Non-US Encryption Is 'Theoretical', Claims CIA Chief In Backdoor Debate

Iain Thomson, writing for The Register: CIA director John Brennan told U.S. senators they shouldn't worry about mandatory encryption backdoors hurting American businesses. And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use U.S.-based technology because it's been forced to use weakened cryptography, they'll be out of luck because non-American solutions are simply "theoretical." Thus, the choice is American-built-and-backdoored or nothing, apparently. The spymaster made the remarks at a congressional hearing on Thursday after Senator Ron Wyden (D-OR) questioned the CIA's support for weakening cryptography to allow g-men to peek at people's private communications and data. Brennan said this was needed to counter the ability of terrorists to coordinate their actions using encrypted communications. The director denied that forcing American companies to backdoor their security systems would cause any commercial problems.

American Companies

[Anonymous Coward]

LOL, how quaint. As if a company belongs to a particular nation state. Freemasons 2016, huyah!

Sir Bush, president and knighted...

Can't decide

[fyngyrz]

I can't decide if Brennan is stupid, or if he thinks everyone else is stupid.

I readily admit this is not an uncommon reaction of mine when I read of the things presented by elected and appointed officials. The US government is a madhouse.

Re:Can't decide

[Jawnn]

I can't decide if Brennan is stupid, or if he thinks everyone else is stupid.

Judging by the universal cringe displayed by all the analysts and technicians who an actual understanding of crypto, I'd go with "a little of both". I just can't believe he's so clueless as to not understand that math doesn't recognize lines on a map, nor can I quite believe he didn't expect to get called out on his bullshit. Either way, it was a dumbass thing to say.

Re:

[zlives]

actually i would say he was telling the 100% truth. The target for backdoor is compliant American citizens that would only purchase approved and not legally blocked soft/hardware. This has nothing to do with terrorists, corporations or any one with any knowledge at all.

Re:Can't decide

[cayenne8]

I just can't believe he's so clueless as to not understand that math doesn't recognize lines on a map, nor can I quite believe he didn't expect to get called out on his bullshit.

Well, it isn't HIS cluelessness that is the problem here..is the his audience...the US Senators/CongressCritters that he speaks to in these hearings.

See, they are the ones that pass the laws that could mandate weakening software and forcing backdoors.

He may know perfectly well that this is a false and stupid thing to say, but it IS something the TLA's want badly...so, he tells them this and they think that it won't cause harm to US businesses, and they have, instead, just helped to fight the terrorists...and have their constituents be happy about this.

It is the ignorance of the lawmakers that you have to worry about.....and unfortunately they're getting their information from a guy like this, that wants what he wants, no matter the cost to business or the constitution.

Re:Can't decide

[Anonymous Coward]

I can understand how you'd make that mistake, but he's not clueless. It's much worse than that.

He's a man who knows that no one can challenge the power that he's amassed for himself, because the establishment is on his side. Surveillance is just a fact of life now, some people aren't going to give up their Facebook accounts until they die and he's grinning like the shit-eater he really is, because he's getting paid to take away the same freedoms they claimed they were "defending" after September 11th happened. People are legally required to pay money out of pocket straight into the hands of the same people who are supressing their rights to privacy and free speech.

If you knew that you were taken care of for life and there were no consequences to anything you did, no matter how horrendous, how would you act? These are the same people that had pictures of their torture at Abu Ghraib published around the world, a thousand-plus-page report on their methods published around the world and what did people do? Fuck all nothing, that's what. Brennan has that grin because he knows nobody is challenging him any time soon, period.

Re:

[CrashNBrn]

I'm opting for F'N-Batshit-Crazy - which could include him thinking everyone else is stupid.

Re:Can't decide

[bluefoxlucid]

If he's incompetent, the President should dismiss him from his post. (Executive)

If he's lying, Congress can impeach him.

Being so severely wrong so often is hazardous to your health.

Re:

[unrtst]

If he's incompetent, the President should dismiss him from his post. (Executive)

If he's lying, Congress can impeach him.

Being so severely wrong so often is hazardous to your health.

And when neither happens, then similar rules apply to both the President and Congress. This eventually trickles down to blaming the voters. The majority of voters are currently proving that point quite well in their handling of the current presidential election, so this should be no surprise to anyone that's conscious.

Re:

[bluefoxlucid]

Trump is good at persuasion and negotiation; it's part of business.

You're assuming the average person cares about policy details, facts, and logic... they don't...

The problem comes when you lay out facts and logic in short, concise form in front of someone people look to for leadership, and his only response is, "Uh, I don't believe that." You can get away with that to a very limited degree, even with the authority of popularity behind you; it's impossible to continue to look good when your attacks are cleanly parried and reversed.

Take Trump's talk about immigration, for example. Trump said we

Re:Can't decide

[Cro Magnon]

I can't decide if Brennan is stupid, or if he thinks everyone else is stupid.

The two aren't mutually exclusive.

Re:Can't decide

[whoever57]

I can't decide if Brennan is stupid, or if he thinks everyone else is stupid.

He thinks enough people are stupid, and, unfortunately, he isn't wrong about that.

Re:Can't decide

[kheldan]

He's the head honcho of the freakin' CIA, of course he thinks everyone else is stupid, especially politicians! How else other than overweening arrogance and likely a liberal amount of narcissism do you think someone gets that job in the first place? Strong work ethic? A strong sense of justice? LOL no, more likely successfully backstabbing all the competition and covering his tracks so thoroughly that nobody could pin anything on him!

It's politics, stupid

[Anonymous Coward]

You have to be not actually dumb to get high up in government. But you do have to have a certain capacity to believe in the institutional lies, or at least repeat them as if you mean them. They still institutionally believe in a rather simplistic device to the point that gaming the thing is a criminal offence, for example.

More to the point, this here is politics in action. He is furthering an agenda in front of an audience that made this agenda-pushing their day-and-night jobs, but who do not necessarily ha

Re:It's politics, stupid

[fyngyrz]

You have to be not actually dumb to get high up in government

o U.S. President George Walker Bush.
o U.S. Senator Ted Stevens.
o U.S. Representative Michele Bachmann.
o U.S. Representative Todd Akin.
o U.S. Representative Joe Barton

I rest my case. I could go on, but it's really quite painful to think about.

Re:Can't decide

[ceoyoyo]

Why does he have to root for a team? The US has a history, especially in cryptography, of assuming that the rest of the world is hopelessly behind them. Remember the export ban on strong cryptography? Remember the t-shirts with the RSA algorithm printed on them? This is just another aspect of the same thing. If the US doesn't provide the crypto, there's nobody else to get it from. Obviously.

Re:

[lgw]

"The US"? Each individual living here? Including all the US cryptographers pointing out how silly this was, and selling T-shirts?

Stereotyping whole countries by their sillier government acts is fine if were doing patriotic trash-talking, like calling people "Murcans" or "cheese-eating surrender monkeys" or "I know he wasn't Canadian, or he would have apologized afterwards". That's just being silly, but if you're going to do that, it's rude not to identify your side.

Re:

[ceoyoyo]

It's fairly common custom to use the name of a country when referring to official actions undertaken by that country. For example, "the US invaded Iraq."

In the specific case of a democracy, official policy is determined by the government, which is elected by the citizenry, so collective responsibility for national activities can be ascribed to those citizens, if you're into that kind of thing.

Re:

[ceoyoyo]

"Americans" is the collective term for citizens of the United States of America. "'Murricans" is a mild slur of "Americans." Americans are collectively responsible for this ass holding office. As such, he's representing you to the world when he says that the rest of the world is too dumb to implement encryption without American help.

Use of the slur seems reasonable in this case. If you collectively don't like it, get rid of the jerk. If you individually don't like it, stop taking criticism of the colle

Re:Can't decide

[myowntrueself]

I see that you use this slur a lot.

If you're American yourself, please stop taking your self-hatred out on those around you. Find a therapist instead.

If not, carry on. Yay patriotism! But do have the courtesy to call out what team you do root for: it's unfair to mock one team without allowing the same in return.

I honestly don't root for any team. IMO all governments are really just organized crime syndicates.

Re:Can't decide

[compro01]

Not sure where you're getting Sweden from, as Daemen and Rijmen are from Belgium and work at a Belgian university.

Re:American Companies

[St.Creed]

National companies and multi-national companies *do* belong to a nation-state. It doesn't show much, until they need someone to get their potatoes out of some hot fire somewhere. They can't just move and up, since they need ties on a personal level when you get into the big leagues. Not to mention the fact that if they have a lot of infrastructure somewhere, it's also physically difficult to move.

Let's assume corporations don't belong to a particular nation state. Like Disney. Could be Chinese, right? Mi Lao Shu and security guards with pink rifles. Works quite well in Shanghai - they are a minority shareholder though because, for some reason or another, the local company *does* belong to their nation state and the nation state knows it. Or take Coca Cola. Wouldn't hurt the brand at all if it incorporated as a Nigerian company tomorrow, I think. Or Mercedes. It could easily become an Italian brand. Would do wonders for its design, probably. Volkswagen could move to Rumania - their cars have the same amount of pollution as the old cars they have there so they wouldn't stand out so much.

But seriously: no company can do without the protection of a nation state because in the final analysis, a tug of war between competing business interests will eventually be decided with weapons. And that is the job of the nation state. And it will only defend it's *own* companies. Companies that don't have a protector will be at a severe disadvantage. Just consider what the support of the CIA meant for Boeing when it sank lucrative trade deals in the Middle East for Airbus because they had been tapping the trade negotiations and were able to provide tapes that proved corruption. Do you think that would have happened if it had been Airbus versus Dassault? Not a chance.

Comment removed

[account_deleted]

Comment removed based on user account deletion

The "response" should be an indictment.

[mrchaotica]

Under 18 U.S.C. ss. 1001 [house.gov], lying to Congress is offense punishable by up to five years in prison (or eight if the lie is terrorism-related). The correct "response" to John Brennon's blatant, politically motivated, criminal lie is to indict him, convict him, and send him to Federal prison where totalitarian freedom-hating enemies of the American public like him belong.

Re:The "response" should be an indictment.

[NatasRevol]

In theory, yes.

In practice, not a fucking chance.

Re:

[mrchaotica]

Speaking of "in theory," considering what the news is reporting about how the FBI is going after the wife of the Orlando shooter, wouldn't failure to indict make every member of Congress an accomplice?

Re:

[Megol]

No?

Re:The "response" should be an indictment.

[Immerman]

O course not. They're exempt under the thoroughly time-tested doctrine of "we have wealth and power, so the law doesn't apply to us unless we piss off someone even wealthier and more powerful"

Re:

[geekmux]

In theory, yes.

In practice, not a fucking chance.

If "practice" has been reduced to not-a-fucking-chance-in-hell, then US law is nothing more than a "theory".

I really grow tired of the American people supporting criminals who blatantly ignore the law, especially when those same Americans want to bitch about how fucked up things are.

Re:

[Anonymous Coward]

Well, given the fact that the Chinese are at least as smart and as technological advantage as far as public math goes as the Americans, and have more than enough money to do it and more than enough reason to do it, you could actually argue that this guy is advocating for a position where China can break American encryption, while using non-weakened encryption of their own (which there is no reason to believe to be any worse than the best American encryption).

So, well, what is the punishment for high treason

Re:

[bluefoxlucid]

High-treason is defined in the U.S. Constitution and is punished by execution.

Re:

[Bob the Super Hamste]

Good luck.

As much as I would like to see people like him sent off to federal PMITA prison it isn't going to happen. These guys are part of the protected class and they really need to screw over congress. Even spying and hacking into the Senate Intelligence Committee [cnn.com] servers didn't' get them into trouble, so I doubt anything will ever come of this. I just wonder what they have on the congress critters.

Re:

[LVSlushdat]

Under 18 U.S.C. ss. 1001 [house.gov], lying to Congress is offense punishable by up to five years in prison (or eight if the lie is terrorism-related). The correct "response" to John Brennon's blatant, politically motivated, criminal lie is to indict him, convict him, and send him to Federal prison where totalitarian freedom-hating enemies of the American public like him belong.

Oh didnt you know?.. 18 U.S.C. ss. 1001 ONLY applies to the unwashed plebs, ie: Joe and Jane Six-pack.. People like Brennon don't have to worry about violating any of those pesky laws..

Re:The "response" should be an indictment.

[mrchaotica]

The two Senators from my state plus Ron Wyden got emails from me on this issue before I posted on Slashdot. What did you do about it, mister shit-talking anonymous coward?

Re:Lies from Spies

[Bob the Super Hamste]

Seriously why?

I find that the Brits generally do a better job covering the US than the US news does.

Re:Lies from Spies

[wierd_w]

There would just be something like cyanogenmod that hits less than a year later. in fact, CM would probably issue a statement that they wont include the back doors.

CM is based on AOSP, and is wholly open source. If your device supports it, then you can use real crypto, while everyone else in the US gets to enjoy fake crypto.

The issue of course, is that you would need to encrypt so much, (because GSM and other hardware assisted crypto would be backdoored, so you have to put real crypto on top) that your battery goes flat very fast.

IMHO, the solution to that is for eurozone countries to mandate denying US variant GSM devices from working in their countries as an issue of national security. The corporate backlash would be intense.

Re:

[dpilot]

Gee, you've completely missed Russia and China. Of course both of those nations would probably applaud such a move on the part of the US, because it makes pursuing their desires easier.

It's time to remember the classification of encryption as a weapon, and invoke our second amendment rights, "If encryption is outlawed, only outlaws will have encryption."

Re:Lies from Spies

[ceoyoyo]

Android itself is open source. Anyone can download it. It's mirrored extensively outside the US. In terms of actual devices, by far the largest providers of those are non-American companies.

Android itself uses a linux cryptography library. Those libraries are likewise open source and extensively mirrored. Of the ones that could actually be said to have a particular nationality, most of them are not the US: https://en.wikipedia.org/wiki/... [wikipedia.org].

Seems like Android is an excellent example of how this guy is wrong.

Dumfounded at the ignorance

[fnj]

This halfwit is the best that the US can come up with to head their "intelligence" apparatus?

Re:

[tiberus]

What?!? Hey, guess neither of a new the US was an international leader in technology and encryption.

Um, yeah...

Re:Dumfounded at the ignorance

[pushing-robot]

When it comes to intelligence agencies, never attribute to ignorance that which can adequately be explained by malice.

Re:Dumfounded at the ignorance

[Kernel Kurtz]

He is worse than the terrorists.

Re:Dumfounded at the ignorance

[thegarbz]

This halfwit is the best that the US can come up with to head their "intelligence" apparatus?

You wouldn't come up with the same excuse given the following information:

1. You're standing in front of a group of people who consider you the expert.
2. You stand to gain a lot from forced backdoors and the job for your agency becomes far easier.
3. You have almost zero chance of being punished for lying through your teeth.

What would you have said? Personally I would have come up with the exact same thing and sugar coated it by saying all terrorists use all American technology.

Re:

[Bob the Super Hamste]

Statements like that aren't for the people who work for him, or even the /. crowd. They are for the consumption of the assorted idiots and defectives in congress [smbc-comics.com] as well as to placate the general populous that has know knowledge of how encryption works. He knows exactly what he is after and is positioning things so that he gets them even if he is lying through his teeth. Before the Paris attacks there were statements out of the FBI or CIA (I forget which) where one of their people said it would take a terro

Jobs Creator

[archatheist]

Glad to see that this fellow has figured out how to create new technology jobs in foreign countries. I didn't realize that was his job, but kudos nevertheless.

Re:Jobs Creator

[PCM2]

What's the saying? "When strong crypto is outlawed in the US, only non-US companies will have strong crypto"?

Re:

[ceoyoyo]

That cart has left the horse. US export laws caused much of the cryptography business to move out of the US decades ago.

Only "theoretical"?

[Anonymous Coward]

This guy is smoking some premium shit.

He realizes that many of the Nordic area countries in Europe have some really talented crypto people, and that it would take all of about 2-3 years for some seriously competing cryptographic solutions to hit the commercial space, right?

What will his precious 3-letter agency do when everyone stops sitting on inertia, and is compelled to create cryptography outside their control, while all the people in the US are forced to use the shitty crap he insists on-- you know, wh

Re:

[Opportunist]

"Purely theoretically" you could just take any OSS encryption implementation, audit the living shit out of it to ensure that none of li'l Jonny's backdoors remain and recompile it.

If that takes a WEEK I'd be surprised.

Re:

[sexconker]

Be sure to audit your compiler, the compiler used to compile it, 8 layers of firmware/uefi/bios, and the physical CPU itself.

Good thing all mathematicians are American then

[xxxJonBoyxxx]

>> (for crypto) there's no one else for people to turn to (mofos)

Well, it's a good thing that all mathematicians have always been and will always be American then.

Re:

[TheSouthernDandy]

You don't have to be a mathematician, you only need to be able to implement algorithms designed by mathematicians on computers. I think they called that profession "programmer" once, and there even used to be Americans who did it.

Re:

[chihowa]

No kidding. The current Advanced Encryption Standard in the US (Rijndael) was even created by two Belgian mathematicians.

Re: Good thing all mathematicians are American the

[AgNO3]

Im only aware of 4 countires, America,russia, china, and terrorizerstan. Clearly we must be the only smart people.

Black Hat Herring

[Lyle Thompson]

The issue isn't whether the rest of the world would use it. The question is how long until the backdoor is hacked. Knowing its there will make it a prime target. Is the US government willing to back up its confidence with a guarantee to reimbursed all losses for everyone using this technology? Only then could the claim that it wouldn't "cause any commercial problems" be at all plausible.

Re:

[msauve]

"Is the US government willing to back up its confidence with a guarantee to reimbursed all losses for everyone using this technology?"

You do realize that simply ends up being taxpayers footing the bill.

Better to hold CIA director John Brennan, and those congresscritters who support such backdoors personally responsible for the consequences of their actions..

Re:

[bluefoxlucid]

You do realize that simply ends up being taxpayers footing the bill.

Most people think money is wealth, and don't believe in labor and production. They think you work for money, and don't think about where all the shit they're buying comes from (aside from "CHINA!").

You can't eat money, as much as everyone seems to want to.

Countries outside the US are only theoretical

[presidenteloco]

Would be only a slight generalization of his view point.

A lot of people think this is how Americans think about the rest of the world.

We've heard it's out there, but it doesn't matter very much, as long as they have a McDonalds, a 7-11, and a Starbucks.

Re:

[PCM2]

The irony is that 7-Eleven is a Japanese company.

Isn't GnuPG German?

[HawkinsD]

Hold up there a minute, Mr SpyMaster. I think GnuPG (open-source implementation of PGP) is German. Or at least: " g10code GmbH, the legal entity employing some of the GnuPG hackers" is German.

My company has been using GnuPG for ten years.

See https://gnupg.org/ .

Re:

[Richard_at_work]

Britains GCHQ came up with public key encryption years before others, so its not as if the rest of the world cant do encryption theory...

Re:

[Anonymous Coward]

Also AES is based on Rijndael which was created by a couple of Belgium cryptographers lol

Dear Mr. Brennan

[Opportunist]

Jonny, listen. There is a thing called "compiler". That's a program that lets anyone around the globe take source code, that is like some sort of text that anyone who knows how to program can read (trust me on that one, anyone who can program can read this stuff. Just because you can't doesn't mean nobody else can, there is intelligence outside of your agency on the planet, ya know? Some of it even in people). That source code can also be changed by people who can read it. And then they put that source code

Re:

[rlp]

'Compiler' you say, yeah about that ... https://www.ece.cmu.edu/~gange... [cmu.edu]

Re:

[Opportunist]

That you audit the compiler first is a given. I mean, no later than this [slashdot.org] it's a given that the first thing you do when auditing source code is auditing the compiler for it.

Re:

[Megol]

Yes and the problem (theoretically) applies even to assembly code on a bare-bone system without an OS. It's actually worse than that for many systems as many have embedded control processors for power control, supporting secure boot etc.

Which is why the idea of open-source hardware is attractive even if it in itself doesn't plug all potential security holes...

what this idiot dont get is

[FudRucker]

if the Government spooks & goons can peek at your stuff then the criminals that are good at cybercrime will find a way to crack the key to the Government's backdoor

threat assessment

[micahraleigh]

The biggest threat to US security is US security.

It's not "theoretical."

[BarbaraHudson]

He shouldn't have said it was just theoretical. After all, how does he know for certain that it doesn't already exist and the US hasn't detected it?

idioic AND stupid because...

[evolutionary]

If it's known there is a backdoor people WILL find it. And the arrogance that only American companies can create encryption libraries is dumbfounding. We have China's Red Flag, edition of Linux, North Korea appearently has "Red Star" and I suspect Russia has their own version of Linux as well. It may a crime to use non-use encryption, but it will be there and used if people fear for their privacy. We recently had an event in France where the CIA tried to claim encryption was used to coordinate their operation, and it turns it...it had nothing to do with coordination. The best people will use method with less technology dependencies. This will only make it easier for people (terrorists or "partner" like China) to go through their backdoors to access data. . We seem to "terrorism" as an excuse for everything the same way we used "communism" in the Mccarthy days. the end doesn't justify the means

No, he's right

[LichtSpektren]

I took a trip to Europe last week. I tried using GPG but it told me that it won't encrypt anything because I'm not in the USA. Then I tried VeraCrypt but it made my hard drive fizzle out.

Re:

[gweihir]

Hehehehe, nice.

My Apologies

[Jesse Johnson]

I would like to apologize on behalf of the American people. Director Brennan clearly has no knowledge on the subject which he is speaking about and was advised poorly by his staff.

AES is Belgian

[chill]

The name of the algorithm behind AES is Rijndael -- a combination of the names of the Belgian cryptographers who developed it.

His utterings are in the running for either biggest lie of the year, or most ignorant.

Re:

[cryptizard]

It doesn't matter who developed it, the thing that doesn't seem to fit into his world view is that the details for all these encryption schemes are already out there. Anyone with halfway decent coding ability can implement them from the the specs to get an encryption library with no backdoor. And the crypto that we have now, by all estimations, should be more than good enough for the next few decades.

Considering how much

[nehumanuscrede]

the various agencies of the US Government tend to lie ( even to Congress ), I'm somewhat puzzled about why they even bother to ask questions of them anymore.

Perhaps Congress should forgo asking questions of the professional liars ( any intelligence agency ) and ask the tech world instead. I'm quite sure the likes of Cisco, Juniper, Apple, Google and many others ( assuming they're not secretly on the Governments payroll ) would have a much different perspective on the issue at hand.

Re:

[nehumanuscrede]

as an afterthought, it has been shown time and time again that even when they DO have actionable intelligence on a would-be terrorist, they typically fail to act on the information. So, other than spying for different purposes than what they would have us believe, I fail to see the point in giving them access if they're incapable of doing anything with it.

The only thing backdooring encryption will do is ensure the world avoids US made products at all costs. It will likely bankrupt several major companies

Re:

[Jason Levine]

Exactly this. Even if you could somehow, magically, prevent non-backdoored strong encryption from existing (and that would be some serious "rewrite the laws of physics" level magic there), your improved security from terrorists would be exactly 0. However, your vulnerability from criminals exploiting the backdoors for their own nefarious purposes would shoot through the roof. And that's not even getting into government abuse of their backdoor.

That is utter nonsense

[gweihir]

For example, AES is a Belgian design. The US has long since lost leadership in this. That is if they ever had it.

Incidentally, when did US TLAs catch any terrorists "coordinating via encryption" the last time? Oh, right, NEVER.

Is he saying that known crypto is broke?

[Nkwe]

As other posters have said, his words are those of an idiot.

Any possibly that he is actually saying that known crypto algorithms have been broken by the US? I doubt it, but it is interesting to ponder.

Then the tech company becomes non-US

[Bugler412]

Given that nearly every major tech company has large presence in multiple foreign countries, then they move their headquarters outside the US. For instance, I know for a fact that MS has contingency plans to move headquarters 60 miles up the road to Vancouver BC for some situations and given their presence in India, that likely wouldn't be much of a challenge either. I'm sure that most other big players are similar. They simply leave to avoid the law. Yay, great for America right?

The devil you know

[mamono]

Who's to say that some other country will do any better? I agree it is a poor move and will likely just end up being abused more against US citizens than espionage. However, it's not like the US is the only surveillance-happy country out there. The UK and China are as bad, if not worse. At least the US is being relatively transparent about their intentions. I doubt you would get much notification if China mandated that all its companies installed backdoors in their products.

Aiding and Abetting

[Sir Holo]

It would be "aiding or giving comfort to the enemies of the United States" – by encouraging them to take over for the US companies that this type of legislation would kill.

You or I would go to Federal Prison for that.

Gchq

[martin]

Who actually invented public key encryption first, oh yeah a British fella working for gchq one evening in his head cos he couldnt write it down

Response question

[DarkOx]

And how long does it theoretically take for some non US entity to grab some existing OSS code out there today, fork it an package it un-crippled?

Re:

[ceoyoyo]

Negative twenty years? Lots of open source encryption packages were started by non-Americans and specifically hosted outside the US in the 90s because of US export restrictions.

File under WTF, he seriously said that?

[Proudrooster]

The director denied that forcing American companies to backdoor their security systems would cause any commercial problems.

This is lie, an outright lie [theweek.com], and I hope he was under oath when testifying before congress. Absolute, outright lie! Liar, liar, pants on fire. Everyone email their representative and let them know the director outright lied to their face and cite the CEO of Cisco.

This will hurt American Tech in China. To interoperate, China will steal all corporate America's IP and integrate it into their products.

Dr. Mr. Director of CIA, your reality distortion field is NOT WORKING! I am still in disbelief. This is how

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

'American Companies Dominate'

[Jason Levine]

Another article [morningconsult.com] has more of the exchange:

Sen. Ron Wyden (D-Ore.), another committee member and staunch privacy advocate, has pilloried proposals to give law enforcement access to encrypted data, saying bad actors would simpy use foreign-based encrypted messaging apps. Brennan argued at the hearing that such a concern was theoretical because “U.S. companies dominate the international market as far as encryption technologies that are available through these various apps.”

Warner [Sen. Mark Warner (D-Va.)] questioned Brennan’s assertion. “Two thousand apps a day are added to the phone store. Over half of those are foreign-based entities,” he said.

In a statement following the hearing, Wyden countered that allowing government access to encrypted platforms “would not stop terrorists from using strong encryption and it would undermine American competitiveness and Americans’ digital security at a time when the threat from foreign hackers and cyberattacks has never been greater.”

Let's allow the assumption that American companies currently dominate the encryption field. We'll say that's true. How long would that dominance that last if foreign companies used strong encryption and American companies used hobbled encryption left vulnerable to the American government and hackers? Thank goodness for Warner and Wyden for pointing out how idiotic Brennan 's assertion was.

Re:

[fnj]

Let's allow the assumption that American companies currently dominate the encryption field.

Let's not. Let's not even allow that COMPANIES dominate any technology. I think the words you want are "worlwide" instead of "American", and "scientists" instead of "companies".

Completely incompetent or lying? No need to answer

[Anonymous Coward]

The AES encryption algorithm is Rijndael, which is Belgian
The runner-up for the contest for becoming the AES standard was Serpent, which was a British/Danish/Israeli collaboration.
Third place went to the Twofish algorithm, designed by Bruce Schneier, a US citizen who happens to be a vocal opponent of backdoors.

The "main" encryption du jour happens to be from outside the USA. The best alternative is also from outside the USA. Of course, the nationality of the creators doesn't matter - the USA is able to make

he is a drooling moron...

[Lumpy]

Oh dear god, really? This is why we are ineffective. The men in charge are idiots, morons and buffoons.

Re:

[Opportunist]

The problem with Johnny is that he knows so little that it's hard to say whether he is actually trying to bullshit you or whether he really believes what he says.

Re:

[Bob the Super Hamste]

Shut your filthy Commie Islam loving pie hole. /sarcasm

Although it does look like AES 256 has some problems with related key attacks. [iacr.org]

Re:

[cryptizard]

There are no significant protocols or implementations that use related keys though, this attack is purely theoretical. Also, 2^100 work is still out of the range of reasonable attackers for the foreseeable future.

Re:

[Bob the Super Hamste]

All true and and effort of ~2^100 is huge requiring massive amounts of energy even on an ideal computer, I believe a significant percentage of the total worldwide energy production for an entire year. My point was that AES 256 is turning out to not be as strong as believed and for this type of attack is weaker than AES 192. There are other [wikipedia.org] options [wikipedia.org] out there [wikipedia.org] but are not as fast but were considered to have a high security margin instead of just a moderate [wikipedia.org] one [wikipedia.org] during the AES competition [wikipedia.org].

It may be time to hav

Re:

[gweihir]

Well, banks all over the world use it for the most critical transactions. But since all the money is electronic, I guess in some sense it is "theoretical money" and banking is a "theoretical business".

Re:

[cryptizard]

Most encryption is not developed by US companies, it is developed by academics, who are famously difficult to censor or control. Also as other people have said, lots of those academics are not Americans.

Re:

[ceoyoyo]

Yeah, I had that thought as well. Except I think I'll start a bank.