590073)

      I'm reminded of a political quote of late "How's that Hopey Changey thing workin' out for ya?"

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Bush's 2004 campaign motto: "A Safer World and a More Hopeful America". I think Obama followed through better, personally.

        "I like Ike". Eisenhower, 1952.
        "I still like Ike". Eisenhower, 1956.

        Now that's straightforward. And he delivered 100%, in that he had already won WWII, so absent some kind of time machine he couldn't have possibly failed.

      • by Martin Blank ( 154261 ) on Thursday April 30, 2015 @06:57PM (#49590455) Homepage Journal

        I despise people of any political persuasion making fun of any other side. I have Republican friends who have quoted the same line, and I call them on it whenever they do. I also have Democratic friends who refer to the other side by various names such as "Republitards" and I call them on it as well.

        We cannot have any kind of discussion as long as we're hurling insults at each other. We can disagree--even vehemently--but the moment we start telling the other side that they suck is the point where we start closing off discussion based on basic human emotional response.

  • how (Score:5, Insightful)

    by peragrin ( 659227 ) on Thursday April 30, 2015 @05:48PM (#49590055)

    How stupid must your plan be if politicians actually call it stupid?

    • Re:how (Score:5, Insightful)

      by Opportunist ( 166417 ) on Thursday April 30, 2015 @06:25PM (#49590289)

      Well, to be fair, this particular politician actually holds a relevant degree.

    • I'd say there are a few lobbying entities that would prefer their software isn't (aren't?) riddled with holes.
  • I just can't believe that an agency that (voluntarily, no less) works out of a headquarters named in J Edgar Hoober's 'honor' would have some ideas about encryption that are anything other than technologically cutting edge and fourth amendment compliant. They should probably just stick to doing their...special...brand of forensic science and leave policy to people who don't goose-step to the short bus every morning.
    • by account_deleted ( 4530225 ) on Thursday April 30, 2015 @05:55PM (#49590121)
      Comment removed based on user account deletion
      • Do you have a source for these problems with DNA analysis? Because I'd like to see it. It's my understanding that the FBI has always been on the cutting edge with DNA and has been pretty cautious in court testimony about it.

        The FBI for years used, in court, hair analysis, handwriting and audio experts that couldn't prove anything. They've all been proven to be pseudo sciences with no actual ability to prove anything with an accuracy better than random guessing. There are a LOT of people in jail based entire

        • I think he was mixing it up with the recent story about flawed hair analysis [washingtonpost.com].
        • I don't know of any FBI-specific issues with DNA work; but various crime labs have had issues with atrociously sloppy practices that tend to go unchallenged, or overtly hidden, for some years. The big FBI story is definitely the "yeah, we basically didn't do a single hair analysis right for two decades; also hair analysis in general is probably bullshit" issue.

          In general, DNA-based techniques have the advantage that they are actually 'science', as originally developed by scientists looking for useful res
    • would have some ideas about encryption that are anything other than technologically cutting edge and fourth amendment compliant

      They are asking for something that is forth amendment compliant. What do you expect them to do with a warrant when the device is encrypted? Beg the phone to decrypt itself?

  • by perpenso ( 1613749 )

    "Creating a technological backdoor just for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate.

    How is "a technological backdoor" restricted to just the good guys? I don't think we need to go to the Orwellian level to demonstrate how misguided such a notion is. The fact that bad guys will likely gain access as well should be sufficient.

    • by MBGMorden ( 803437 ) on Thursday April 30, 2015 @05:55PM (#49590117)

      That's kinda just restating what he was saying . . .

      • That's kinda just restating what he was saying . . .

        Perhaps I should have included Lieu's next sentence: "That's just stupid. Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have,"

    • This is what I was going to say. "Is there some sign that says 'good guys only' that stops bad guys from using it too?"

      • by vux984 ( 928602 ) on Thursday April 30, 2015 @05:59PM (#49590145)

        Bad guys have to set the evil bit; the software checks whether or not it's set. Really people, we've thought this through.

        • Bad guys have to set the evil bit; the software checks whether or not it's set. Really people, we've thought this through.

          Relevant RFC [ietf.org]

          • Bad guys have to set the evil bit; the software checks whether or not it's set. Really people, we've thought this through.

            Relevant RFC [ietf.org]

            You know, it's been years since I actually read that. The basic concept is funny, obviously, but the author took it much further. I'd forgotten such gems as:

            Because NAT [RFC3022] boxes modify packets, they SHOULD set the evil bit on such packets.

            Indeed, NAT boxes really should mark all their packets as evil, because NAT is evil.

            Oh, I also quite enjoy:

            In networks protected by firewalls, it is axiomatic that all attackers are on the outside of the firewall. Therefore, hosts inside the firewall MUST NOT set the evil bit on any packets.

            Oh, obviously. If you have a firewall, every host inside the firewall is perfectly safe. BWAHAHA...

        • by Opportunist ( 166417 ) on Thursday April 30, 2015 @06:27PM (#49590295)

          That's like the "do not track" thing in my browser, right?

      • by SeaFox ( 739806 )

        This is what I was going to say. "Is there some sign that says 'good guys only' that stops bad guys from using it too?"

        Maybe the real irony is the two are one and the same.

    • I agree this is stupid. Sometimes, though, I like to think of the best arguments I can for the other side's position. In other words, come up with reasons I might be wrong.

      In this case, I'd have to admit that ANY time I send an encrypted message, it should always have a way for the good guy to read the message. For example, suppose I use https to send a secure request to bank.com. That must have a way for the good guy, bank.com, to read the message. There's no technical reason it can't be encrypted su

      • by jafiwam ( 310805 )

        I agree this is stupid. Sometimes, though, I like to think of the best arguments I can for the other side's position. In other words, come up with reasons I might be wrong.

        In this case, I'd have to admit that ANY time I send an encrypted message, it should always have a way for the good guy to read the message. For example, suppose I use https to send a secure request to bank.com. That must have a way for the good guy, bank.com, to read the message. There's no technical reason it can't be encrypted such that TWO good guys have keys, bank.com and the Good Guy Bureau.

        In fact, standard encryption as used by tls does almost that - two people ALREADY have the key which is used to encrypt the message. The sender has the key and so does the receiver. The shared key is then encrypted by another key generated such that two parties can know it, without either ever transmitting it. Mathematically, one could certainly add the GGB key to the algorithm.

        It could be just as unbreakable as the current encryption standards, though those do depend on keys being kept secret. The Good Guy Key probably wouldn't actually be kept secret for long. That's the huge failing that makes it a non-starter from a purely technical perspective- that we'd all be screwed if the FBI's key were ever revealed or cracked. Various attempts at DRM show that widely-used keys are always cracked.

        Why bother with all that? The FBI walks in (or calls) the bank, and they hand over all your information just trying to be "helpful." This happens ALL THE TIME at ISPs and banks. Why do all the technical stuff to achieve it?

  • Since the revelations of Snowden have effectively changed nothing, does it even matter that members of Congress are publicly against the actions of the arm(s) of government that gathers the secrets?
  • by roc97007 ( 608802 ) on Thursday April 30, 2015 @06:00PM (#49590149) Journal

    from TFA, on "a back door just for the good guys": "Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have"

    Yes, agreed. But besides that, having the back-doors only available "for the good guys" is problematic for a number of other reasons, including:

    a) "the good guys" in this administration may be replaced by "less than good guys" in the next administration

    b) It only takes one "not so good guy" in the organization to take advantage of a back door for nefarious purposes (perhaps with the best of intentions)

    c) The existence of a back door "just for the good guys" assumes that there is no exploit that anyone could figure out with today's technology up to the technology available up to the retirement of the last piece of equipment that contained that particular back door (which might be decades). When you design a system, do you take into account the technology that will become available to break into it 20 or 30 years in the future?

    d) That the "keys" for such a universal back door would be so valuable that they would inevitably be sold by someone with access to the highest bidder, or because of political or religious motivations.

    ...and probably more reasons I haven't thought of at the moment. Put succinctly, a "back door" that's "only for the good guys" and remains such for any reasonable length of time is a virtual impossibility. That it exists at all means it will inevitably be exploited for personal or political gain at some point.

    The FBI might be better served by just being better at cyber break-ins than anyone else. This would allow them to do the monitoring they desire, and have the added benefits of making them work for access, rather than just go fetch passwords out of a safe, and develop some in-house expertise that could be used against real cyber criminals.

    Now that I think of that last part, if we really want the FBI to understand about cyber security, it's important from an evolutionary point to never give them easy access to anything.

    • by MightyMartian ( 840721 ) on Thursday April 30, 2015 @06:21PM (#49590273) Journal

      Agencies like the FBI, CIA and NSA have long relied on the general ignorance of the public, and even of Congress, on various technical matters. Further, they had their claws into academia and were thus capable of controlling the dissemination of information in regards to technical matters. These agencies still believe they are dealing with various kinds of ignorant rubes who will believe any technobabble their representatives care to spew. But this isn't the fertile ground for their particular brand of bullshit. The IT world is dominated by people of a rather different mindset, and while companies like Microsoft, Google and Apple couldn't really be regarded as friends of liberty, what they are is highly protective of their revenue streams. Crapola plans like encryption back doors and universal spying on their traffic is already damaging these companies' international reputations, and risks undermining many years worth the work of selling their platforms to foreign buyers.

      And this, as sad is it is, is why these agencies will lose. Not because any of the Captains of IT Industry or anyone in Congress gives a flying fuck about liberties, but because it poses a threat to profits. I guess the little guy has to accept that the enemy of their enemy is their friend, and hope the IT companies win the day, but what bothers is that we may win the battle, and lose the war, simply because instead of a bunch of government spooks spying on every bit that gets transmitted over the Internet, we'll have a bunch of corporate spooks.

    • What I want to know is: Why all the act about encryption? If there is going to be a backdoor, and everyone knows there is going to be a backdoor, and the backdoor is enforced by federal law, then why go through all this circus?

  • The FBI should have no trouble pulling it off then.

  • Clipper? (Score:3, Insightful)

    by Rainwulf ( 865585 ) on Thursday April 30, 2015 @06:30PM (#49590317)

    Its the fucking clipper chip fiasco all over again. Doomed to repeat the past....

  • by MoonlessNights ( 3526789 ) on Thursday April 30, 2015 @06:34PM (#49590359) Homepage Journal

    The best part about legislating what kinds of technology people can use is that only legal entities must abide by the law.

    So, the "good companies" or "good individuals" who agree with you are now penalized by having back-doors while anyone "bad" is "free" to use solid and effective tools.

    Bullet, meet foot.

    • Re: (Score:2, Insightful)

      Ah, but the whole point here is to keep the "good" people in line, not to actually spy on the "bad" people.

      And if they do serendipitously catch a "bad" person, they can lock them away for life for owning "illegal" tools.

      I think I've "forgotten" why we're using "air quotes" here.

    • by erice ( 13380 )

      The best part about legislating what kinds of technology people can use is that only legal entities must abide by the law.

      So, the "good companies" or "good individuals" who agree with you are now penalized by having back-doors while anyone "bad" is "free" to use solid and effective tools.

      Bullet, meet foot.

      Actually, this is useful from a law enforcement perspective. Much in the way that Al Capone was convicted of tax evasion rather than racketeering, anybody caught using illegal encryption could be arrested and convicted for that without having to prove that they were doing anything else nefarious.

      Bad idea for other reasons but definitely useful.

  • ... is just too much.

    Imagine Apple builds iPhones with a back door. That phone will not sell in any other country, right? If Apple wants to sell to Japan, Apple will have to put a Japanese backdoor into those devices.

    The Japanese will prohibit Apple from selling those to people in the US.

    Apple will have a brazillion adaptations of its iPhones to make every country happy and that's just not going to happen.

    We can bet our asses that some company somewhere will meet US market demand for clean encrypted phones

  • I'd like to see them slammed for their down-syndrome-level comment about Polish collaboration with the NAZIs. Von Braun anyone? They should be renamed the Federal Bureau of Manipulation.
  • Bravo for Representative Lieu, but he misses the whole point. The encryption doesn't matter if a Government is so big will harm you even when it is trying to do good. The problem is not the backdoors, it is the elephant in the room - a Government that is just to big and increasingly centralized. More Government power **necessarily** means citizens lose liberty. And the Democrats and Establishment Republicans are both bad at growing Government (and the associated debt).

    Power needs to be devolved back t

    • by PopeRatzo ( 965947 ) on Thursday April 30, 2015 @08:58PM (#49590839) Journal

      Power needs to be devolved back to States

      Have you seen your state government recently? Specifically, have you seen the state governments that are purporting to do the "small government" routine? Kansas? New Jersey? Wisconsin? They're economies are tanking, credit ratings falling, deficits ballooning. What, New Jersey's credit rating has been downgraded nine times since Chris Christie took office with a promise to return to "fiscal sanity through smaller government". And their legislators? They're too busy trying to make sure high school students aren't exposed to fucking AP history class and making that the Bible is the "official state book" to address anything serious. Because god forbid a student should learn how the railroads were really built. Or what our government was up to in Central and South America in the '80s. Or what "Trail of Tears" means. Or who the "robber barons" were. Or that the earth wasn't made in six days.

      States, Federal, it doesn't make a difference as long as it's government by, of and for the wealthy elite. And we've got SuperPACs spending tens of millions of dollars on local school board elections for chrissake. State legislators, the guys that used to be part-time politicians and full-time citizens, are almost as likely to become millionaires during their first two terms as your average federal congressman. Sure, you can make state boundaries mean something again, but remember, money doesn't recognize state borders. It doesn't matter if government is centralized. All that matters is that SuperPACs are centralized, because that's where the power lies.

      This fight between big government/small government/state/federal is just something to keep us busy while the elite are carrying off everything in sight. Your "elections" are nothing more than the circuses in "bread and circuses".

      • Well just to state the obvious, the benefit of less federal government and the power reverting to the states is that you, the voter, have more power to influence elections.
        • Well just to state the obvious, the benefit of less federal government and the power reverting to the states is that you, the voter, have more power to influence elections.

          Except you don't. Big money took over state elections at least 15 years ago.

          Before you are allowed to get to know a new candidate, they have already been through the "money primary" where rich guys have decided that the candidate is appropriately sensitive to their needs. By the time you know their names, you've already been shut out of

  • MoneyMouth (Score:5, Insightful)

    by PopeRatzo ( 965947 ) on Thursday April 30, 2015 @08:32PM (#49590765) Journal

    This story reminds me that it's time to go throw the EFF another $20.

    https://www.eff.org/ [eff.org]

  • by kenshin33 ( 1694322 ) on Thursday April 30, 2015 @10:05PM (#49591075)
    what was the lesson of FREAK ???
  • by account_deleted ( 4530225 ) on Thursday April 30, 2015 @10:55PM (#49591225)
    Comment removed based on user account deletion
  • Mandatory encryption backdoors pretty much means we become a backwards island as nobody else will willingly use our crypto. It's already become a valid concern over networking gear from US companies since the NSA has been shown to subvert them, when people are buying chinese gear because it's a better option security wise than US gear you have a serious image issue.

  • But (Score:2, Insightful)

    by MitchDev ( 2526834 )

    Who in America still considers the FBI, NSA, or CIA to be "the good guys" anymore?

  • I am a sub-contractor for a project that burns data onto encrypted FIPS compliant hard drives. If the FBI gets their way that puts us in breach of contract with another government agency.

Avoid strange women and temporary variables.

Working...