[Cryptography] FBI Asks Tech Companies to Reconsider "Their Business Model"
pgp at jeremyfrench.co.uk
Thu Dec 10 16:05:12 EST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Could a little framing of the argument be useful here. The data is not Apple's or Google's to decrypt.
The FBI is asking these companies to decrypt other peoples data.
I know it is only a slight perceptual shift, but it seems seems much more emotive.
'Should the FBI make Google decrypt its data' against 'Should google decrypt other peoples personal data for the FBI'
Crypto wars will be won on hearts and minds not technical merit.
On 10 December 2015 13:15:40 GMT+00:00, Henry Baker <hbaker1 at pipeline.com> wrote:
>'Comey said at a Senate Judiciary Committee hearing Wednesday morning,
>extensive conversations with tech companies have persuaded him that
>"it's not a technical issue."' ?????
>I'm curious as to whom at these 'tech companies' Comey has been
>Comey Calls on Tech Companies Offering End-to-End Encryption to
>Reconsider "Their Business Model"
>FBI Director James Comey on Wednesday called for tech companies
>currently offering end-to-end encryption to reconsider their business
>model, and instead adopt encryption techniques that allow them to
>intercept and turn over communications to law enforcement when
>End-to-end encryption, which is the state of the art in providing
>secure communications on the internet, has become increasingly common
>and desirable in the wake of NSA whistleblower Edward Snowden's
>revelations about mass surveillance by the government.
>Comey had previously argued that tech companies could somehow come up
>with a "solution" that allowed for government access but didn't weaken
>security. Tech experts called this a "magic pony" and mocked him for
>Now, Comey said at a Senate Judiciary Committee hearing Wednesday
>morning, extensive conversations with tech companies have persuaded him
>that "it's not a technical issue."
>"It is a business model question," he said. "The question we have to
>ask is: Should they change their business model?"
>Comey's clear implication was that companies that think it's a good
>business model to offer end-to-end encryption -- or, like Apple, allow
>users to fully encrypt their iPhones -- should roll those services
>Comey and other government representatives have been pressuring
>companies like Apple and Google for many months in public hearings to
>find a way to provide law enforcement access to decrypted
>communications whenever there's a lawful request. Deputy Attorney
>General Sally Quillian Yates said in a July hearing that some sort of
>mandate or legislation "may ultimately be necessary" to compel
>companies to comply, but insisted that wasn't the DOJ's desire. Now,
>there's little pussyfooting about it.
>"There are plenty of companies today that provide secure services to
>their customers and still comply with court orders," he said. "There
>are plenty of folks who make good phones who are able to unlock them in
>response to a court order. In fact, the makers of phones that today
>can't be unlocked, a year ago they could be unlocked."
>Comey indicated that these companies should be satisfied providing
>customers with encryption that allows for interception by the
>providers, who can then turn over the information to law enforcement.
>Privacy experts say that the same holes in encryption that allow for
>authorized interception also allow for unauthorized interception -- and
>therefore provide insufficient security.
>Comey called on customers, who he said are becoming more aware of the
>"dangers" of encryption, to "speak to" phone companies and insist
>they'll "keep using [their] phones" if they stopped offering the
>Comey acknowledged that encrypted apps would still exist. But, he
>said, encryption "by default" is the real problem. He told Sen. Mike
>Lee, R-Utah, that "I think there's no way we solve this entire problem.
> The sophisticated user could still find a way."
>That didn't stop him from calling for an international standard for
>encryption technologies, however. Many popular encrypted applications
>are not U.S. based. Any action imposed on American companies would
>likely handicap them and lead customers to turn to overseas options.
>"We have to remember limits of what we can do legislatively," said Lee.
>"If we're going to mandate that legislatively" -- force companies to
>stop offering strong encryption -- "it wouldn't necessarily fix the
>problem," he said.
>For the first time, Comey made a specific allegation about encryption
>having interfered with an FBI terror investigation.
>"In May, when two terrorists attempted to kill a whole lot of people in
>Garland, Texas, and were stopped by the action of great local law
> that morning, before one of those terrorists left to try
>to commit mass murder, he exchanged 109 messages with an overseas
>terrorist. We have no idea what he said, because those messages were
>"That is a big problem," Comey said.
>But in the Garland case, the FBI had been tracking one of the would-be
>attackers for months -- and had alerted local police that he might be
>headed to a controversial anti-Muslim exhibition. But FBI surveillance
>didn't stop Elton Simpson -- the Garland Police Department did. The
>local police never got the FBI's email.
>Comey did not request specific legislation to compel companies to
>abandon end-to-end encryption, but told Sen. Dianne Feinstein,
>D-Calif., that he would like to see all companies responding to lawful
>requests for data. Feinstein offered to pursue legislation herself,
>citing fear that her grandchildren might start communicating with
>terrorists over encrypted PlayStation systems.
>Toward the end of the hearing, Comey seemed to contradict his earlier
>comments urging companies to reconsider their business models. "I
>don't want to tell them how to do their business," he said. Then,
>moments later, he added that "there are costs to being an American
>business -- you can't pollute." The implication there was that
>American businesses might need to comply with new standards regardless
>of what the rest of the world does -- as if providing end-to-end
>encryption to protect the average person's communications is the same
>as destroying the environment.
>Technologists, privacy advocates, and journalists reacted on Twitter
>with confusion and frustration.
>Contact the author:
>dan.froomkin at theintercept.com
>jenna.mclaughlin at theintercept.com
>The cryptography mailing list
>cryptography at metzdowd.com
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
-----END PGP SIGNATURE-----
More information about the cryptography