Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

Give it a Wray, give it a Wray, give it a Wray now: Big Chris steps in to defend blowing a hole in personal crypto


FBI head honcho Christopher Wray is rather peeved that you all think the US government is trying to weaken cryptography, privacy, and online security, by demanding backdoors in encryption software.

During a session at the International Conference on Cyber Security at Fordham University, New York, Wray backed a proposal mooted earlier this week by US Attorney General William Barr: that the cops and Feds should be able to spy on end-to-end encrypted chats and the like.

Barr basically wants mobile apps and other software used by people to hold private conversations and protect their files and information to be backdoored so police and g-men, armed with warrants, can gain access to and decrypt said data on demand.

Wray reiterated the same tired talking points as the Attorney General about more and more criminals going dark and so forth, though he then came up with a rather odd declaration.

“I’m well aware that these are provocative subjects in some quarters,” the FBI Director opined. “I get a little frustrated when people suggest that we're trying to weaken encryption — or weaken cybersecurity more broadly. We're doing no such thing.”

Except, you know, that’s exactly what he’s calling for. Top crypto boffins are in agreement that putting a backdoor in an encryption system is easy to do, though mathematically impossible or difficult to implement in such a way that unauthorized persons – think miscreants, spies, rogue or bumbling insiders at tech companies – can't find and exploit said backdoor. Nevertheless, Wray thinks otherwise.

He continued:

It cannot be a sustainable end state for us to be creating an unfettered space that’s beyond lawful access for terrorists, hackers, and child predators to hide. But that’s the path we’re on now, if we don’t come together to solve this problem.

So to those resisting the need for lawful access, I would ask: What’s your solution? How do you propose to ensure that the hardworking men and women of law enforcement sworn to protect you and your families maintain lawful access to the information they need to do their jobs?

barr

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

READ MORE

This is where it all goes off the rails. On the one hand, Wray wants to crack encryption so he can snoop on, unmask, and break down the door of, among other scumbags, hackers. And yet, he wants to crack encryption in such a way that, er, hackers can snoop on and unmask citizens by exploiting deliberately introduced weaknesses. In his pursuit of hackers across the nation to protect citizens, he's potentially tearing down the walls that keep hackers out of citizens' private spaces.

“I know we’ve started hearing increasingly from experts like cryptographers and cryptologists that there are solutions to be had that account for both strong cybersecurity and the need for lawful access,” he rumbled on. “And I believe those solutions will be even better if we seek them together.”

Yes, there will always be "experts" trying to sell the US government lucrative pie-in-the-sky solutions to this backdoor quandary. Any decent proposed solution will face intense testing and scrutiny. Wray also praised some tech corps for working with the FBI. He cited instances where images of children being sexually abused were posted online using an anonymizing app. FBI investigators worked with the app's developers to identify the perpetrators, and they were then brought to justice, it is claimed. ®

Similar topics


Other stories you might like

  • Research finds consumer-grade IoT devices showing up... on corporate networks

    Considering the slack security of such kit, it's a perfect storm

    Increasing numbers of "non-business" Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations' threat models.

    According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: "When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents."

    The company surveyed 1,900 IT decision-makers across 18 countries including the UK, US, Germany, the Netherlands and Australia, finding that just over three quarters (78 per cent) of them reported an increase in non-business IoT devices connected to their org's networks.

    Continue reading
  • Huawei appears to have quenched its thirst for power in favour of more efficient 5G

    Never mind the performance, man, think of the planet

    MBB Forum 2021 The "G" in 5G stands for Green, if the hours of keynotes at the Mobile Broadband Forum in Dubai are to be believed.

    Run by Huawei, the forum was a mixture of in-person event and talking heads over occasionally grainy video and kicked off with an admission by Ken Hu, rotating chairman of the Shenzhen-based electronics giant, that the adoption of 5G – with its promise of faster speeds, higher bandwidth and lower latency – was still quite low for some applications.

    Despite the dream five years ago, that the tech would link up everything, "we have not connected all things," Hu said.

    Continue reading
  • What is self-learning AI and how does it tackle ransomware?

    Darktrace: Why you need defence that operates at machine speed

    Sponsored There used to be two certainties in life - death and taxes - but thanks to online crooks around the world, there's a third: ransomware. This attack mechanism continues to gain traction because of its phenomenal success. Despite admonishments from governments, victims continue to pay up using low-friction cryptocurrency channels, emboldening criminal groups even further.

    Darktrace, the AI-powered security company that went public this spring, aims to stop the spread of ransomware by preventing its customers from becoming victims at all. To do that, they need a defence mechanism that operates at machine speed, explains its director of threat hunting Max Heinemeyer.

    According to Darktrace's 2021 Ransomware Threat Report [PDF], ransomware attacks are on the rise. It warns that businesses will experience these attacks every 11 seconds in 2021, up from 40 seconds in 2016.

    Continue reading

Biting the hand that feeds IT © 1998–2021