Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Cellphones Encryption Government United States

FBI Again Calls For Magical Solution To Break Into Encrypted Phones (arstechnica.com) 232

An anonymous reader quotes a report from Ars Technica: FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem, the idea that the prevalence of default strong encryption on digital devices makes it more difficult for law enforcement to extract data during an investigation. However, in a Wednesday speech at Boston College, Wray again did not outline any specific piece of legislation or technical solution that would provide both strong encryption and allow the government to access encrypted devices when it has a warrant. A key escrow system, with which the FBI or another entity would be able to unlock a device given a certain set of circumstances, is by definition weaker than what cryptographers would traditionally call "strong encryption." There's also the problem of how to compel device and software makers to impose such a system on their customers -- similar efforts were attempted during the Clinton administration, but they failed. A consensus of technical experts has said that what the FBI has asked for is impossible. "I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available," Wray said Wednesday. "But I just don't buy the claim that it's impossible. Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe."
This discussion has been archived. No new comments can be posted.

FBI Again Calls For Magical Solution To Break Into Encrypted Phones

Comments Filter:
  • And yet again... (Score:5, Insightful)

    by Travelsonic ( 870859 ) on Wednesday March 07, 2018 @04:34PM (#56223679) Journal
    FBI mouthpiece is a fucking idiot. Jesus Christ, why is listening to people who clearly know better than them so goddammed difficult?
    • Because they don't work in the FBI

      Nobody is interested in "knowing better". They simply say what they are told to say, or they get fired.

    • by gweihir ( 88907 ) on Wednesday March 07, 2018 @06:56PM (#56224491)

      These people think _they_ define how reality works. They think that laws and power can change reality. They have no understanding that mathematics and engineering are far close to actual reality than their fantasy of how the world works will ever be. As such, once they think they have enough power to demand things, they become a serious problem.

      • by rtb61 ( 674572 )

        Well, that actually goes with the territory. I have dealt with the same thing all over as tech expanded. Lazy useless people demanding tech do their work for them and I would advise them quite simply, if tech could do their work for them, why would the company employ them.

        So poorly performing lazy FBI agents demand tech do their job for them, sit in their office whilst pretending to do great investigative work but in reality just spying on everyone, more often than not their next hopeful sexual conquest or

    • by pots ( 5047349 ) on Wednesday March 07, 2018 @07:19PM (#56224627)
      He's just using the term "strong encryption" in a non-technical way - he's using strong in a subjective sense. He means "sort of strong-ish." If you just leave out that part of what he said then there's nothing weird about his comment.

      Also, calling the director of the FBI an "FBI mouthpiece" is not really what the word mouthpiece is intended to convey.
    • by raymorris ( 2726007 ) on Wednesday March 07, 2018 @07:59PM (#56224833) Journal

      Imagine I want to tell Travelsonic something secret. I don't have his email address or any other way to contact him other than posting here, for all to see. My desire is to post openly, where everyone can read it, but only Travelsonic can tell what it means. We have no means of agreeing on a secret password or anything.

      Cryptography experts tells us that's impossible. Or was impossible, until Diffie and Hellman figured out a very clever way to do it. Diffie-Hellman key exchange is now used all the time, of course. It's a brilliant solution to a problem that seemed impossible for many years.

      Therefore I don't think it's unreasonable to say "I understand we don't have any way to X, but it's possible that some clever innovation can somehow achieve this goal, something nobody had thought of yet.". In his remarks he acknowledged that there is not a solution, currently. He said he's not proposing any law or regulation, because there isn't any law that could make sense right now. He's right, most any such law that could be passed today would be bad.

      In fact, I happen to know of some innovative ideas that partially solve the need. It's possible to do encryption in such a way that you can't read the message, but you can check if the message has certain strings in it. You can build a chip that, without revealing some fact , cryptographically proves that the fact is stored in the chip.

      Simple salted hashing of text and call message numbers makes it impossible to know who someone called, yet still possible to answer whether they called one specific number. So the FBI could find out whether a suspect called Muhammad Atta, without being able to tell who else they called. This isn't super-advanced technology - every web site that has password login uses salted hashes, or should be using them.

      I'm fact saving only the salted hash of the numbers you call and text would be MORE SECURE than what your phone does today.

      This guy may, five years from now, propose something stupid. If so I'll oppose it. I don't see expressing a desire to consider what innovative solutions might solve certain needs, with a search warrant, as stupid. Such a search might have some uninformed people making dumb proposals, but he made none in this case.

      • The problem might be easier for people to mentally deal with if you shuffled things around. I would suggest looking at it from the position of "Peggy wishes to prove to Victor that her cell phone has not been used to call Carol, but without risking revealing anything else." Presume that somebody may be wanting to clear themselves without giving away any more of their privacy than absolutely necessary.

        • That's certainly doable, and a good way of looking at it.

          Also in these discussions we should keep in mind the difference between *with a proper warrant*, based on probable cause, vs random searches such as a the border. In my opinion, for someone whose *job* is to catch bad guys, mostly very bad bad guys, and get evidence of what happened, it's not unreasonable for them to say "I'd like some of the really smart technical people to think about how we investigate crime in 21st century without impacting secur

          • It'd also be important to keep in mind that the it protects privacy outside of the scope of the search--which means you might want to have it so either the consent to the search or the warrant must contain a complete list of what strings will be checked for, which won't prevent additional strings from being checked for but will keep it out of court.

            But the same tools that let Agent Victor catch very bad bad guys would enable Peggy to clear herself with a minimum amount of compromising of her privacy. It sh

    • I'm waiting for Warren to get on the bandwagon and fuck this guy up. Unfortunately, she's a lawyer, and not technical enough AFAICT. I'll work on this with her once elected; she's quite intelligent and, I'm certain, will enjoy having a few more lethal weapons in her belt.

      If her Senate career doesn't pan out, I'd be happy to see her appointed to succeed Ruth.

  • Also (Score:5, Funny)

    by 93 Escort Wagon ( 326346 ) on Wednesday March 07, 2018 @04:35PM (#56223691)

    I'd like a magical pony. I know magic doesn't exist, but that shouldn't mean I can't get a magical pony.

    • by Falos ( 2905315 )

      > magic doesn't exist

      I just don't buy that claim.

      Our education systems needs to be thoughtfully designed so they don't undermine our ability to keep pace with international wizarding schools.

      And I'm going to put man hours behind my opinion. Tax dollars. Legislation.

      • So what you're really saying is: You're a Dominionist?
      • Our education systems needs to be thoughtfully designed so they don't undermine our ability to keep pace with international wizarding schools.

        No, we just need high tariffs on international magic imported into the US.

        Or exported, imported or otherwise traded anywhere else in the world. The IRS could greatly increase tax revenues by taxing the incomes of foreign nationals living and working abroad.

        The TSA can staff domestic wizards to detect those trying to smuggle cheap, foreign magic into this Grape Kool-Aid Nation!

        Those wizards caught at the border will be turned into newts!

    • by gnick ( 1211984 )

      I know magic doesn't exist...

      Gravity is magic. Anything I don't understand is magic performed by the gods.

      • Re: (Score:3, Funny)

        by Anonymous Coward

        Gravity is a NASA hoax. The disc that is Earth & its counterpart anti-Earth have been accelerating away from each other at 9.8 m/s/s since they split, driven by the strong repulsive force between matter and antimatter. We will never reach the speed of light. For an explanation why, I refer you to Einstein's papers in their original Hebrew. NASA heavily censored Einstein during translation.

      • by PPH ( 736903 )

        Magnets [kinja-img.com] are magic.

    • I'd like a magical pony. I know magic doesn't exist, but that shouldn't mean I can't get a magical pony.

      A magical pony ought to be able to exist in spite of magic not existing, because it can use its magic to circumvent the lack-of-magic.

    • The FBI should come back to us when the government's three-letter agencies actually manage to keep a secret for more than a few years. Do they really think the public will trust them to keep these figurative "keys to the kingdom" secured, when we've seen time after time after time they can't keep their own secrets from leaking?

      Technically speaking, it's pretty straightforward to design strong encryption that can be unlocked with multiple keys. The "magical pony" part is the human factor, which will inevit

      • Re:Also (Score:4, Interesting)

        by Koby77 ( 992785 ) on Wednesday March 07, 2018 @08:30PM (#56224947)
        Along those lines, how about for any communications system that the FBI should propose, they have to implement it onto themselves and their own communications systems/email/cell phones first, for 5 years. And they have to give the "magic key" or whatever they want to call their encryption backdoor, to some public figure who will constantly audit them. If the FBI balks at their own proposal, then we can reasonably assume that it won't work.
  • by ArtemaOne ( 1300025 ) on Wednesday March 07, 2018 @04:36PM (#56223697)

    There is no security when a backdoor exists. Once it is known, everyone will work to get in, and you wont find out it was cracked until it has been heavily exploited.

    • by gweihir ( 88907 )

      Every actual expert knows and understands that. These people are not experts in this field and they are not experts in any other field that has hard laws and realities. Hence they do not understand this is a statement of fact and think it is negotiable. Or in other words, these people are not only stupid, they are utterly disconnected from reality. That is why they keep asking for something that is impossible. And, of course, these people are dangerous, because they will continue to do damage as they think

    • How much data is actually on "the phone?" My phone is a thin client device that connects to "the cloud." If I forget my password I simply reset it.

      Mind you I'm not a criminal. But is there really secret data exclusively on the phone? Or is it simply that they need to figure out what the accounts are so that they can call the Help Desk to get the passwords changed?

      My cell phone provider keeps track of all the data and hostnames that the cell phone connects to. I can see it as part of my "how much data

  • by DeplorableCodeMonkey ( 4828467 ) on Wednesday March 07, 2018 @04:38PM (#56223707)

    But it turns out that a $5 wrench turns out to be as good as key escrow.

    • by Sloppy ( 14984 )

      it turns out that a $5 wrench turns out to be as good as key escrow.

      Not just as good; it's better. If a copy of a key is made and someone accesses it, how will the victim know? No due process.

      OTOH, if you physically attack or threaten someone, they know it happened. Unless you murder them or keep them kidnapped without access to their lawyer, a judge is eventually going to find out what you did. Due process will happen.

      Ergo, a civilized society will choose $5 wrenches as a better solution to "the going dark

  • by bobdehnhardt ( 18286 ) on Wednesday March 07, 2018 @04:40PM (#56223719)

    Anytime someone says they support strong encryption but want to be able to bypass whenever they have the need, my head wants to explode. Any bypass, back door or master key, no matter how well designed, perfectly implemented, or zealously protected, fundamentally weakens the encryption they claim to support. If a way around the encryption exists, someone will find and exploit it. Pure and simple.

    I'm all for law enforcement being able to do their job. But I'm also all for strong encryption - my job in information security depends on it, and the sensitive information of millions of people would be at risk without it. Encryption is a tool, like a hammer: people with bad intent can use it to build harm as well as upstanding citizens can use it to build good. I'm sorry, but law enforcement needs to find another way to get to those nails, rather than make hammers defective for everyone.

    • by swillden ( 191260 ) <shawn-ds@willden.org> on Wednesday March 07, 2018 @05:56PM (#56224139) Journal

      Any bypass, back door or master key, no matter how well designed, perfectly implemented, or zealously protected, fundamentally weakens the encryption they claim to support.

      The FBI is asking for something infeasible, and probably a bad idea even if it were feasible (see my comments here [slashdot.org]), but this is not true. Modern cryptography provides us with ready tools to do this sort of thing. Escrowing of keys, protected by public key encryption, is very well understood. It's actually pretty common in enterprise system configurations for the crucial keys on employee devices to be escrowed with the enterprise to enable it to recover data from the device in the event of employee unavailability (death, termination, etc.). What the FBI wants is fundamentally the same thing, but on a vastly larger scale.

      And it's the scale that makes it infeasible. Secure key management is hard even on a small scale, and it gets exponentially harder with scale and with the number of parties involved. In addition, there are all kinds of hard-to-handle corner cases. In the enterprise case, those are addressed with a combination of fiat -- employees must do whatever needs to be done to enable the key escrow -- and acceptance that sometimes stuff happens and data gets lost. In the FBI's scenario, the first of those is impossible and the second is unacceptable. Enterprises don't generally have to contend with employees deliberately subverting the escrow system.

      So, yes, this is a bad idea, but not because it's fundamentally impossible as you say, but because it's just way too hard. Especially since we haven't managed to figure out how to secure consumer devices at all yet.

      • I've devolved straight to MOTHERFUCKER NO. I'm not debating, not engaging, not explaining why you don't need that and won't get that.

        Want a pony? MOTHERFUCKER NO. But why not? NO. But why though? BECAUSE NO.

        When they have some idea of what this will look like ill go back to explaining but not before.

        • I've devolved straight to MOTHERFUCKER NO. I'm not debating, not engaging, not explaining why you don't need that and won't get that.

          That works when you have the power to say no, which isn't the case in this situation. If Congress enacts a law requiring backdoors, companies will have to choose between complying as best they can, or just exiting the business, which means they'll comply. It's crucial to debate, to engage, to explain, to prevent that from happening. We must make people understand why this is a bad idea, and just saying "it's impossible" won't work, because the other side can find someone to show that we have the cryptograph

    • by gweihir ( 88907 )

      Law enforcement must be carefully limited in what they can do and also carefully monitored. Otherwise you end up in a police-state and eventually in full-blown fascism. It is not the purpose of law enforcement to be able to solve every crime or even most of them. It is also not their purpose to enforce morals or be able to access everything on computers. What is their purpose is to make sure crime does not pay on average. They are already failing at that task often enough, just think of how many banksters a

  • But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe.

    So here's what the industry should do...

    Yes, you can use strong encryption on your phones. You then provide a super-convenient way for your customers to unlock their phones via biometrics. Then you convince the courts that, while they can't compel you to give up your password, there's nothing wrong with forcing people to unlock their phone with their fingerprints, face, etc.

    There. Problem solved. You still have strong encryption but the government can compel you to use your fingerprint to unlock your ph

    • by gweihir ( 88907 )

      Biometrics can be stolen. And when they are stolen, there is no way to change them. Has been known to any actual expert for decades.

  • by iggymanz ( 596061 ) on Wednesday March 07, 2018 @04:43PM (#56223737)

    The FBI was watching the 9/11 attackers to see what they would do. The FBI was warned by Russia about the Boston marathon bomber. FBI was given tips about Florida school shooter.

    Yeah, FBI, keeping America safe.....keeping the government safe from its citizens anyway.

    • by gweihir ( 88907 )

      Indeed. What they are doing is performing a show that keeps the average citizen believing that everything would go up in flames without them. They are applying the technique of the "Big Lie".

      • it's even better than that, don't forget where the FBI seeks out low IQ impressionable losers, befriends them and fills their minds with crazy violent talk and ideas over months, then gives them access to fake bomb materials or guns. Then they swoop in to arrest them in what is trumpeted as a "great victory in the war on terror" with mutual back patting and cock sucking all around.

        False Flag Attacks, Incitement, etc.

        • by gweihir ( 88907 )

          Of if you have no real threats to keep up the pretense that you are useful, just create a fake one.

    • From what I remember the FBI wasn't watching the 9/11 terrorists, and that was the problem. The CIA had a team that was doing that work while the terrorists where outside of the USA. When some of the terrorists traveled to the USA an FBI agent that was working with the CIA team tried to bring in the FBI. The CIA leadership over that team threatened the FBI agent into silence because they were afraid of losing credit for eventually catching the terrorists in the act. Of course that didn't work out so well be

  • ... for TSA luggage locks. I can pick up a set of luggage lock keys from Alibaba for $5. Sure feel like my luggage is secure knowing any joker can get the key to open my luggage, even if the TSA agent himself doesn't steal things from it.

    • even if the TSA agent himself doesn't steal things from it.

      And that's a BIG if.

    • Sure feel like my luggage is secure

      There is a concept called "appropriate levels of security". I'm sure it has an official name, but that's what I'm going to call it for now.

      If you thought the TSA luggage lock was intended to provide "security" in any absolute sense, then it is your worldview that needs adjustment.

      What is the purpose of the lock? It cannot be to provide "security", because most likely your luggage is soft-sided. A simple box cutter or pocket knife will open it up. If it's hard sided, then a blow with a two-by-four will c

      • by tlhIngan ( 30335 )

        TSA locks, when opened with a TSA key, will pop up a flag that can only be reset with the real key. So you know the TSA has rifled through your baggage because the lock will indicate it was opened.

        Lock makers aren't dumb. They know there's a backdoor, and the best they can do is indicate when the backdoor was used.

        The problem with encryption is there's no way to design it with a backdoor that indicates a backdoor was used that can be reset only by using the proper decryption key. It's just a software flag a

  • by Sebby ( 238625 ) on Wednesday March 07, 2018 @04:47PM (#56223767)

    Oh so they want full trust do they? Well, if they want us to trust them - trust by the way, that they have repeatedly proven that they have not earned or deserve - then there must be these conditions in cases of violation...

    If any individual in that organization violates any of the rules set out to protect people's privacy, in any way, shape or form, either directly or indirectly, then they must, must be punished!

    And I do mean punished. They should be terminated from their position - immediately - without pay. They forfeit any severance. They forfeit their retirement fund. They forfeit any future government employment in any level of government. They forfeit their current life savings. They forfeit their house. Basically, do the whole 'asset forfeiture' stuff to them.

    And let's not just stop at that individual. Their entire department/division should also be investigated. Everyone in it should be interrogated. Their families too. Any found complicit should suffer the same punishment. That'll keep everyone on their toes, making sure others aren't violating the rules, avoid them protecting each other or higher ups under some code of silence, or try to frame just the one individual to avoid getting caught.

    Basically, they should be treated just as they've treated past whistleblowers. Anything less means they really just get carte blanche to violate the rules at their leisure.

    Any why no due process? Simple: if they break the rules, they can't be trusted - the very basic thing they're demanding. It's their job not to break the rules. Don't do the job, get fired! Break the rule, get punished!

    If I tell you "don't push that button" then you turn around and push it, it's the same thing: Your job was to not push the button. It required no effort to not push the button!! You couldn't follow the basic rule; in fact, you deliberately went out of your way to break it. If you do push the button, you can't be trusted. Why should I trust you if you can't follow the rule?

  • Actually, the FBI is on the front line fighting cyber crime and economic espionage

    So it looks like a US agency has finally decided to take responsibility for our nation's information security disaster!!!

  • by schklerg ( 1130369 ) on Wednesday March 07, 2018 @05:05PM (#56223857)
    Simple fix. Tariffs. It will solve the encryption imbalance and make phones great again
  • by Cajun Hell ( 725246 ) on Wednesday March 07, 2018 @05:06PM (#56223871) Homepage Journal

    "But I just don't buy the claim that it's impossible"

    Ok, fine. Don't believe it.

    But if you're honest, you'll definitely recognize that everyone else believes it. Apparently you're the one smart person in America, and you're surrounded by fools and so-called "experts" who lack your insight.

    Now prove everyone else wrong, inventor Christopher Wray.

    • by Akili ( 1497645 )

      "But I just don't buy the claim that it's impossible"

      Ok, fine. Don't believe it.

      But if you're honest, you'll definitely recognize that everyone else believes it. Apparently you're the one smart person in America, and you're surrounded by fools and so-called "experts" who lack your insight.

      Now prove everyone else wrong, inventor Christopher Wray.

      I was looking for a comment like this, and I'm glad I wasn't disappointed!

      It feels Dilbert-ish, really.
      "But I just don’t buy the claim that it’s impossible." = "I will reject what you say to me until you say what I want to hear."

      In the same way that technology doesn't respect copyright (how many copies did you make of this to see it on your screen?), it doesn't magically know when the law now states 'okay, because of a court ruling, I shall no longer do what I was designed to do.' It is

    • But if you're honest, you'll definitely recognize that everyone else believes it.

      There are some truths that are truths because everyone believes them. There are other truths where it doesn't matter how many people believe it, it simply isn't true. Technology tends to fall into the latter category. Sociology is the former.

      For example, "everyone" believed that analog AMPS cell phone calls were private and couldn't be eavesdropped on. Oh, wait, if I tune my TV up around channel 64 or so I can pick up your cell phone call! Clear as a bell. Both sides. It's even easier if I tune my DC-to-da

  • by King_TJ ( 85913 ) on Wednesday March 07, 2018 @05:08PM (#56223881) Journal

    If you want a pretty decent example of this, look at the encryption methods used in such things as DirecTV or Dish Network receivers. For many years,the "smartcards" containing your authorized programming were hacked in a cat and mouse game. You had to buy this programmer devices or that piece of PC software to keep up with it, but it was absolutely possible to unlock those things so you had all the programming without paying (or with just paying for a bare minimum subscription to keep something flagged as an active account).

    Then, both of them discontinued their existing card technology and rolled out mandatory upgrades, and the hole was effectively sealed. Nobody I'm aware is really hacking these things anymore, in any big commercial way?

    As I understand it, many of the previous hacks were really the result of leaks.... Someone was paid off to reveal a way to access the card and modify it.

    That's always going to be the "weak spot" ... having such a hole that you're aware of and leave in there for internal use. If you give keys to a "trusted third party" like the FBI -- same problem only amplified because now the info exists both with the manufacturer AND the agency holding the keys. Twice as likely it will get leaked out by somebody, somewhere.

  • ship these guys a few kilograms of good quality Cocaine. It seems clear that they are starting to be able to talk after the last lot, but are not yet making sense. It is probably simpler and more effective for everyone if we just push them back into their drug induced addled fantasy world that to try to sober them up and break the bad new that what the rocks told them just is not true.

    That way: they'll be happy and we'll all be happy!

  • by Rick Schumann ( 4662797 ) on Wednesday March 07, 2018 @05:13PM (#56223925) Journal
    This has nothing to do with encryption. It has little to do with Law and Order. It has to do with CONTROL. Let's face the facts: The vast majority of law enforcement, whether they admit it to even themselves or not, are in it because they want CONTROL of as many people around them as possible, and law enforcement careers give them that. They could investigate crimes and enforce the law regardless of encyption, but the fact that they can't CONTROL companies like Apple and force them to do as they are told, when they are told, without question makes them so angry that I'm sure they think about just putting a gun to Tim Cook's head and threaten to blow his head off unless he knuckles under and does as he is told to do. Surprise, surprise: many of our politicians aren't much better! They get into politics because they want power, and being an elected congressperson gives them that. They may not carry guns, but they still wield power, and in their anus-clenched-so-hard-they-could-make-diamonds obsessive-compulsive ultra-A-type personalities, they can't tolerate not knowing everything about everyone, immediately, without delay or reason why. So we have what we've got here today: a bunch of thugs with badges and guns, and a bunch of elected old farts who shuffle papers and make back-alley deals, and they all want to sift through your underwear drawer when you're not home. Naturally, they all need to be told to fuck the fuck off, not yours, you can't have it -- and they need to continue to be told that, ad infinitum.
    • by gweihir ( 88907 )

      And that is exactly it. They cannot stand that somebody tells them "no" and actually can get away with it (because facts).

  • If you design a flawed lock, with many keys, developers will design a better lock. This problem will never be solved because there will always be groups who don't and won't allow others into their data. Even if the government passes laws requiring flawed locks, not all developers will listen. I'd rather give my device up, then allow law enforcement in, without the right to total privacy, you may as well have non at all.
  • by kwbauer ( 1677400 ) on Wednesday March 07, 2018 @05:19PM (#56223957)

    I have been hearing Liberals and Progressives telling me for 2 weeks non-stop how the US Constitution only gives me the right to use whatever tools were in existence at the time it was written (or amended). Personal computing devices most certainly did not exist in the early 1790s when the amendments known as the Bill of Rights were adopted so they cannot possibly be covered by the 4th Amendment anymore than television and radio are covered by the 1st Amendment.

    Don't like it? Then get of the Leftist bandwagon trying to completely ignore one-tenth of the Bill of Rights and stop promoting false ideas about what rights we have.

    If you support a string of lies against one right, those same lies will be used against your interests in regards to other rights.

  • According to the news lately, there seems to be no shortage of private firms who are willing to do this work for them.

    But, this probably isn't about ' criminal ' phones is it ? They want the ability to get into any phone on demand. Having another firm do it for you creates all that nasty paperwork that can come back to haunt you later.

    If they can do it in house, then they really don't don't need to ask permission.

  • by swillden ( 191260 ) <shawn-ds@willden.org> on Wednesday March 07, 2018 @05:44PM (#56224085) Journal

    As a lead cryptographic security engineer on the world's largest operating system, I think I have pretty clear visibility into the problems and potential solutions... and the truth is that while there's no information-theoretic reason why a law-enforcement access system couldn't be built while keeping the systems secure from everyone else, I have zero confidence in the industry's ability to do it in the foreseeable future.

    The truth is that we have not been able to build truly strong security into consumer devices yet. We're getting closer. The work that Apple has done is excellent, and I think the Pixel 2 is even better, but the fact is that devices still get popped with monotonous regularity. The most we've been able to achieve so far is to raise the cost of extracting data from them, as the FBI found out when they were able to pay for the extraction of the data on the San Bernardino shooter's phone.

    The FBI is asking industry to "innovate" in the same way that NASA might ask SpaceX to innovate by producing a fully reusable direct-to-Mars-and-back passenger spacecraft. Sure, there's no reason it's physically impossible, but we're quite some distance from being able to get live people to Mars at all. The FBI wants to build a secure back door while we're still working out how to make sure the hinges are mounted on the inside of the front door and the lock isn't easily pickable.

    All of this, of course, is addressing the question of technical feasibility. A separate, and perhaps even more important, question is whether or not it should be done even if it could, and what sorts of protections it would require. Mobile devices are repositories of far more personal information than any other single, non-living source has ever been. I think something more than a simple search warrant should be required -- again, assuming it were even possible.

    • Re: (Score:3, Insightful)

      by rmandevi ( 2168940 )
      I call BS on this, and even on your so-called credentials. "A lead cryptographic security engineer on the world's largest operating system" -- you do crypto for Minix?

      Once law enforcement has access to backdoor keys, those keys are subject to rubber-hose cryptanalysis and just plain bribery. One dirty cop or judge, or one honest cop or judge with a loved one taken hostage, and the keys are out. In other words ,"secure back door" is an oxymoron.

      Adding a back door is trivial. Public-key crypto syste

      • I call BS on this, and even on your so-called credentials. "A lead cryptographic security engineer on the world's largest operating system" -- you do crypto for Minix?

        Android. You think Minix is the world's largest operating system? I guess I should have been clear that by "largest" I meant "most users".

        FWIW, what I do on Android is strong authentication [android.com], hardware-backed crypto [android.com] and device encryption [android.com]. I'm the owner of the auth and HW crypto subsystems, and contribute significantly to device encryption. In terms of Android components, I own keystore, gatekeeper and keymaster. I also do a lot of work on biometrics. If you're skeptical, feel free to look through the Androi

        • by tlhIngan ( 30335 )

          Certainly, which is why it would be crucial not to give the keys to law enforcement. Perhaps the courts should hold them. Even better, there should be a multi-party access control system, so that court officials, law enforcement officials and probably the device maker all have to agree before the keys can be used... and even then the actual key material should live in secure hardware that will never divulge it, so the multi-party access control only provides temporary use of the keys. The access control and

          • Certainly, which is why it would be crucial not to give the keys to law enforcement. Perhaps the courts should hold them. Even better, there should be a multi-party access control system, so that court officials, law enforcement officials and probably the device maker all have to agree before the keys can be used... and even then the actual key material should live in secure hardware that will never divulge it, so the multi-party access control only provides temporary use of the keys. The access control and key security are a big parts (but by no means all) of the ridiculously-hard key management problem.

            The problem is once you have humans, especially a lot of humans, there's way too much opportunity for corruption. You say you need multiple parties? Well, small town America where the judge, sheriff, bailiff may descend from the same family already eliminates 3 parties from the list, because they are good friends with the mayor and their representative. Company representative? Well, let's say people managed to steal Apple's source code and it leaked out eventually, so all it takes is one intern.

            Yep, it's very, very hard. The claim that it's impossible is bunk, but the claim that we can do it is also bunk.

        • Thank you for taking this position and explaining it. When these threads come up, they quickly fill up with comments heavy on the word "impossible." While there are some rational uses of that word, I believe anytime it is used in the context of security there is a huge burden of proof. Proof I rarely see attempted by the majority of posters here.

          Building something to deliberately circumvent consumer privacy into a device, when your company has built its reputation on protecting privacy is, at best, a questi

    • by AHuxley ( 892839 )
      Re "again, assuming it were even possible." "even if it could"
      PRISM showed what the security forces like doing to users, computers, networks, OS, brands.
      Magic Lantern (software) https://en.wikipedia.org/wiki/... [wikipedia.org]
      "... as to whether anti-virus companies could or should detect the FBI's keystroke logger."
      Operation Socialist https://en.wikipedia.org/wiki/... [wikipedia.org]
      "The Inside Story of How British Spies Hacked Belgium’s Largest Telco" https://theintercept.com/2014/... [theintercept.com]
      SISMI-Telecom_scandal https://en.wikip [wikipedia.org]
  • But I just don't buy the claim that it's impossible.

    Guess what? Math works whether you buy into it or not, bitch.

  • ... the news while Slashdot was down. Phones have [slashdot.org] been [slashdot.org] cracked.

  • Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe. --Christopher Wray

    Translation from FBIese: We would like you all to use very secure encryption that no one can break into except for us

    I have 0 doubts that they sincerely want this.

  • Manufacturer has unique key per device.

    Justice dept has key 2

    Law enforcement has key 3 held by 3rd party Security company.

    Judges order unlocks the use of all 3 Keys which must be handled by another 3rd party forensics company which must use a system that pulls the Keys securely so nobody can view them in transit to the device.

    Complicated as hell, but without access to the unique key and the other 2 Keys nothing can be decrypted.

    Could go further and generate unique Keys per device for all 3 parties it would

  • I like Occam's Razor, and it gives a better answer than the conspiracy theories.

    I've done a bit of forensics, and I write a little. I can imagine how much information about a person you could get from the contents of their smartphone. For a criminal investigation, if I were in that position and I had a choice to search a persons home or their smartphone but not both, I would pick the smartphone.

    The job of the FBI is to investigate crimes, and having access to a suspects smartphone would do a ton of good tow

  • FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem...

    It's not a problem, but a direct response to governmental overreach. It's a solution.

    I always find it astonighing how many people who work in government don't agree with the core principles the country was founded on. It really should be a prerequisite to obtaining a job in government.

  • Sorry Comrade,

    But Encryption that keeps data safe IS the goal, and if you can't crack it, tough.

    Privacy is a right. PERIOD.

    Perhaps if you and your fellow evil losers in government stopped violating Americans rights constantly and betraying the public's trust at every opportunity you'd have some sympathy out there.

  • The FBI can use the backdoored devices for a year or so to make sure they're super safe... then we can all laugh and watch as their private data spills all over the internet.
  • When you say "we need to keep Americans safe", what I think is "Americans need to be kept safe from you."

    Every "law" enforcement agency has proven that it has bad apples who will abuse any authority given to them.
    The FBI can not be trusted with master keys.

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...