Fwd: [Cryptography] FBI: Weaker Encryption Is a Worthwhile Tradeoff for Law Enforcement Access to Data

grarpamp grarpamp at gmail.com
Thu Sep 17 16:40:27 PDT 2015

---------- Forwarded message ----------
From: Henry Baker <hbaker1 at pipeline.com>
Date: Thu, Sep 17, 2015 at 1:15 PM
Subject: [Cryptography] FBI: Weaker Encryption Is a Worthwhile
Tradeoff for Law Enforcement Access to Data
To: cryptography at metzdowd.com

FYI -- Easy for the FBI to say; they're not on the hook for
potentially billions in damages from any breach.  (Leaving aside the
egregious Constitutional violations.)


FBI: Weaker Encryption Is a Worthwhile Tradeoff for Law Enforcement
Access to Data

Government officials sparred with privacy advocates over encryption,
but acknowledged that “back doors” come with risks of intrusion.

Kaveh Waddell @kavehewaddell

September 15, 2015

The Justice Department and the FBI are continuing their campaign to
convince the tech community and the public that weakening encryption
to allow law enforcement to access encrypted communications and data
has its risks, but that the drawbacks are outweighed by the security

Amy Hess, the executive assistant director of FBI’s science and
technology branch, said at a Christian Science Monitor discussion that
allowing access to encrypted messages to anyone other than the sender
or the receiver comes with “some risk” of intrusion.  But because law
enforcement must be able to read encrypted data and communication to
do its job, the risk of third-party access is acceptable, Hess said,
as long as it is minimized.

The Justice Department—-and especially the FBI—-has clashed with the
technology community over the agency’s demands that online platforms
stay away from encryption practices that keep data private even from
the platforms themselves.  If the communications service cannot access
the data sent across its servers, it cannot turn the data over to law

Law enforcement has called on tech companies to take the lead in
developing an encryption standard that is both secure and accessible
to authorities upon request.  Last week, FBI Director James Comey said
technology experts just need to “try harder” to find a solution.

But experts maintain that such a standard is impossible to achieve,
because any third-party key for unlocking encrypted data—-even if
reserved for extreme circumstances—-will be vulnerable to hackers.

A company that builds vulnerabilities into its encryption becomes an
attractive target of attack to foreign governments, criminal hackers,
and “drooling teenagers in basements,” said Matt Blaze, a noted
cryptography expert and professor at the University of Pennsylvania.

Because companies are increasingly turning to stronger encryption, the
FBI is running out of tools to fight crime, Hess said Tuesday.  A
request for a wiretap—-one of the most powerful surveillance tools
available to the FBI—-is a long and complicated process that requires
an agent to supply an extensive affidavit stating that every
less-intrusive method of surveillance had already been considered or
applied, according to Kiran Raj, Senior Counsel to the Deputy Attorney

But Hess said FBI agents will not apply for wiretaps if they think a
suspect is using encrypted communication, because they are not willing
to expend the time and cost of crafting the request if the odds of its
success are slim.

The FBI’s claim was largely met with a shrug from privacy advocates.

“A warrant is not a right that the government has to get data,” said
Jon Callas, CEO of Silent Circle, a company that builds encrypted
communications platforms.  “It is a right to perform a search, to
attempt to get the data, and there may be a lot of reasons why it
can’t get to it.”

But even as privacy advocates clashed with law enforcement officials
onstage over the form encryption should take in the tech community,
the groups said they both have the same objective—security—in mind.

“The polarization of this debate is really harmful,” Blaze said.  “I
think that in terms of the end goals, there’s a lot more common ground
here than maybe the debate lets on.”

The cryptography mailing list
cryptography at metzdowd.com

More information about the cypherpunks mailing list