back to article FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'

FBI Director Christopher Wray has picked up where he left off last year with a new call for backdoors in encryption exclusively for law enforcement. Speaking at the International Conference on Cyber Security in New York today, Wray complained that in the past year the Feds have seized 7,775 devices that they can't unlock and …

  1. Bill M

    1234

    For Donald's phone have they tried 1234 to get in ? There again maybe he can't count that high so maybe try 1212.

    1. TheVogon

      Re: 1234

      "Wray complained that in the past year the Feds have seized 7,775 devices that they can't unlock and decrypt"

      Good, good.

    2. wolfetone Silver badge

      Re: 1234

      "There again maybe he can't count that high so maybe try 1212."

      You dummy.

      He obviously uses 0000.

      1. cosmogoblin

        Re: 1234

        You honestly think he has the attention span to type a four-digit code every time he tweets?

        1. Gordon 10

          Re: 1234

          You fools! Its obviously covfefe

    3. Uncle Slacky Silver badge
      Stop

      Re: 1234

      Maybe (in honour of President Skroob) the combination is "12345"?

      1. davidp231

        Re: 1234

        "That's the stupidest combination I ever heard in my life! It's the sort of thing an idiot would use on his luggage." - Dark Helmet

        <later>

        "That reminds me, I must change the combination on my luggage." - President Skroob

        Hail Skroob! (and still a better alternative to the incumbent).

  2. hellwig

    8000 Devices?

    So we're looking at possibly 8000 9/11s? 8 kilo-9/11s? Shoot, is there a El Reg unit to cover this sort of potential catastrophe?

    1. K.o.R

      Re: 8000 Devices?

      You don't mean...?

      Yes. Seven million, two hundred and eighty-eight thousand.

      1. Anonymous Coward
        Anonymous Coward

        Re: 8000 Devices?

        To get at those 8000 devices they want to permanently compromise the privacy of around 200,000,000 of their fellow citizens. Yeah right.

        1. John Smith 19 Gold badge
          Gimp

          they want to permanently compromise the privacy of around 200,000,000 of..fellow citizens.

          FTFY.

          The rhetoric is always about protecting Joe Public from the menace of terrorists/drugdealers/moneylaunderers/paedophiles but the real agenda is always

          "Give me six lines from an honest man and I'll find something with which to hang him."

          Being able to do warrantless trawls through all the data the NSA has slurped has been real good for the FBI but it's a bit unfocused.

          Data fetishism. It's not a sane policy. It's a personality disorder

          1. Antron Argaiv Silver badge
            Big Brother

            Re: they want to permanently compromise the privacy of around 200,000,000 of..fellow citizens.

            ...and the FBI would *never* exaggerate the threat in order to get authority to snoop, would it?

            Because that would be unethical, if not illegal.

            // 1984, here we come!

        2. Charlie Clark Silver badge

          Re: 8000 Devices?

          200,000,000 of their fellow citizens

          The US passed 300 million several years ago: https://www.census.gov/popclock/

          Or do you think that over a third of the population doesn't deserver constitutional rights?

          1. Anonymous Coward
            Anonymous Coward

            Re: 8000 Devices?

            Um, I kind of assumed there would be children and mimes without phones.

            1. Ralph the Wonder Llama
              Coat

              Re: 8000 Devices?

              Mimes have phones - they just use FaceMime.

        3. Warm Braw

          Re: 8000 Devices?

          they want to permanently compromise the privacy of around 200,000,000 of their fellow citizens

          They've already done that through mass data collection of data in transit - and most of their fellow citizens seem fine with that. They want to build on that precedent while they (think they) can.

          1. Sir Runcible Spoon

            Re: 8000 Devices?

            Has anyone tried to tell them that it's their own fault and that they were warned (by the very community that is so well represented here on El Reg).

            If you break the public's trust and slurp all the data you can, expect people to get pissed off and take up measures to counteract it. It's human nature - or are they going to legislate against that next?

            1. Anonymous Coward
              Anonymous Coward

              Re: 8000 Devices?

              "It's human nature - or are they going to legislate against that next?"

              Well, the Soviet Union tried it, and it has been said that the US will try, at least once, every possible bad idea. Come to think of it, they tried Prohibition. So there is precedent.

        4. FIA Silver badge

          Re: 8000 Devices?

          To get at those 8000 devices they want to permanently compromise the privacy of around 200,000,000 of their fellow citizens. Yeah right.

          There's more people in the world than that.

          Although I suppose over time the rest of the world would just move to non US backdoored encryption systems.

          Good job all those terrorists people are so worried about aren't foreign.

        5. MachDiamond Silver badge

          Re: 8000 Devices?

          Think billions of people. The US will force the backdoors on every other country by making it a requirement during trade negotiations. It's the same thing they did via FACTA and the banking system.

  3. Adrian 4
    Holmes

    Quis custodiet ipsos custodes?

    Just as long as the FBI and politicians phones have a backdoor for the community.

    After all we elected / employ them, so it's up to us to keep them honest.

    1. Ian Michael Gumby
      Big Brother

      @Adrian 4 Re: Quis custodiet ipsos custodes?

      If you haven't been paying attention, there is this thing called the official records Act. That is to say all work products and communication by Federal Employees must be retained and readable.

      In the CFPA (I think that's the acronym) there's a group calling themselves Dumbledoor's ?sp? Army. Where they have downloaded encryption apps and what not. (You can find out more by googling.)

      Those individuals should be terminated because by law everything they do should be review-able.

      As to this... tell them to punt. They put a backdoor in... a year or two later, someone pilfers the NSA/CIA and poof, those hacks are out.

      Not to mention with all of the news of the level of corruption within the DoJ and FBI... fuggitabout it.

      1. Sir Runcible Spoon

        Re: @Adrian 4 Quis custodiet ipsos custodes?

        That is to say all work products and communication by Federal Employees must be retained and readable.

        Until it's all accidentally deleted, along with the backups, across several locations - all at once.

        1. MachDiamond Silver badge

          Re: @Adrian 4 Quis custodiet ipsos custodes?

          "Until it's all accidentally deleted, along with the backups, across several locations - all at once."

          It was all backed up on a server at the Clinton's home in NY until that fire they just had.

    2. Antron Argaiv Silver badge
      FAIL

      Re: Quis custodiet ipsos custodes?

      After all we elected / employ them, so it's up to us to keep them honest.

      We're trying, but it hasn't worked out so well. It seems "we" have a large proportion of fools amongst us.

  4. Aynon Yuser

    Maybe they just wanna see a criminals dick pics

    1. phuzz Silver badge

      I think all you have to do is be publicly female on the internet and the dick pics will come to you.

  5. NoneSuch Silver badge
    Coffee/keyboard

    911 x 8,000... Sorry. World Police reference.

    That number should be 8,000,000,000

  6. asdf

    get stuffed FBI

    Considering how little regard law enforcement and the executive branch (all branches) actually have for the fourth amendment hard to have much sympathy. Any backdoor would get abused in the name of the War On (insert flavor the times) even if requiring a warrant initially.

    1. Blank Reg

      Re: get stuffed FBI

      And when criminals also figure out the back door I'm sure the government will be glad to compensate everyone for any loses and/or embarrassment due to their ridiculous requirement.

      1. bombastic bob Silver badge
        FAIL

        Re: get stuffed FBI

        "And when criminals also figure out the back door"

        that's always the only SANE conclusion anyone can come up with.

        Not only that, but THE CRIMINALS will ALWAYS have their:

        a) illegal encryption

        b) illegal servers

        c) illegal weapons

        d) illegal whatever

        because they, by definition, do NOT obey the laws that regular people are forced to live under.

        Back door effect on fightingcrime: ***Z E R O ***

        Back door effect on personal security: *** H U G E ***

        say buh-bye to intarweb commerce if a back door evar becomes mandatory. That's like a universal skeleton key to every lock.

    2. veti Silver badge

      Re: get stuffed FBI

      The 4th amendment explicitly allows the executive branch to help itself to your papers and effects, provided it gets the assent of the judicial branch first. We're not talking here about J Edgar'ing up internet traffic, we're talking about unlocking devices that have been physically seized by the Feds, but are locked down in such a way that they cannot reasonably exercise their constitutional rights.

      Call me a heretic, but I don't see quite what the fuss is about. A backdoor that requires intrusive physical access to the hardware - would not compromise your constitutional rights.

      1. Anonymous Coward
        Anonymous Coward

        Re: get stuffed FBI

        So, what if a bad guy steals your phone? He's got physical access too.

        1. veti Silver badge

          Re: get stuffed FBI

          So, what if a bad guy steals your phone? He's got physical access too.

          Then that bad guy has (potential) access to your stuff, obviously. How is that different from him stealing your wallet?

          The point is that in that scenario, you know your phone has been stolen, and from that point you should assume the clock is ticking, and it's only a matter of time before everything on it is available to whoever has it. You should take countermeasures. No different from cancelling your credit cards when you lose your wallet.

          Not a heretic just completely missing the point of compromising encryption.

          No, I understand that. But for a long time, every security advisor would have told you "when the enemy has physical access to your hardware, and unlimited time in which to operate - it's over. There is no defence from that position." As I see it, that's an inherent limitation in digital encryption, it's one I've always taken for granted.

          Mind you, I also assume that if the NSA really wants to read the contents of my phone or hard drive, they can. Which is why I don't keep my plans for world domination on either of them. That's just common sense, IMO.

          So...your position is that we should just trust the government to do what's right and legal?

          No, my position is that the feds have a difficult job to do, and you should assume they will use every means to make it easier. That includes legal, technical and political means. If you don't give ground and meet them at some point, then they will press for more and more intrusive tools and rights, and they will get them, because politicians will see - correctly or not - that you are the ones who are being unreasonable.

          If you don't give them an inch, they will take a mile.

          1. Michael Thibault

            Re: get stuffed FBI

            "Which is why I don't keep my plans for world domination on either of them. That's just common sense, IMO."

            Thanks for the tip.

        2. MachDiamond Silver badge

          Re: get stuffed FBI

          "So, what if a bad guy steals your phone? He's got physical access too."

          What happens if a bad guy steals your phone and the police collar him a little later and now they have your phone?

          Let's say you are 17 (of any gender) and have some intimate photos of your 16yo girlfriend on the phone that you have encrypted so your mates or parents don't find them. Ever thought about a career as a registered sex offender?

      2. Anonymous Coward
        Anonymous Coward

        Re: get stuffed FBI

        Not a heretic just completely missing the point of compromising encryption. It’s all or nothing, there’s no intermediate point that will actually work to both allow entry to kaw enforcement whilst keeping out the crooks, that’s the whole point being made by the experts here and elsewhere.

      3. Charlie Clark Silver badge

        Re: get stuffed FBI

        The 4th amendment explicitly allows the executive branch to help itself to your papers and effects

        Sure, but another amendment means that people cannot be compelled to provide passwords.

        It's a side-show: want to catch crooks then do normal police work and following the money is a good way to start.

        1. Adam 52 Silver badge

          Re: get stuffed FBI

          "Sure, but another amendment means that people cannot be compelled to provide passwords."

          Seems to be in dispute, as a not very nice man in Florida knows.

      4. Antron Argaiv Silver badge
        WTF?

        Re: get stuffed FBI

        ...We're not talking here about J Edgar'ing up internet traffic...

        No, that's already being done by another agency...

        https://en.wikipedia.org/wiki/Room_641A

        Call me a heretic, but I don't see quite what the fuss is about. A backdoor that requires intrusive physical access to the hardware - would not compromise your constitutional rights.

        So...your position is that we should just trust the government to do what's right and legal?

        Yeah. That hasn't worked out so well in the past, has it?

      5. Jeffrey Nonken

        Re: get stuffed FBI

        I want a bullet that only hurts bad guys.

        And that's the problem with this. Somebody will reverse engineer it or the police will leak the Sekret Key* or probably both. Insecure is insecure is insecure no matter HOW many people you trust with the key to your house.

        Or to abuse another analogy, having slightly compromised encryption is like being slightly pregnant.

        *It only takes ONE LEAK. There are MILLIONS OF POLICE. Do you trust all of them? And that's just the police.

        1. Eddy Ito

          Re: get stuffed FBI

          Reverse engineer the secret key? Nah, nobody will have to do that. All they'll have to do is file a FOIA request and the DOJ will likely hand them the key. It will be redacted of course but done wrong, like this:

          ... Hush, don't tell anyone, the secret key is "password12345"

      6. shaunhw

        Re: get stuffed FBI

        veti wrote:

        "

        Call me a heretic, but I don't see quite what the fuss is about. A backdoor that requires intrusive physical access to the hardware - would not compromise your constitutional rights.

        "

        Not a heretic, you're someone just asking what is impossible to keep secure. This isn't just because of mathematics and the current state of the art, it's really because of human beings.

        Anything like this would be broken in a few years or even matter of months IMHO. Even if it was cryptographically secure, for example a big RSA key, the public half being distributed to be contained in all encryption software, intended to save RSA encrypted packets (of encryption user encryption keys) with the public key, and the private counterpart known only to whatever government authority, some kind person (or perhaps one bribed with enough money / had his family threatened etc.) would surely leak that private component sooner or later. Then the scheme is completely useless.

        Just like todays 1080 HDCP video content protection scheme now completely broken, which might as well not be there at all.

        The master key was leaked, reversed, or got out somehow.

        It would be EASY to implement something like a big RSA key in theory, at least for the foreseeable future. But it relies on human beings to keep it secure which would NEVER happen, or could never be trusted. Also such keys would be subject to the biggest attack in history I'm sure.

        If any government wants such a scheme they should develop it, and first prove beyond all doubt to the world that it really is completely secure beyond question, Even if every bit of information was leaked out somehow. But if they could access the data, then so could someone else.

        There lies the impossibility of it. I am sure if it wasn't and there was a way everyone, save for the bad guys would be in full support.

        Any ideas ?

        Remember they couldn't even secure their own systems with basic methods, and instead blamed people like Gary McKinnon for exposing that incompetency. Would anyone really trust them to be the gatekeeper for the whole country ? They shouldn't blame others such as the designers of crypto systems for something they clearly cannot do themselves.

        The whole crypto community including the most eminent of mathematicians have told them it is not possible. They should perhaps think about believing them, at least for now.

        Crypto Security is about information. Something you have (which then contains the required information), or something you know. In that case your brain contains the needed information. As secure as it gets with a properly designed system, at least for now.

        1. MachDiamond Silver badge

          Re: get stuffed FBI

          "Call me a heretic, but I don't see quite what the fuss is about. A backdoor that requires intrusive physical access to the hardware - would not compromise your constitutional rights."

          Let's say you are being detained by the police because you match the description of somebody that just assaulted somebody in the area. You are handcuffed, you pockets are emptied and you are sat in the police car or on the curb. Now the police have physical access to your phone since they are highly unlikely to let you hang on to it while they try to determine if you are the person they are looking for. Maybe they want to plug your phone into a little device they have that copies and decrypts the contents "just to verify that you are who you say your are".

          Physical access to desktop computer or a server is much more difficult than a mobile device that, by it's very nature, is small and moves around a lot. Phones are also easily stolen since people set them on tables when they are sat down for lunch or a pint and look away since it's sooooo unstylish to have a belt pouch to put it in when wearing tight trousers. As a side note, I find it interesting that women that are on the top heavy side will sometimes store their phone front and center. Physical access to phones is not hard. I could write a crime novel with ways of grabbing phones of targets in all sorts of ways.

      7. MachDiamond Silver badge

        Re: get stuffed FBI

        Veti, the assumed fiction of the US Constitution does't have a "they" (government). The government is "of the people, by the people, for the people". There is nothing in that concept that hands "rights" to FBI.

        The lazy bastards need to go back to investigations 101 and get away from trolling for all of their evidence on electronic devices. I can only see data on an electronic device as absolutely required for Thought crimes. Every other sort of crimes has a transfer of wealth or a physical aspect to it.

        There is no such thing as a perfect justice system and the founding fathers of the US understood that and built a framework that puts the onus on the government to develop a case against somebody that can hold up in court and has to done within a structure of rules. The other way around is someplace like Mexico where they have a national legal theory that boils down to "guilty until proven innocent". I feel it's better to error in favor of the citizen. A criminal isn't very likely to change their ways and is going to make a mistake that provides plenty of evidence against them.

        It would be so easy to scoop people off of the street in any major city that look like gang members, go through their phone and all of their stuff and have a case against them. While I'm all for stuffing hard core gang bangers in the slammer, I'd be very frightened to live in a state where anybody can be grabbed off of the street and have their lives examined in detail because of how they look or dress. It could also mean that one could be subject to "review" for living in a particular neighborhood or being out past a certain time of night without a pass.

  7. GrumpyKiwi

    So Fibbers. Are you going to look after this backdoor as well as say OPM protected their top-secret information? Or as well as the NSA did?

    And will you be supplying it to the Sherrifs department of Podunk County because you just know they're a fine bunch of good ol' boys.

    1. asdf

      Laugh at Podunk County but the Garland police department have stopped more terrorists than the TSA. Of course giving them more power than the firearms they already have no thanks.

    2. Yet Another Anonymous coward Silver badge

      to the Sherrifs department of Podunk County

      And every other country you want to sell phones in.

      If Apple give an unlock code to the FBI then the Eu will want it to protect themselves from their terrorists. And then Israel, Turkey, Russia, China, India, Pakistan ....

      So how does the FBI feel about Trump's phone being officially backdoored by Putin ?

      1. G.Y.

        Trump gave Putin some Mossad secrets _without_ any backdoor ...

  8. Anonymous Coward
    Anonymous Coward

    "human trafficking, counterterrorism, organized crime, and child exploitation"

    The holy trinity of excuses to take peoples privacy, I'm not sure how these people keep a straight face.

    1. Donn Bly

      They wallow in their own manure so long that they can't smell the difference between fact and fiction, thus their faces don't change.

      The question is - How did they approach such crimes before electronic devices? Surely if they could solve them then, using the same detective work they could solve them now. They don't NEED anything on those devices. In fact, they would rather NOT have access so that they can use that as an excuse.

      If they can't make a case without access to the device, then they don't have a case to make.

      1. Schultz
        Go

        "How did they approach such crimes before electronic devices?"

        They don't worry about old-fashioned physical crime. We live in a brave new world and have to deal with thoughtcrime. OK, try again, we live in 1984 and ... no, that's not right either.

        Laugh if you like, but when they try to ferret out potential terrorists they are looking for thoughcrime. Should you stop crime before it happens? Should you lock up bad people before they do bad things? The consensus seems to move towards a yes. China serves as an example that prosperity and progress are possible despite intrusive government. Most of us feel safe that our democratic societies won't turn on us, so it's OK if they first go for the terrorists. Orwell lived in a time closer to the nazi and communist regimes and saw freedom fighters instead of terrorists -- some things are in the eye of the beholder. I expect our western societies to become less freedom-focused unless/until people see negative consequences (i.e., Things That Go Wrong as they did in the first half of 20th century).

      2. Redstone
        Unhappy

        It seems to me that it's both the faces and the faeces that don't change - same faces spouting the same ol' shit.

      3. Michael Thibault

        "If they can't make a case without access to the device, then they don't have a case to make."

        In fact, the hoped-for backdoor is a just-in-case tool. That the increasingly-dubious FBI have k000 encrypted devices means they have k000 devices the contents of which are completely unknown to them and which, therefore, are devices only potentially -- but not demonstrably -- relevant to any current investigation. I think it's a good idea to maintain the status quo, however frustrating it might be to TPTB. They'll have to work smarter; there's nothing for a bigger truncheon in the budget for liberty.

        1. MachDiamond Silver badge

          "In fact, the hoped-for backdoor is a just-in-case tool. That the increasingly-dubious FBI have k000 encrypted devices means they have k000 devices the contents of which are completely unknown to them and which, therefore, are devices only potentially -- but not demonstrably -- relevant to any current investigation. I think it's a good idea to maintain the status quo, however frustrating it might be to TPTB. They'll have to work smarter; there's nothing for a bigger truncheon in the budget for liberty."

          So, the FBI needs to be absolutely sure if the cat is dead or alive, then?

      4. MachDiamond Silver badge

        "If they can't make a case without access to the device, then they don't have a case to make."

        They have to get the ground work done so the Thought Crimes act, aka, the "protect the kiddies bill" will have all of the resources they need.

    2. Captain TickTock

      Holy Trinity..

      I count 4 excuses, what is this, the Spanish Inquisition?

      1. This post has been deleted by its author

      2. Dagg Silver badge
        Pint

        Re: Holy Trinity..

        Spanish Inquisition

        No one ever expects the Spanish Inquisition!

      3. Robin

        Re: Holy Trinity..

        I count 4 excuses, what is this, the Spanish Inquisition?

        Have you not heard of the Holy Quaternity? The father, the son, the holy ghost and the holy son's mate Ian.

        1. Anonymous Coward
          Anonymous Coward

          Re: Holy Trinity..

          I always thought his mate was Kevin.

    3. MrBanana

      Actually, that's four. But hey, you can still have an upvote for the sentiment.

      1. captain_solo

        I protect my backdoor pretty well, so anyone who wanted to poke around back there would absolutely need to use surprise as their chief weapon.

        1. Anonymous Coward
          Anonymous Coward

          Surprise, no lube.

    4. bombastic bob Silver badge
      Childcatcher

      "The holy trinity of excuses to take peoples privacy"

      it's always like that. see icon. (you're welcome, AC, you couldn't assign the proper icon)

  9. StuntMisanthrope

    Plato's Ledger

    One key per man, but only as a last resort. #richelieusfolly

  10. Anonymous Coward
    Anonymous Coward

    Money Talks...

    Unfortunately if enough campaign contributors want a backdoor the US politicians will give the FBI a backdoor.

    1. Doctor Syntax Silver badge

      Re: Money Talks...

      The money argument is firmly on the side of "you can't have that". At least not if the US wants to keep a tech industry.

      1. MachDiamond Silver badge

        Re: Money Talks...

        "At least not if the US wants to keep a tech industry."

        Or banking, e-commerce, remote design center data sharing, a power grid………...

    2. Phil O'Sophical Silver badge
      Facepalm

      Re: Money Talks...

      Unfortunately if enough campaign contributors want a backdoor the US politicians will give the FBI a backdoor.

      And, of course, all the good law-abiding criminals will only use the FBI-approved encryption which contains the backdoor.

    3. bombastic bob Silver badge
      Devil

      Re: Money Talks...

      "if enough campaign contributors want a backdoor the US politicians will give the FBI a backdoor."

      Then open source developers from outside the USA [and perhaps a bunch from WITHIN, using anonymizing networks] would write their own encryption stuff that prevents back-dooring, and now you have "dark net" encryption being used WITHOUT a back door, but only by those with the tech savvy to do so.

      In addition, the banking industry and privacy advocates would form an unholy alliance to put a stop to it via a continuous stream of lawsuits.

      Consider the history of the DeCSS library for DVD players. That's a good, recent example of what would happen with encryption technology. There will be PLENTY of script-kiddie-friendly utilities available on the dark web. And NONE for the rest of us.

      I know politicians are complete idiots but even THEY could realize the obvious in this situation. Just compare it to Marijuana and half of them would "get it".

  11. Anonymous Coward
    Anonymous Coward

    Face Palm

    Would someone please tell me why we keep putting Directors in the FBI that don't understand the most simple concept of encryption? I know that they are just the glorified Chief of Police, but it's not like encryption is a new thing. The fact that a subset of society now has access to it, hasn't changed the fundamental way crypto works. Are we going to have to wait for a snowflake to get old enough to be FBI Director before this asinine subject keeps getting brought up?

    I tell you what Director Wray, dump all your agency funds into a working D-Wave QC and you won't have to ask us, you'll be able to crack whatever you want (like the neato 1337 haxxor script-kiddies you wish you were).

    I'm so sick of making fun of this subject.

    1. JohnFen

      Re: Face Palm

      "that don't understand the most simple concept of encryption?"

      Why do you think they don't understand? I think they understand perfectly. They're just hoping that the average American doesn't understand so they can move ahead with getting their back door installed.

      1. Neil Barnes Silver badge
        Black Helicopters

        Re: Face Palm

        And at what point does possession of a one-time-pad - or something which could be construed to be used as a one-time-pad - become an offence?

        1. Anonymous Coward
          Anonymous Coward

          Re: Face Palm

          "And at what point does possession of a one-time-pad - or something which could be construed to be used as a one-time-pad - become an offence?"

          Or a book, since book ciphers are pretty hard to break. (For those who don't understand, read Le Carré's A Perfect Spy. You will thank me.)

          Fahrenheit 451 ftw, FBI!

        2. rndSheeple

          Re: Face Palm

          Well it's not like the embassies of most countries would not contain diplomatic courier delivered one time pads up the kazoo in their safes even today.

          And tbh any criminal organization could do an xor DDV-25 encryption with the "salt" being just the byte where to start from. (DDV-25 is of course debbie does vegas 25 year anniversary official dvd from which the bytes are just pulled). More secure would be copies of someones vacation dvd, or whatever self-made never published video content that is not available online or elsewhere, and cannot really be claimed to be an offense to be in possession of. Like a phone directory.

          Of course that's not *real* encryption and easy to subvert in various ways, however in the end one time pads tattooed on someones head and the hair grown back (ancient) etc cannot really be prevented. And the more serious folks are about their data, the more serious the protection. This would probably go for criminals as well I would guess.

          So this is indeed, just the usual blowing in the wind up the wrong tree.

      2. Hans 1
        Holmes

        Re: Face Palm

        They're just hoping that the average American doesn't understand so they can move ahead with getting their back door installed.

        And how are they gonna put a backdoor in FSF encryption solutions ? If they do, someone will simply fork ...

        Listen, Mr Hoover Jr, you cannot get a backdoor, sorry ... ask your NSA buddies, they have access to Intel ME et al, so access to RAM and Ethernet, they can decrypt on-the-fly ... they certainly have the bitlocker key as well, stashed away with a gazillion other data on some storage cluster ... No, you can ask as much as you want, you CANNOT get a backdoor.

    2. Steve Evans

      Re: Face Palm

      It not just you in America, we have the same in the UK.

      HM Govt continually want backdoors in encryption.

      Neither realise that:

      a) You can't just do that and keep its integrity.

      b) HTTPS to Amazon and your bank's website is also encryption, so cybercrime will explode if that's broken.

      c) The general public don't trust the Govt's ability to keep anything secret.

      d) The general public don't trust the Govt not to abuse such access.

      1. 080

        Re: Face Palm

        "The general public don't trust the Govt not to abuse such access."

        The general public don't trust any Govt.

        FTFY

      2. davidp231

        Re: Face Palm

        You forgot one...

        e) The general public don't trust the Govt.

    3. spold Silver badge
      Facepalm

      Re: Face Palm

      If you could crack whatever you wanted wouldn't you put out a load of FUD (not not as in the Scottish one missus) claiming how awful it was that you couldn't crack all these crypto phones - would give your targets a false sense of security. I'm sure the FBI has got something for its money.

    4. bombastic bob Silver badge
      Devil

      Re: Face Palm

      "Would someone please tell me why we keep putting Directors in the FBI that don't understand the most simple concept of encryption"

      A _LOT_ of people over at the FBI, CIA, etc. are OBAKA HOLDOVERS. I think THAT guy is, too.

      Now, if Jeff Sessions were making a big push for encryption back doors, I'd be a LOT more concerned. According to the EFF, from a 1 year old article, Jeff Sessions supports them. And the EFF alleges Trump does to, but I don't think that's the case - Trump doesn't speak in black/white ideas, he often voices his inner monologue and people over-react to it.

      However, we have not heard ANYTHING since then, to my knowledge, until this one FBI deputy director made some noise, prompting the article.

      Keep in mind that Trump is pro-gun and the arguments for strong encryption [protecting your bank accounts and private information] and gun ownership [protecting lives and property] are very much the SAME. Logic concludes that BOTH legal gun ownership AND legal strong encryption [without back doors] are necessary for individuals to be able to protect themselves from crime, AND from potentially oppressive governments. This is the intent of the 2nd ammendment, regardless of how anybody FEELS about it - it's about self defense against oppressive government as well as criminals.

      That being said, I don't think Sessions is going to call for encryption back doors. I think he understands the political SUICIDE of doing so. And, I doubt Trump would EVER sign such legislation, for the same reasons. We the people will, of course, keep our eyes on things, because gummints really can NOT be trusted.

      Oh, and thanks in advance for the expected downvotes, the usual penalty for stating the truth without the "pretty please with sugar on top" i.e. "no lubrication required"

  12. Milton

    Talking to the Hand

    Because that's what it feels like. Comey talked arrant shit about backdoors despite a virtually endless queue of experts, including the NSA, explaining it simply cannot be done in the way the Feds envisage. Now Wray is doing the same thing, despite being told the exact same thing by the same people. I cannot believe the FBi doesn't have a few high-end crypto people of its own, who must shake their heads in despair every time the Boss gets on its hind legs and talks the same stupid crap.

    Why do they do this? I appreciate that the math of modern encryption systems is a bit beyond the average FBI head's ability to make change, but surely to heaven they have at least enough nous to ask the experts? And having heard the unanimous answer ("No! It just cannot work, at all, ever!") they would accept the advice, and move on to battles they *can* win.

    I simply do not understand why they are so mule-headedly stubborn. It isn't just stupidity. It's something more than that. What makes a senior FBI guy—or a politician like our own hopeless imbecile Theresa May—keep saying "I want the world to be flat" despite being told again and again and again that it just. Is. Not. Possible. Why??

    1. Anonymous Coward
      Anonymous Coward

      Re: Talking to the Hand

      They do know the facts about encryption. It's just that they oppose ANY encryption in the hands of the public and always have. Unfortunately for them the public crypto thing got rolling while they were jerking off somewhere, and now that horse has left the stable forever. Sucks to be them.

    2. MrBanana

      Re: Talking to the Hand

      They know exactly what they are doing. They understand completely that a universal encryption backdoor is not acceptable. But they will keep on pushing this in public until, at some point, they will give us the options of 1) Be a good citizen, don't use encryption; 2) Use an FBI approved encryption method (with a backdoor); 3) Use any other encryption method (you're automatically a person of interest). If they make the penalties for option 3 scary enough, then the sheeple will choose 1 or 2. Their concession to device vendors who don't want to be forced into only 1 or 2, will be that when you first initialise your new shiny you will get the three options:

      1) Don't encrypt this device (not recommended)

      2) Use FBI approved secure encryption (default)

      3) Use non-approved encryption (this can lead to seizure of your device by security officials and severe criminal penalties if the encryption key is withheld)

      1. elgarak1

        Re: Talking to the Hand

        Even if true, there's some major problem with attempting to do it.

        1) As a civil control/police state measure, it's unstable. You'll need a very low number of dissenters (people who just ignore and encrypt anyway) to topple it. Some of those have legitimate interest, like journalists or business people. The latter (to protect intellectual property) will lobby hard to keep sentences less harsh.

        2) As a policing measure, you're still not better off to catch AND PROSECUTE the people you want. High level criminals just shrug it off. Mid-level, if clever, will adapt to other methods. You'll only catch the stupid and low-level street thugs, which is ineffective.

        3) As mentioned, one does NOT NEED technology to use unbreakable communication. Book cyphers and one-time pads are some methods. Using innocent, sensible phrases that mean something else entirely are others, and are already in use.

        1. bombastic bob Silver badge
          Devil

          Re: Talking to the Hand

          "Using innocent, sensible phrases that mean something else entirely"

          That's OLD SCHOOL! Key words and tricky phrases spoken over radio in the clear is one way that the French Underground communicated with the UK back in WW2 during the occupation.

          Or, from the movie 'Hackers' - "It's where I put that thing that one time" (or something like that). Like anyone but an informed insider would know what it means.

  13. a_yank_lurker

    New Donut Shop?

    There must be a new, all-you-eat, donut shop opening up and they can not miss out. Solving any crime takes a leg work, talking to people, reviewing what evidence you have, etc. Probably the most important bits of evidence from a phone are location and traffic logs. The traffic logs will give them a reason to go play 20-questions someone. But that means giving up your seat in the donut queue.

  14. Anonymous Coward
    Anonymous Coward

    Keys

    Mr Wray, when you leave your house in the morning, do you simply hang a sign on the front door saying "this is for my use only", or do you lock it?

    Thought so. Fuck off.

  15. Anonymous Coward
    Anonymous Coward

    It's not a back door

    Not sure why everyone calls is a backdoor. Its a fucking great hole.

    1. asdf

      Re: It's not a back door

      Guilty myself and you are absolutely right off course.

      1. Sir Runcible Spoon
        Headmaster

        Re: It's not a back door

        I thought he was pretty much on track myself :P

        1. asdf

          Re: It's not a back door

          Yeah proof reading what's that lol.

  16. captain_solo

    Well, its not like we have seen the cyber capabilities of the IC weaponized against an administration/party's political enemies, and the government has been so so careful and restrained in their use of things like FISA warrants and upstream collection so that Americans constitutional rights are protected, so I am sure this would work out well for the people.

    Plus, the Russians would have so much easier access to hack our elections! My math makes this a Win-Win-Win.

  17. Richard 12 Silver badge

    You can have the back door if you bet your life.

    Mr Wray, are you happy for us to permanently fit a guillotine around your neck, connected to the Internet and only secured by this broken encryption scheme?

    If the answer is yes, then ok. But you'll be dead in a week.

    1. MachDiamond Silver badge

      Re: You can have the back door if you bet your life.

      "Mr Wray, are you happy for us to permanently fit a guillotine around your neck,"

      I would prefer that they fit one of those exploding collars from "The Running Man".

  18. Kabukiwookie
    Coat

    This is very fast going the wrong Wray.

    I'll get my coat.

    1. Sir Runcible Spoon
      Black Helicopters

      And where exactly do you think YOU'RE going sonny-jim?

  19. DCFusor
    Mushroom

    Public safety issue

    To copy someone I modded up on slashdot -

    A generous reading would agree that good encryption IS a public safety issue - we're all safer as a result of having it without backdoors for anyone, including thieves in blue, who are known to lose keys and abuse every power given them as well as some they weren't given - repeatedly and since their very beginnings.

    They lost our faith deservedly and should have to earn it back.

    If they protected us at all, much less against those others we'd use encryption to be safe from, maybe we'd consider it. But as they remain one of the main threats to our safety and welfare, while taking our money in both taxes and civil asset forfeiture, I do't think we should give them any faith at all.

    This feels like a water torture attack (um, yet another abuse they're guilty of). If we just give in, they'll shut up about it (they say) - like a spoiled child - and like that child, will just figure out something else to whine about anyway.

    Did they notice that if they get backdoors to encryption, that online finance (including bank to bank) will not work anymore, and we'll step WAY back? Oh, in that case my understanding is that they have complete compromise of the plaintext via intimidation and things like FATCA already.

  20. Dinsdale247

    I still don't buy it

    I'm telling you, this is a ruse.

    Why would the FBI stand there and publicly tell everyone that wants to do something bad to use an iPhone and lock it with your finger print because "we can't get you"?

    The gullibility is shocking.

    1. oral_suspension

      Re: I still don't buy it

      My guess as to the purposes of such a ruse:

      It absolves the FBI of responsibility for various bad and scary things; some specific, some artfully vague - terrorist attacks, organised crime, cybercrime, etc.

      It stokes the fear of these bad things and justifies current (and future) surveillance programmes and whatever other increased powers they think they may be able to get (suspension of habeas corpus, detention without trial, etc, etc, i.e. whatever is coming in the next national security bill).

      It can be used as a distraction from things which they would rather the public does not notice.

      And, as they will never get the proposed backdoor and crypto is not going away, they can use this little ruse at any time for the foreseeable future.

    2. Dinsdale247

      Re: I still don't buy it

      https://www.theregister.co.uk/2018/02/08/apple_iboot_source_code_leaked/

      The gullibility is *shocking*.

  21. Sureo

    When I fly somewhere I like to put a lock on my suitcase. The lock must be TSA approved, which means they (and almost anyone else) can open it. Consequently it makes no sense to put anything of value in there.

    This is what the FBI wants with your device. If it comes to pass, people will adapt, which means not keeping anything private on the device, and finding another way to do things. My device has a password, but there is nothing in there to protect, I just do it to make life harder for the crooks (and whoever) if it is stolen.

    I hate what they're doing to citizen's rights in the name of terrorism, but the horses are all gone now and most people don't care.

    1. JohnFen

      "If it comes to pass, people will adapt, which means not keeping anything private on the device"

      They will adapt, but they're more likely to adapt by installing crypto the wasn't supplied by the manufacturer of the phone. Strong crypto is readily available everywhere, for every platform. You can't put that genie back in the bottle.

    2. Remy Redert

      Locks on your luggage do not need to be TSA approved. If the TSA decides to open your bag and it doesn't have a TSA lock on it, they will cut the lock open.

      Meanwhile in Europe, there is no equivalent because opening someone's luggage without them present is illegal in almost all cases. So you get the passenger connected to the bag, inform them that their bag is being inspected and would you open it please so we don't have to destroy the lock?

      Make sure your travel gear is at the very least tamper evident. Good locks, no zippers so that any attempt to open the bag and put something in it will leave clear evidence for you to point to, should customs intercept your bag before you get it and take it to customs yourself because it's been tampered with.

      1. Anonymous Coward
        Anonymous Coward

        I put a cable tie on my hold luggage with a pair of nail cutters (so I can open it) in an externally accessible pocket.

        Stops light fingered baggage handler from taking a dip, plus makes it very obvious when I collect my luggage if someone has been inside, and that I should check then and there if anything is missing.

        Replacement cable tie for the return journey is kept in my hand luggage or coat pocket.

  22. Anonymous Coward
    Anonymous Coward

    Let's say this was possible, and a law was passed

    Then Apple and Google modify iOS and Android to include the new FBI backdoor. None of those Chinese Android phones use Google's version, they wouldn't include the FBI backdoor. Guess which phones will be preferred by terrorists the world over?

    What would be next, make it illegal to use a phone that doesn't have the backdoor (making criminals of everyone with an older Android that isn't updated to a newer version that includes the backdoor) Suicide bombers are well known for being afraid of committing major crimes like using the wrong phone.

    This is a battle that not only should the FBI not fight, but one they can't win even if they get everything they want.

  23. vir

    Watching Too Much TV

    This is what happens when people watch too many shows like Silicon Valley. Up against a seemingly impossible task, some malnourished programmer in a Palo Alto basement gets a convenient flash of insight and what do you know: with just a little ingenuity and some off-the-wall thinking, now the impossible is easy! This Wray character is already designing the front of the box.

  24. Curtis
    Black Helicopters

    The same FBI

    You mean the same FBI that has interfered in the smooth transition of power and a select few have decided they know better than the American Electorate? Why wouldn't we trust them with a universal back door. It's not like they've abused their power and wiretapped candidates and elected officials just because they didn't like them.

    Oh.

  25. twelsh37

    Missing the point ....

    Your all missing the point. Hes saying he can't solve 8,000 plus crimes until he has a back door. When he has his back door and he still cant solve the crimes then he'll change to something else. It really is just a crock of shit

  26. Nick Kew

    Move along, nothing to see

    If this were anything more than the usual ineffectual nonsense, then one might be very glad that Trump hates the FBI.

  27. Christoph
    Facepalm

    Whose law enforcement?

    "backdoors in encryption exclusively for law enforcement."

    Will this be securely held within US law enforcement? So every other country in the world will be expected to let the US read all their private data at whim?

    Or will it be shared with law enforcement in other countries - so that they can then read US private data?

    Or shared only with the Five Eyes countries, assuming that they won't read US data (ha!) - but that still expects other countries to let the US read all their data.

    Or do they seriously expect that they can make all US citizens (including criminals) use their broken encryption while the rest of the world uses secure encryption that the US can't break? But change to broken encryption when they travel to the US?

    1. Remy Redert

      Re: Whose law enforcement?

      There's also the possibility that other countries will mandate phones sold in their territories not include backdoors because of security concerns, which would create the opposite of the old problem where high grade crypto was considered munitions grade and export of it was tightly restricted.

      Instead, high grade crypto will remain the norm in the rest of the world while US crypto is crippled.

      1. MachDiamond Silver badge

        Re: Whose law enforcement?

        "Instead, high grade crypto will remain the norm in the rest of the world while US crypto is crippled."

        Nope. The US trade delegation will require adopting the US policy of backdoors or products from that country will not be allowed to be shipped to the US. Foreign banks have to disclose any accounts held by US persons (a much more vague term) to be reported to the Internal Revenue Service or that bank is excluded from accessing US banking systems and cannot exchange US currency. That's lead to countries making it a universal policy since small banks might just find that catering to US depositors, that don't want the IRS to know about some money, might be a good business move.

        Russia could just tell the US to go and get rooted, but China would be in a tough position.

    2. Teiwaz

      Re: Whose law enforcement?

      Or shared only with the Five Eyes countries, assuming that they won't read US data (ha!) - but that still expects other countries to let the US read all their data.

      Until it comes to the UK, then it's all 'yes, beggin' your pardon, Sir, I'll bend over more and spread 'im guv'nor. Can I have scraps from the table again, please SIr?'

  28. Anonymous Coward
    Anonymous Coward

    can't they just use spectre or meltdown?

    1. Flocke Kroes Silver badge

      No need

      This problem was solved in 1993. The other solution is to stop nicking peoples' phones.

  29. gc73

    Legal channels

    They’ll have thought of asking the manufacturers to provide the data from the handsets already? No? Just fishing then?

    1. Spanners Silver badge
      Black Helicopters

      Re: Legal channels

      They certainly asked Apple who told them to get stuffed - in legalese of course.

  30. Skeptically

    What's the difference. I bury the proceeds of a crime 20 miles from nowhere.Why should I explain the pirate map ? Its called the right to silence..

    1. MachDiamond Silver badge

      "Its called the right to silence.."

      They've made that a crime.

  31. unwarranted triumphalism

    Plenty of terrorists benefiting from this handicapping of the security services.

    1. Anonymous Coward
      Anonymous Coward

      If the owners of those security services spent less effort on bombing the hells bells out of countries they want to control or take their resources then there would be little terrorism to worry about.

      1. unwarranted triumphalism

        Of course, in the imagination of Anonymous Coward, those poor people in Al-Qaeda are the real victims.

        1. Sir Runcible Spoon
          Facepalm

          Of course, in the imagination of Anonymous Coward, those poor people in Al-Qaeda are the real victims.

          Are you really that hard of reading? I very much doubt anyone believes 'Al-Qaeda' are innocent victims, the bombing of innocent victims does lead to support of terrorist organisations that are planning attacks on the people who made those victims.

          Action - reaction - geddit?

    2. HieronymusBloggs

      "Plenty of terrorists benefiting from this handicapping of the security services."

      Why is anyone bothering to downvote an obvious AI troll bot?

  32. onebignerd

    Yeah, I'm sure law enforcement would never abuse such a back door for parallel prosecution or to circumvent a warrant. *eye roll* Our Government and law enforcement already have too much power that rages unchecked, despite the promise of usually nonexistent oversight.

    Just recently they published secret NSA programs, one of which specifically targeted Americans. http://www.zdnet.com/article/ragtime-program-appear-in-nsa-leaked-files/ Where is the oversight? Congress, so really no oversight.

  33. Anonymous Coward
    Anonymous Coward

    The least they could do for the Feebies

    is offer their thoughts and prayers during this difficult time. But it's not the right time to talk about decryption.

  34. JJKing
    WTF?

    The icon says it all.

    Orwell lived in a time closer to the nazi and communist regimes and saw freedom fighters instead of terrorists

    So Animal Farm was a thrilling story about praising "freedom fighters"?

    1. Sierpinski

      Re: The icon says it all.

      Of course "freedom fighters" follows the same construction as "fire fighters".

      1. Anonymous Coward
        Anonymous Coward

        fire fighters

        Fahrenheit 451 ?

        1. Teiwaz

          Re: fire fighters

          Fahrenheit 451

          So if Fire Fighters can Fight Fire or Fight <u>with</u> Flame Thrower, are Freedom Fighters fighting Freedom or fighting <u>with</u> Freedom.

          <u>with</u> is an ambiguous construct at best, if you see any monkeys, I can probably either yell defiance or tell them where the best fruit is....

  35. Barry Rueger

    Netscape Days

    This reminds of the early days of the Internet when the US government decreed that a browser with a certain level of encryption could not be "exported" outside of the US borders.

    I imagine this will be equally successful.

    1. Nick Kew

      Re: Netscape Days

      That was nothing to do with browsers, it was encryption in general, and the idiocy went right back to the origins of modern encryption in the 1980s. Netscape only hit the tail end of that era, in which most cryptographic advances avoided the US for obvious reasons.

      That is, most, but not all. And it seems the #1 hero of the resistance back then has fled his country more recently (damn, where was El Reg when that story broke)?

      I think the US still has one thing going for it: people who really care about privacy and are prepared to get off their backsides and do something about it, and a court process that gets so bogged down that all sides reach a settlement. Like DJB last time around.

      Perhaps this story is an echo for our times of Zimmermann's original release of PGP?

  36. KiwiBloke
    Facepalm

    There was a typo in the article....

    Your wrote: "What Wray wants is a secure form of encryption that contains a flaw that only law enforcement can find and exploit. Trouble is, scumbags will no doubt find and leverage it, too".

    You missed out the word "other".

    Should have written "...Trouble is, OTHER scumbags will no doubt..."

  37. Crisp

    If he can come up with a way of doing it safely and securely

    Then I will quite happily implement it for him as long as I get half of the nobel prize.

  38. adam payne

    "Being unable to access those devices is a major public safety issue and impacts our investigations across the board," he said. "This problem will require a thoughtful and sensible approach. We have people devoted to working with stakeholders to find a way forward. We need the private sector’s help."

    It's a major public safety issue that you can't snoop on millions of people around the world you mean.

    Why would anyone trust any government organisation or for that matter any organisation to have a back door into their devices and not abuse the power.

    1. Jamie Jones Silver badge

      Even if I could be 100% sure they'd never abuse that power, they can still fuck off. They don't own me; they have no right to have that ability unless there is proper evidence of criminal activity.

  39. Potemkine! Silver badge

    No kidding

    Everybody knows the NSA has the tools and means to decrypt these phones. WTF, they should even already have everything stored in these phones somewhere in their databases.

  40. Anonymous Coward
    Big Brother

    We are unable to access the minds of our citizens...

    So we have ruled that mind reading and brain implants must be developed by science. If they do not within 3 months, everyone is going to prison.

  41. Teiwaz

    Bottom Inspection

    F.B.I - more like O.B.I. 'cause they want to check everyones privates for skid marks.

  42. Christian Berger

    And yet...

    ...actual mobile device security is so bad that, given some effort, you could probably break it.

    I mean look at areas where manufacturers actually care about "security": Games Consoles. Despite those using sophisticated measures to prevent you from using them yourself, they regularly get broken.

    Just look at any of the papers or talks about console hacking:

    https://media.ccc.de/search/?q=console+hacking

    There is little reason to believe that smartphones have better "security".

  43. Russell Chapman Esq.

    They already have/had a backdoor

    If Meltdown and Spectre are not designed in backdoors, then I don't know what it is. These are just the 2 we know about. How many others could there be? They are only asking for weakened encryption because they don't want people to figure out how they really get inside a system.

  44. mark l 2 Silver badge

    And what happens when a country not covered by a US mandated backdoor release their own encryption? Then the FBI are back to not being able to crack the phones. And what are they going to do, ask China or Russia nicely to add a backdoor for them?

    1. Shaha Alam

      I'm pretty sure China and Russia already have backdoors (as do phones manufactured in the US).

      they just have a different set of backdoors.

  45. Kaltern

    I'm just waiting for Trump to be 'persuaded' to pass a bill saying 'Only Nationally Approved encryption may be used on all civilian electronic devices. Ameri-lock® will be the standard encryption system in the US to be used on all smartphone - and other lockable devices capable of storing data. Other forms of encryption are now deemed illegal, and will result in harsh penalties to users and hardware developers if found using them.

  46. Blotto Silver badge
    Facepalm

    Already too late for those 8k phones

    i have to enter a passcode to update my phone while retaining the data. Even if Wray gets his backdoor, it won't help him unlock those devices.

    That ship has sailed!!!!

    Wray probably wants an FBI encryption mode where the central key is rotated every few months, or every device has a unique key registered with the FBI, obviously requiring periodic check in so the FBI know where the device is.

  47. dave 81

    Tony bLair

    Are we forgetting that TB made sure us in the UK cannot have privacy? We have to give up our encryption keys to the authorities if they ask, and we can just about have a lawyer with us if we demand and demand and demand it. It's all very well criticizing the FBI, but the UK is already there. We have no rights, we are merely cogs in the machine to keep those in power in power.

    1. Sir Runcible Spoon

      Re: Tony bLair

      You are quite correct in that here in the UK we are Royally screwed.

      However, since we lack the means to challenge things there, we can all do our bit to support our US colleagues who at least have a few bricks left in their wall to defend in the hope that it will trickle down to us poor sods.

  48. naive

    wait a moment

    Everyone is quick to point at abuses and indiscriminate data collection such as they were implemented in programs like PRISM.

    But lets try to draw an analogy from the data that can not be recovered by a law enforcement officer, which is needed to build a case against a criminal, and the physical world we live in. Suppose we get invaded by predator like creatures from space, who can make them selves invisible to us like predator from the Schwarzenegger movie.

    If they would use this to break into houses and steal things, we all would look at law enforcement to solve this. Now somebody harmed us, important data to prove his guilt is encrypted on a digital device. Without the technology to recover data, criminals thus remain invisible like predator, remaining unpunished.

    In a safe world, there is a trade off between privacy and ability to recover digital tracks by law enforcement.

    1. John H Woods Silver badge

      Re: wait a moment

      "In a safe world, there is a trade off between privacy and ability to recover digital tracks by law enforcement." -- naive

      No trade off is possible. That is what anyone with a clue keeps trying to explain: the only settings are "effectively broken crypto" and "satisfactory crypto." These are binary states - there is no spectrum between the two where you can decide where to place your "trade off" --- you can only choose one or the other.

    2. Anonymous Coward
      Anonymous Coward

      Re: wait a moment

      In total agreement with you ,

      Technically. Unfortunately giving the said FBI / NSA / CIA / Police A backdoor key to access everything int he bad guys phone / computer / anything digital , at some point it WILL be stolen , even TOP SECRET information gets stolen , you think a MASTER GOLDEN KEY will not be high on the list of things to steal , people will KILL to get one no price will be to high , as it will give anyone with it, ABSOLUTE POWER , Including the asshole that broke into your home stole things from you abused your wife and kids. Only now he wont have to break into your home to do it he will be able to do it from anywhere in the world with a myriad of devices.

      If you don't believe me , look at wikileaks , the fappening ,level 7 leaks (NSA hacking tools), hell just look on pastbin.com you will find tons of leaked stuff , just put leak 2017 as a search term you will find tons of stuff , It is happening on a daily basis people find ways to steal what was thought was highly secure data ,

      and this was without a all master key , this was just human error . Even facebook had a stupid idea of how to stop Revenge porn , their Idea ? send them your personal pictures so they can have a look and then scan for them online in facebook , because nobody at facebook will go bad will they, a huge stash of everyones personal pictures , how long will it be before some miscreant steals the entire lot then ransoms them against release of said pictures ? Facebook / FBI will be so sorry for the breach and will summerly drop whoever allowed it to happen , but the damage will be done , I can't image the NSA or CIA will even say sorry but hey .

    3. Mike Groombridge

      Re: wait a moment

      you analogy is a little faulty

      lets take the 3 aspects your talking about

      1. law enforcement

      2. the people

      3. the aliens

      1. law enforcement - you assuming your invisible aliens aren't in the room temptering with the equipment doing the decrypt and changing the results and that all involved are honest and truth worthy.

      2. the people - if the good honest citizens had information that would help would surely provide there decryption keys and provide that information. that none have decided to throw there lot in with the aliens,

      3. the aliens if the encrypted data is on the aliens encrypt device they aren't going to provide the details to get that information you would have to steal it (oh no stealing is bad) or rely on an alien throwing his lot in with the humans

      lets go back to reality we still have law enforcement the people and but instead of aliens we have negative actors (a catch all for terrorist, crims ,and other bad people) problem is that negative actors are a subset of the people not an external force as with the alien example.

      1. law enforcement - encrypted phones can have information that's vital to stopping negative actors.

      2. the people - ok i'll willingly decrypt my phone for you

      3. negative actors - er no i'll use those this different encryption software that you can't decrypt.

      again still no useful information is gained from the majority sharing there data

      now again you have to assume that all of 1. are good and above rebuke and can secure there own systems, and that they don't have any of 3. inside that system. and that all of 2. trust 1. to always act in there best interest

  49. Anonymous Coward
    Anonymous Coward

    As Lenny Bruce said

    Take away the right to say "fuck" and you take away the right to say "fuck the government."

  50. Anonymous Coward
    Childcatcher

    FUD

    Still no FBI action on crooked Hillary.

  51. Anonymous Coward
    Anonymous Coward

    Hand terminals?

    As encryption is now a public technology and managed to escape to the world mostly during the 90's (thanks Mr Zimmerman) the only way they could get around this is to centralise the data.

    They (FBI etc) would need us all to move away from devices that have significant local storage, instead relying on centralised storage (even centralised processing power) which could be cloud based or another network service. Then the comms to these handsets would still be as secure, but there will be some kind of escrow on keys used to protect the data where it actually is stored (the cloud service).

    This would essentially be like a Chromebook phone. Or even better (and what I'm really thinking of) the Hand Terminals as used by the characters in The Expanse: https://www.forbes.com/sites/kevinmurnane/2017/03/08/science-and-tech-in-syfys-the-expanse-it-may-look-like-a-cell-phone-but-its-a-hand-terminal/#5284f52d752d

    That is the only way I can see anyone getting around this. We encrypt the data on our devices because each device that stores it is vulnerable to attack or theft. If the data however was not on the device at all then you wouldnt care about decrypting it. You just need to go to the service provider.

    The downside is that the data is now a BIG target on the internet and cracking open that golden egg lets anyone get to all the gooey goodness inside.

    The Hand Terminals in the Expanse excite me as they are likley cheap throwaway devices that let you connect to any local network with your own cusomised view of that network and its functions.

    But thanks to Snowden proving my suspisions, I like many will prefer to lock my data up on an expensive power hungry non-throway physically vulnerable device. The 3 leter agencies had their free ride and abused it.

    But what about in 25 years time? Or 40? Will the generations that follow be drawn to amazing and cheap hand terminals that seem to just work? Will they look back at our smartphones, laughing at how they had gigabytes of flash memory to store data locally just like many laugh at floppy discs today?

    Btw I love floppy discs and are annoyed by people laughing at cool retro tech ;-)

    1. Sir Runcible Spoon

      Re: Hand terminals?

      If there is one thing I have learnt in the 20 years I've been working on security is that you don't challenge hackers to 'come get me if you can'. No matter how secure you think you are, there are always ways through.

      Digital rats always find a way (SSR fanboi)

    2. MachDiamond Silver badge

      Re: Hand terminals?

      The better tactic is to not use a public cloud storage provider and instead set up your own storage system somewhere that adds yet another layer of encryption. If The Man® catches on and raids your home to steal your computer, they may not figure out that the data is on an NAS stuffed up in the attic or another hard to find cavity so you are protected by ignorance. They don't know that they have to look for that NAS and are left thinking that what they want is on the desktop they grabbed. Be really clever and build the NAS next to the compressor in the fridge. There won't be any tell-tale connections to the mains that don't make sense and if you have one of the new internet connected fridges, the dog won't bark about a wi-fi connection coming from there. Just name your NAS as the make and model of the fridge and disable the wi-fi on the fridge itself and the touch screen so it just appears to be busted.

      Be creative. Law enforcement has a hard time hiring clever people with tech backgrounds since they can't pay what the private sector can for good people.

  52. Anonymous Coward
    Anonymous Coward

    russia managed to steal the US election by planting their [feckless, idiotic manchild] agent into the election cycle and subsequently win. this is despite the seemingly endless chain of bumbling clowns that pridefully boasted the info to all and sundry, well before the election.

    if the FBI couldn't do anything about that, wtf do they need to break encryption for?

    it seems the problem isn't the tech. or indeed the absence of useful data. its the political will to engage with the existing tech, using the existing policy framework and with the existing data-sets.

    never give-in to the data fetishist. they'll always claim the problem is absence of data. when in reality, they simply want more control. for themselves.

  53. wgbloom@yahoo.com

    Not being able to get into 8,000 devices is sometimes a good thing. Society has had its secrets for thousands of years and society is not about to give up everything to a snooping government who only wants to play pocket pool with your money. John Birchers (also known at alt right wingers), beware! The further right you go the further left you are in the end.

  54. Brian Allan 1

    What a laugh! "backdoors in encryption exclusively for law enforcement" essentially gives law enforcement and criminals access. Not the best of ideas! The FBI would soon be complaining people have access to information on their devices and want the backdoors closed!!

    1. MachDiamond Silver badge

      "The FBI would soon be complaining people have access to information on their devices and want the backdoors closed!!"

      I'm sure that there will be non-backdoor versions of equipment that are for government sales only. The laugher will be when somebody needs to replace a bad piece of kit and gets a commercial model from the local computer supply store and roots the entire FBI or NSA.

  55. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like