FBI Backs Away from the Backdoor and Asks for Private Sector Co-op

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,535
The FBI and access to your encrypted devices have been in the news a lot over the last year (here, here, and here are just a few examples). Even last week stories of the FBI using Geek Squad employees as confidential informants surfaced. The common thread, and biggest point of disgust with the public, has been the FBI angling for backdoors to devices, which as we all know will simply compromise device security in a big way. The FBI is now backing away from that position, which is likely a good tactic as chances of that happening look to be slim to none. While it is still a tad bit unclear, it seems that the FBI is asking for encryption keys be provided with proper warranting, rather than backdoor access to every phone on the planet. The FBI does note a working structure in place with Symphony for access, however that same scenario is not going to happen with many companies.

Let me be clear: The FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don’t undermine the lawful tools we need to keep the American people safe.

A responsible solution will incorporate the best of two great American traditions—the rule of law and innovation. But for this to work, the private sector needs to recognize that it’s part of the solution. Again, I’m open to all kinds of ideas. But I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it’s utterly beyond reach to protect innocent citizens. I also can’t accept that anyone out there reasonably thinks the state of play as it exists now—much less the direction it’s going—is acceptable.
 
This would make the most sense ... similar to an IT staff member using a key to unlock or reimage a phone. You dont need all the keys to solve all the worlds crimes when you have a backlog of 1000 crimes you need to get to.
 
Dear FBI, it's too late. The encryption cat is out of the bag and you can't get it back in. You're going have to fall back on standard old style police work to get your job done. There are no shortcuts, no easy path.
 
When the Federal, State and Local Governments can be trusted to stop violating the constitution and due process; sure Ill relinquish encryption keys. Right after I hand over all my firearms, peacefully of course.
 
I wonder if there is actually backdoor access to common encryption schemes on the pc like bitlocker.
 
I wonder if there is actually backdoor access to common encryption schemes on the pc like bitlocker.

I don't trust Microsoft so I don't trust bitlocker. I'd be using something like Veracrypt (I do) to protect my private data.
 
I don't trust Microsoft so I don't trust bitlocker. I'd be using something like Veracrypt (I do) to protect my private data.

Thanks for the great program, though the only sensitive information I have is related to bitcoin - so I'm not too worried about the FBI, especially being in Canada. I missed Trucrypt, glad to see it's alive, and compilable for ARM.
 
The Bank/DFS/Symphony agreement worked because banks are used to being regulated and failure to come to an agreement would have likely meant that certain regulatory paperwork would have been put on the slow track for any of the 4 banks that didn't go along.

I wonder if there is actually backdoor access to common encryption schemes on the pc like bitlocker.

Even if Microsoft didn't include a deliberate backdoor, the long lead time between something being proposed for inclusion in Windows and it being deployed makes it fairly likely that by the time it gets to the consumer, ways to crack it have be found or will be shortly.
 
Being tonedeaf and realizing the public isn’t buying your bullshit anymore, priceless.


They were saying this exact same thing back in 2015. Industry wouldn't play ball. Then they started talking like they would force Industry to play, that didn't do anything but make Industry even more resistant, then the courts tried to just ignore the word encryption and demand the product, I'm still having a hard time finding out how that case went.

But the real point is that this isn't a change in attitude, it's just a return to what they have asked for in the past and not received, the cooperation of industry to help find a way to leverage the security of encryption and other technologies while maintaining a method for responding to valid court orders and warrants.

Maybe tech companies can climb down off their moral high horse long enough to realize that this must happen. Maybe enough things have happened in the recent past that have made this apparent to them.

I agree with the FBI Stance from 2015 and the one now in this article. First off, I refuse to believe that it's not possible, second, I know government won't let the current situation stand, and third, I know it's not possible without industry help because I know I don't want a government developed solution.

If left alone, the Government will fuck it up for sure and shove it down our throats.
 
once American ITs open up their personal-level programs to backdoors, independents are waiting in line to fill the gap . (corporate level programs are all logged anyways, in one form or another)
 
once American ITs open up their personal-level programs to backdoors, independents are waiting in line to fill the gap . (corporate level programs are all logged anyways, in one form or another)

I see this as part of the same old problem, one word that creates and drives an entire attitude, "backdoors".

Why is it that some people can not conceive of a solution that is not a backdoor?

I see people sit on this mantra and claim that encryption works because it's math so it can't be changed because it's math. Encryption didn't come into being because it's math, it came into being because it was a solution to a problem and it's based on math. What is needed is a new solution, it can still use encryption, it can still be secure and it can allow access to the data when it's needed, and I am not one of those people that believes this is a problem that can't be solved.

It's not a backdoor.

And if you just don't want this solution then fine, really, I don't expect the entire world to agree with me. But it does push my buttons when people can't just say that and instead they stick their fingers in their ears and say "backddors backdoors backdoors" like a child going "na na na na na".

Now if I got you wrong please, just let me know, I'm not above offering a well deserved apology.
 
I see this as part of the same old problem, one word that creates and drives an entire attitude, "backdoors".

Why is it that some people can not conceive of a solution that is not a backdoor?

I see people sit on this mantra and claim that encryption works because it's math so it can't be changed because it's math. Encryption didn't come into being because it's math, it came into being because it was a solution to a problem and it's based on math. What is needed is a new solution, it can still use encryption, it can still be secure and it can allow access to the data when it's needed, and I am not one of those people that believes this is a problem that can't be solved.

It's not a backdoor.

And if you just don't want this solution then fine, really, I don't expect the entire world to agree with me. But it does push my buttons when people can't just say that and instead they stick their fingers in their ears and say "backddors backdoors backdoors" like a child going "na na na na na".

Now if I got you wrong please, just let me know, I'm not above offering a well deserved apology.

a deliberately flawed algorithm that leaves room for recoverability without explicit consent is a backdoor in other words
 
a deliberately flawed algorithm that leaves room for recoverability without explicit consent is a backdoor in other words


Wow, again, someone who thinks that full disk encryption means the data remains fully encrypted at all times.

Guys try to keep up. Apps generally do not process data in an encrypted state. As apps access encrypted files they are frequently unencrypted for processing and if modified, encrypted again at the end of use.

Some apps do process data in an encrypted state, but they do it by first, decrypting the file being processed, then encrypting it again as part of the process so that as it is manipulating the file it is held in RAM using the application's keys, when it's done, the file is returned to the OS and encrypted again under the user's keys. This is data encrypted in-process. A few rare systems actually can process the data in it's natively encrypted state.

So in short, there are ways to engineer reasonably secure methods for both safeguarding our data and being able to comply with court orders for data, insisting otherwise is just not even smart and only shows what you don't know about the subject.

What, do you think these people are just so completely clueless that they keep asking industry to do the impossible?

Wrong ..... They are not asking the impossible, they are only asking for a solution, not a backdoor, not stupidity, and not stubborn refusal.

And if they don't get it then they will force it on us. I don't understand why you guys do not get the alternative. Is it that you think that the government can't force it on business?

They don't want to but these Industry Leaders aren't giving the government a lot of room to move over this.
 
so the same alphabet agency whose agents posed for pictures, smiling, in the rubble of waco hours after burning women & children alive, wants an encryption key if they ask politely? sounds perfectly reasonable.

but seriously, lets just acquiesce about this whole privacy vs govt strongarm issue, guys. its not like theyre supposed to work towards our interests, employed by our tax dollars...
 
That's always something anyone that worked at AT&T was pissed about, bc other providers would have datacenter monkeys pull after they'd exhausted arguing a warrant.
AT&T would just hand data over without a being served warrant.

Amazing how many IT guys are the sons of cops, Feds, lawyers for the State or Fed.

It rubs us wrong, we kinda absorb how things work as kids and a lot of things offend our sensibilities.
 
So they aren't asking for a 'back door' they are asking for a copy of our encryption key from the manufacturer by request (with a warrant).....

So now we are expected to let the manufacturer have a copy of our private encryption key, hope they are storing it securely and don't get hacked, and trust they are only going to hand it over when requested via a warrant? I'm sure they'll promise to let us know when that happens too, just like the other requests they get for data on users......

Sorry, that's going to be a hard no for me. I don't trust companies to store my keys securely with the large number of leaks. I also don't trust that this will be transparent following due process.....
 
Dear FBI, it's too late. The encryption cat is out of the bag and you can't get it back in. You're going have to fall back on standard old style police work to get your job done. There are no shortcuts, no easy path.


Well then ... shit ......we'll just have to go back to the old fashioned way


images?q=tbn:ANd9GcSDyk4hV4vxKjAjwwaC1afaX8UrD0rT-aOBjN0jyVSu3mATlRfJ.jpg
 

Attachments

  • ToolsLorez.jpg
    ToolsLorez.jpg
    351.7 KB · Views: 6
Back
Top