Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption Government Privacy Security Software United States Technology

FBI Director Christopher Wray On Encryption: We Can't Have an 'Entirely Unfettered Space Beyond the Reach of Law Enforcement' (cnet.com) 447

An anonymous reader quotes a report from CNET: Encryption should have limits. That's the message FBI Director Christopher Wray had for cybersecurity experts Tuesday. The technology that scrambles up information so only intended recipients can read it is useful, he said, but it shouldn't provide a playground for criminals where law enforcement can't reach them. "It can't be a sustainable end state for there to be an entirely unfettered space that's utterly beyond law enforcement for criminals to hide," Wray said during a live interview at the RSA Conference, a major cybersecurity gathering in San Francisco. His comments are part of a back-and-forth between government agencies and security experts over the role of encryption technology in public safety. Agencies like the FBI have repeatedly voiced concerns like Wray's, saying encryption technology locks them out of communications between criminals. Cybersecurity experts say the technology is crucial for keeping data and critical computer systems safe from hackers. Letting law enforcement access encrypted information just creates a backdoor hackers will ultimately exploit for evil deeds, they say.

Wray, a former assistant attorney general in the U.S. Department of Justice who counts among his biggest cases prosecutions against Enron officials, acknowledged Tuesday that encryption is "a provocative subject." As the leader of the nation's top law enforcement agency, though, he's focused on making sure the government can carry out criminal investigations. Hackers in other countries should expect more investigations and indictments, Wray said. "We're going to follow the facts wherever they lead, to whomever they lead, no matter who doesn't like it," he said. To applause, he added, "I don't really care what some foreign government has to say about it."

This discussion has been archived. No new comments can be posted.

FBI Director Christopher Wray On Encryption: We Can't Have an 'Entirely Unfettered Space Beyond the Reach of Law Enforcement'

Comments Filter:
  • by rsilvergun ( 571051 ) on Tuesday March 05, 2019 @07:05PM (#58222024)
    50+ years of voting for tough on crime politicians gets you thinking like this. That and the equally if not more-so ineffective "broken windows" policing.
    • Re: (Score:2, Insightful)

      The FBI director isn't elected. In fact, he and the entire FBI and the rest of the intelligence community do not answer to the elected government. They have their own goals, and they simply do not feel safe from us. They feel we mean to harm them (although we can not say why); and to prevent this they must monitor our communications. Thus the Fourth and Fifth amendments have to go.
      • by Darinbob ( 1142669 ) on Tuesday March 05, 2019 @08:26PM (#58222468)

        Not true. They are under the authority of the department of justice, which is a part of the executive branch. Their funding comes from congress as well, they must abide by laws created by congress, and the court system has oversight for criminal cases they bring. They absolutely and positively answer to elected officials no matter what your special youtube videos tell you. Just because an authoritarian president finds that he can't order them about is not the same thing as the FBI being unanswerable to elected officials. The FBI members have taken oaths to uphold the law, not oaths to an individual office holder.

        • by currently_awake ( 1248758 ) on Tuesday March 05, 2019 @08:50PM (#58222578)
          All police departments try to achieve zero crime. They constantly look for ways to detect criminals. This means they are constantly pushing the boundary of legal law enforcement methods, and sometimes they cross that line. The "Average" living room is beyond the reach of law enforcement. Only special living rooms justify surveilance (special = they have a reason for a warrant), meaning average living rooms are not bugged just like encrypted messages are not read. For most of human history what happened in private stayed private, so again this isn't a new situation for police and they know how to deal with it (lean on a person who has access to what you want).
          • by jittles ( 1613415 ) on Wednesday March 06, 2019 @07:29AM (#58224208)

            All police departments try to achieve zero crime. They constantly look for ways to detect criminals. This means they are constantly pushing the boundary of legal law enforcement methods, and sometimes they cross that line. The "Average" living room is beyond the reach of law enforcement. Only special living rooms justify surveilance (special = they have a reason for a warrant), meaning average living rooms are not bugged just like encrypted messages are not read. For most of human history what happened in private stayed private, so again this isn't a new situation for police and they know how to deal with it (lean on a person who has access to what you want).

            But surely this is the first time in human existence that law enforcement has waged a war on mathematics? Until the elite are willing to limit their personal finances to 2^32 pennies, I will not give up my 256 bit AES or 2048 bit RSA. If we are going to put limits on math, we need to limit it everywhere

      • Santa Claus? The Easter Bunny?

        Sorry to be flippant, but I really, really, really shouldn't have to point this out [google.com].

        And our current president has pretty clearly removed all semblance of impartiality from the appointment while our Republican lead Congress (well, half of it now) is letting him get away with it.
  • by Kernel Kurtz ( 182424 ) on Tuesday March 05, 2019 @07:08PM (#58222034)

    governments are the entities people most need to be able to keep secrets from.

    Just sayin.

  • by schwit1 ( 797399 ) on Tuesday March 05, 2019 @07:11PM (#58222048)

    A free society's highest priority is not to service law enforcement.

  • by Proudrooster ( 580120 ) on Tuesday March 05, 2019 @07:13PM (#58222060) Homepage

    And if we give you the keys Mr. Government everyone will have them in 3..2..1.. because we all know how well law enforcement can keep a secret.
    Yeah, I'm looking at you NSA, the most secure agency on planet earth that couldn't hang on to their toys, tools, and tactics.

    Fun Fact: If it wasn't for the NSA leaks, we most likely would not have had the WannaCry ransomware attacks.

    • by Anonymous Coward

      FBI Director Christopher Wray just can't understand. "We're the good guys here! Why don't you believe us, we're the good guys!"

      J. Edgar Hoover? That's in the past! Patriot Act? You can't bake a cake without breaking a few eggs! The Panopticon such that even Grandma gets a working over due to too many internet searches for cross-stitch patterns? Well Grandma liked that Commie pinko Rudolph Valentino back in the day, that's reason enough to suspect her!!

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      In layman's terms,
      "Law enforcement must have master keys to all homes/offices/safes. Every cop must be able to freely copy them."
      and "we promise we'll never lose them, pinky swear!"

      See how that goes over with the general public.

      captcha: "tyranny" - wow. First time I landed an apropos one.

    • The first thing I thought of when I saw this post was Howard Payne and Deviant Ollam's talk "This key is your key, this key is my key". If you want to see how godawful most companies (and the government) are at security, watch this: https://www.youtube.com/watch?... [youtube.com]

      Or the incompetence of how the TSA master keys were leaked: https://www.youtube.com/watch?... [youtube.com]

      Yeah, let's not make any master keys please.

  • by dicobalt ( 1536225 ) on Tuesday March 05, 2019 @07:14PM (#58222074)
    Even if it becomes illegal in the US, there is still a whole world out there where it's not illegal. The software will still be there and still be accessible. You might as well let the good guys use it too. This man's argument is steeped in lazyness on the part of the FBI. They want to be able to issue a warrent to access the data and boom they have their case. The FBI don't want to do the leg work to get the information, they want a magic legal bullet. Sorry but that's pretty lame.
    • by monkeyxpress ( 4016725 ) on Wednesday March 06, 2019 @03:55AM (#58223718)

      No but what they will do is make it a crime to use robust encryption schemes. If you are caught using one then you go to prison for a long time on the basis of possession (regardless of whether you are actually involved in anything else illegal). Of course, criminals won't care, since they are already doing illegal stuff, but regular folk will basically have to make all their data discoverable to the authorities on demand. Similarly anyone in a position of authority, or with large amounts of wealth will be able to apply for an permit to use stronger encryption. As for data breaches, well, these seem to occur every few months at the moment, but unless it is panama paper stuff, very few seem to care (and even then...).

      This is the middle class' biggest weakness - they have enough invested in the 'system' that you can use the threat of loss of participation in the system to make them conform to silly rules. Unfortunately we have only had a middle class for about 60 years now out of thousands of years of recorded civilisation, and I'm not entirely convinced it has the political will to sustain itself in the face of oligarchic leadership that seems intent on bringing back feudalism.

  • by kiviQr ( 3443687 ) on Tuesday March 05, 2019 @07:16PM (#58222078)
    4th Amendment is "a provocative subject."
    • Re: (Score:3, Insightful)

      The 2nd Amendment isn't too popular either on the Left. And the 1st as well.
      • The first is held sacrosanct on both sides of the isle. Don't let the actions of a few fringe weirdos paint half the country for you. And stop worrying about the left or the right, they're both WRONG and misguided. Aim for the center instead of treating politics like a stupid football game.

      • Re: (Score:2, Insightful)

        America is awash in guns, I see no evidence the 2nd amendment is under attack. There is plenty of room for reasonable limitations on guns in America. Banning semi-automatic weapons would be a good start. You can have revolvers, bolt action rifles, and pump action shotguns only. That's plenty for hunting, farmer use, and self defense.
        • Actually, it's not. Statistics show that in a firearm discharge incident, police officers hit approximately 1 out of 7 times; there is little reason to assume that Joe Citizen will do better. And statistics also show that, on average, it takes 3.5 hits to incapacitate an assailant to the point they can be restrained. Put those numbers together, and restriction to less than ~25 rounds in a magazine means you've restricted use for self defense. And that's assuming people are as well trained as police offi
        • Revolvers, as a whole, ARE semiautomatic.

          Given that during the average self-defense gunfight, the defending expends nine rounds, the average defensive shooter would need to reload at least once during a fight. Reloading revolvers is slow.

          Note, though, that there’s no parity: A party attempting to kill someone need only get close and fire one round, though they’re probably wise to use two to the chest and one to the head, just to be sure. (However, if someone’s sending trained hit-men, you

  • Trump Supporter Here (Score:4, Informative)

    by Anonymous Coward on Tuesday March 05, 2019 @07:16PM (#58222080)

    I donated, volunteered, and voted for Trump but I gotta say... fuck his FBI director on this.

    Both of my positions as a conservative (small government) and a hacker (individual software freedom) are against this.

    But let's not fool ourselves into thinking the Democrats would be any better on this issue. Both parties are chock full of authoritarian fuckwits.

    Leave me alone with my guns and computers please. :(

    • Donald Trump is no Republican. He's against free trade (get governent out of the way of business), he's against illegal immigration (cheap labour that can't complain about working conditions), and endless war (arms sales). If you are a conservative OR Republican you should want him out of office (concervatives care about balanced budgets, Republicans don't).
  • by Anonymous Coward

    Land of the free my ass.

  • “......(unless it’s in private between parties)”
  • by markdavis ( 642305 ) on Tuesday March 05, 2019 @07:24PM (#58222134)

    >"Encryption should have limits. That's the message FBI Director Christopher Wray had for cybersecurity experts Tuesday."

    No, it shouldn't. And it can't. We have been over this over and over again. It has been proven in the REAL WORLD over and over again. Either something is secure with encryption or it isn't. You can NOT have back doors or intentional weaknesses in encryption or, eventually, EVERYONE loses and suffers. It is either secure or not secure. Back doors and weaknesses will be found by the "bad doers"- bad governments, rogue elements in governments, corporate competitors, hackers with nothing better to do, terrorists, whatever.

    >"it shouldn't provide a playground for criminals where law enforcement can't reach them."

    We have ALWAYS had such playgrounds. Before the days of computers and text messages and Email and web logs and "security" cameras everywhere, the government couldn't just watch what everyone did/say/go/read/etc. We had privacy and security BY DEFAULT due to the fact that it was either impractical or impossible to collect such information and sift through it en-mass. And it would have been UNTHINKABLE that citizens would ever allow the government to do so in a free country.

    In an age where information is power, privacy and security are more important than ever. And just passing laws to "protect" this or that isn't going to cut it. Strong encryption is the only option we have. Mess that up, and we have no real protections left.

    • by mark-t ( 151149 )

      Those protections will always exist, regardless of the law. The law can, at best, only attempt to prohibit you from using them.

      It is even possible (easy even) to make encryption that is undetectable to anyone who doesn't know *EXACTLY* what to be looking for, so there's no way for anyone else to detect people using it. There's further literally no upper limit to how many of these encryptions that could ever exist, it's as unbounded as human imagination... and considering that we can imagine things like

  • by Rick Schumann ( 4662797 ) on Tuesday March 05, 2019 @07:33PM (#58222190) Journal
    This is a binary issue: you either have encryption, or you don't, damnit!
    Meanwhile criminals (and non-stupid people!) will use non-backdoored encryption and not give a fuck.
    Criminals will also find the backdoor and have access to everything!
    Why the ACTUAL FUCK can't these brainless idiots get this through their thick skulls!?
  • backdoors (Score:4, Insightful)

    by l3v1 ( 787564 ) on Tuesday March 05, 2019 @07:38PM (#58222208)
    The only way to avoid leaking backdoor information is to not have one. Period. If there is one, it will unavoidably either leak out, or be found out, that's certain. I understand they'd wish their jobs would be easier, but wishes aren't horses.
    • by AHuxley ( 892839 )
      Ex and former staff walk out with the keys expected to be kept deep in the US gov.
      Give it to another nation, cult, faith, a company, another nations mil, some kingdom, some theocracy.
      Split loyalty sets in and another nation is handed the keys.
      Media brands, criminals, private investigations, random police, ad brands soon get the same keys.
      Protesters, think tanks, NGOs then get the keys.
      All with great political, faith, profit, criminal reasons to spy and collect it all.

      A world of weak and junk crypto o
      • 1. Exclude patriotic Americans with the "wrong politics" from serving their country.
        2. Exclude anyone who has experienced typical working-class challenges. Credit, employment history, etc.
        3. Exclude anyone with the "wrong" friends.
        4. Exclude anyone who reads the "wrong" books.
        5. Exclude pot smokers and similar hippies.
        6. Exclude anyone who takes their religion seriously.
        7. The secrets still walk out the door
        8. ???
        9. Profit!

  • by Indy1 ( 99447 ) on Tuesday March 05, 2019 @07:41PM (#58222230)

    Its because of jackasses like you, Hoover, etc, that we NEED and DEMAND bullet proof network security and encryption.

    If you need a refresher on the reasons why, try the following.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    And finally, go back and re-read this thoroughly. Shut your yap until such time you UNDERSTAND the material in question.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

  • So what he's saying is that other countries have an unfettered right to spy on the US with the same backdoors he'll put into the software. Because surely no one is beyond the lawful reach of (US/Russian/Chinese) right to investigate?
  • We Can't Have an 'Entirely Unfettered Space Beyond the Reach of Law Enforcement

    Si, se puede!

  • by AHuxley ( 892839 ) on Tuesday March 05, 2019 @07:56PM (#58222288) Journal
    So mail in the post should be opened and the contents scanned and looked at?
    East German style?
    Not just scan the envelope and keep text front and back?
    Yet on the internet that electronic mail and data should be opened all the time by the federal gov?
  • by sandbagger ( 654585 ) on Tuesday March 05, 2019 @08:13PM (#58222390)

    When Gutenberg's press went into production.

    The facts are that encryption is a byproduct of math and any computer science student can develop and encryption system as a school project. This is like trying to hold back the printing press. It's not going to happen.

    What did happen is that law and social values evolved to accommodate the printing press. Defamation was compartmentalized into libel versus slander and social and political conventions emerged to balance different interests.

    The same is happening here.

  • by Tablizer ( 95088 ) on Tuesday March 05, 2019 @08:18PM (#58222418) Journal

    What they don't really address is that crooks have been pretty good at finding back-doors. No known technology can make a practical back door for law enforcement that's not a potential and fairly likely access point for crooks.

    In fact, the crooks have proved smarter and faster than law enforcement, in part because 3rd-world labor is cheap and plentiful compared to law enforcement staff, and crooks are happy to outsource. The crooks have a much bigger eArmy. Law enforcement will lose a labor contest.

  • by seoras ( 147590 ) on Tuesday March 05, 2019 @08:55PM (#58222596)

    Pandora's box was opened a long time ago. Criminals can use open source encryption to avoid mainstream services.
    The question the FBI and others haven't answered is - how is this any benefit to crime control when all it does is relocate the dark users to their own platforms that they alone hold the keys to?
    Why therefore break it for the vast majority of law abiding citizens thus exposing us to not just bad actors in government but the criminals too?

    • Why? It amazes me that so many people here still don't get it. Once you're not talking about default or super-easy encryption built into mass market products, two giant classes are no longer using crypto: almost all non-criminals besides a few privacy nuts, and 99% of criminals themselves; if they could set up their own 3rd party crypto, they wouldn't need to be criminals. I'm sure the FBI is well aware a tiny class of privacy nuts and criminals that are bad enough to justify electronic intercept but also t
  • What jackoff put this guy in charge of the FBI, anyway? And why does he hate freedom so much?

    • And why does he hate freedom so much?

      He doesn't, it just isn't part of his job. Just like, setting the rules for encryption aren't part of his job, so his comments are just random musings by some old guy with some unrelated important job.

      This is all normal and consistent. I wouldn't expect the leader of FEMA to know shit about encryption. And I wouldn't care, same as with this schmuck.

      • Just like, setting the rules for encryption aren't part of his job, so his comments are just random musings by some old guy with some unrelated important job.

        Is he old? His bio says 52. I don't know what's old any more.

  • Have you no regard for Government power ?

  • The next step is to make the same argument as to why the government should be able to mandate the placement of microphones in every room of every building. You can’t have an unfettered real-world space where criminals can discuss and plan crimes beyond the reach of law enforcement.

  • It is still illegal to open somebodies snail mail. Why is encryption any different, legally, than an envelope?

    • They're trying to make the case it's not. They *can* open peoples mail. All they have to do is say the package looked suspicious or their dog gave them permission. Nobody's mail is private from the government; they want to open every other communication with even less effort.
    • by gweihir ( 88907 )

      Opening envelopes takes work for every individual one. For encryption backdoors, it just takes a bit of electricity once the software is written. People like this one believe that they finally have victory in sight in their war on civil liberty and freedom. They want to make sure everybody is afraid to say what they think in any circumstances, because everything can be under surveillance all the time, no safe spots.

      • by MrKaos ( 858439 )

        Opening envelopes takes work for every individual one. For encryption backdoors, it just takes a bit of electricity once the software is written.

        I understand that they are doing something insidious by simply scanning the from and to address on every piece of mail and making a database of associations. All automated.

  • You definitely shouldn't be able to talk privately with your wife.

    No privacy from Leviathan.

    Send nudes.

  • This guy needs to read some good Bruce Schineer books like Data and Goliath and Click here to Kill Everybody. Then maybe these idiots will understand that if their goal is to catch bad guys (i.e. people who are out to commit things like terrorist attacks or mass murders or the other things the FBI is meant to be trying to stop) back-door access to encrypted devices isn't going to help (and in fact can make that job harder in some cases as well as increasing the risk that things like cyberattacks will occur)

  • by hdyoung ( 5182939 ) on Tuesday March 05, 2019 @10:59PM (#58223060)
    I like the way things are right now. It's a good balance. There's secure encryption out there that's *very* hard for the government to break. If someone wants to use that stuff, they can, but it takes motivation. Apple products don't cut it - those are easy to break. You need pgp and stuff like that. If the government wants access to strongly-encrypted data, they have to get a subpoena. It's not easy. Two separate branches of the government (executive and judicial) have to agree that there's a legit reason. If the government meets that high bar, then they have rights to it. At that point, the person can either a) unlock the info or b) head to jail.

    Some people in government feel that they should be able to poke into whatever, whenever, wherever they want. If we give these people control, we'll end up like China. No thanks. I like my western democracy. The executive branch+NSA has overstepped these bounds in the past and I don't approve at all. Suck it up, spooks! Spend the time, fill out the paperwork and get your frikkin subpeonas approved by a judge. Every. Single. Time. It's designed to be hard on purpose.

    Some people on the other side feel that they should be able to do whatever they want, whenever they want, wherever they want. Laws be damned. Some of these people call themselves libertarians, some call themselves anarchists, some are truly criminals, but a lot of them just don't like being told what to do. These people need to get a clue. If you want to live like that, find an uninhabited spot and live as a hermit. Rural Australia, Siberia and the Arctic are good candidates. You won't last long, but you'll be free according to your own terms. The second you want to live in a group with other people (aka a civilization) there are rules to follow.
  • by dweller_below ( 136040 ) on Wednesday March 06, 2019 @12:08AM (#58223228)

    This is not a technical issue.

    For the last 232 years, the supreme law of the land in the United States is the US Constitution. All government powers, whether Executive, Legislative, or Judicial, are subordinate to the limits defined in the Constitution.

    Claiming that the US Legal system must have unfettered access to all information is the same as saying that the US Legal system must not be fettered or subject to the US Constitution. That leads me to 3 important questions:

    1. Why is NOW a good time to abandon the US Constitution?
    2. What authority does Director Wray claim to be superior to the US Constitution?
    3. Shouldn't Director Wray be immediately fired for violating his Oath to "..Protect and Defend the Constitution of the United States.."?
  • The FBI is one of the biggest jokes we have in government today. They have become so lazy about how they investigate crime that I'm sure they are missing whole cargo ships full of drugs, slaves and bootleg media. If they had to pick from those three things to stop, the bootleg media would be their first choice with the slaves a distant third. I wonder if they ever tried to outlaw private meetings and force people to have all conversations through a phone. "Hey we can't have all these people just going t

  • Comment removed based on user account deletion
  • You can't ban something that is already common programming knowledge.
  • Look at us, we already have.

  • We can't have people who are exempt from law and out of reach, no matter what kind of damage they do to society. I welcome the push to finally do something about corporations flaunting their disregard for laws.

    That's what you mean, right?

  • ... and math isnt illegal.

    Good luck stopping it when the entire world runs on computers.

  • Crypto is just mathematics. You can't unlearn maths. For sure, popular apps with strong crypto can be banned or whatever but people can have privacy if they want it.

  • by Archtech ( 159117 ) on Wednesday March 06, 2019 @05:47AM (#58223980)

    "It can't be a sustainable end state for there to be an entirely unfettered space that's utterly beyond law enforcement for criminals to hide..."

    Funny how often officials and policemen unintentionally reveal their inner thoughts when speaking in public.

    Can't have... "unfettered"...

    Fetters, of course, are chains. Apparently this Gestapo officer believes that all citizens belong in chains - at all times. Even their thoughts, ideas and words must be in chains.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...