Fwd: [Cryptography] FBI: Weaker Encryption Is a Worthwhile Tradeoff for Law Enforcement Access to Data
grarpamp
grarpamp at gmail.com
Thu Sep 17 16:40:27 PDT 2015
---------- Forwarded message ----------
From: Henry Baker <hbaker1 at pipeline.com>
Date: Thu, Sep 17, 2015 at 1:15 PM
Subject: [Cryptography] FBI: Weaker Encryption Is a Worthwhile
Tradeoff for Law Enforcement Access to Data
To: cryptography at metzdowd.com
FYI -- Easy for the FBI to say; they're not on the hook for
potentially billions in damages from any breach. (Leaving aside the
egregious Constitutional violations.)
http://www.nationaljournal.com/s/72407/fbi-weaker-encryption-is-worthwhile-tradeoff-law-enforcement-access-data
FBI: Weaker Encryption Is a Worthwhile Tradeoff for Law Enforcement
Access to Data
Government officials sparred with privacy advocates over encryption,
but acknowledged that “back doors” come with risks of intrusion.
Kaveh Waddell @kavehewaddell
September 15, 2015
The Justice Department and the FBI are continuing their campaign to
convince the tech community and the public that weakening encryption
to allow law enforcement to access encrypted communications and data
has its risks, but that the drawbacks are outweighed by the security
advantages.
Amy Hess, the executive assistant director of FBI’s science and
technology branch, said at a Christian Science Monitor discussion that
allowing access to encrypted messages to anyone other than the sender
or the receiver comes with “some risk” of intrusion. But because law
enforcement must be able to read encrypted data and communication to
do its job, the risk of third-party access is acceptable, Hess said,
as long as it is minimized.
The Justice Department—-and especially the FBI—-has clashed with the
technology community over the agency’s demands that online platforms
stay away from encryption practices that keep data private even from
the platforms themselves. If the communications service cannot access
the data sent across its servers, it cannot turn the data over to law
enforcement.
Law enforcement has called on tech companies to take the lead in
developing an encryption standard that is both secure and accessible
to authorities upon request. Last week, FBI Director James Comey said
technology experts just need to “try harder” to find a solution.
But experts maintain that such a standard is impossible to achieve,
because any third-party key for unlocking encrypted data—-even if
reserved for extreme circumstances—-will be vulnerable to hackers.
A company that builds vulnerabilities into its encryption becomes an
attractive target of attack to foreign governments, criminal hackers,
and “drooling teenagers in basements,” said Matt Blaze, a noted
cryptography expert and professor at the University of Pennsylvania.
Because companies are increasingly turning to stronger encryption, the
FBI is running out of tools to fight crime, Hess said Tuesday. A
request for a wiretap—-one of the most powerful surveillance tools
available to the FBI—-is a long and complicated process that requires
an agent to supply an extensive affidavit stating that every
less-intrusive method of surveillance had already been considered or
applied, according to Kiran Raj, Senior Counsel to the Deputy Attorney
General.
But Hess said FBI agents will not apply for wiretaps if they think a
suspect is using encrypted communication, because they are not willing
to expend the time and cost of crafting the request if the odds of its
success are slim.
The FBI’s claim was largely met with a shrug from privacy advocates.
“A warrant is not a right that the government has to get data,” said
Jon Callas, CEO of Silent Circle, a company that builds encrypted
communications platforms. “It is a right to perform a search, to
attempt to get the data, and there may be a lot of reasons why it
can’t get to it.”
But even as privacy advocates clashed with law enforcement officials
onstage over the form encryption should take in the tech community,
the groups said they both have the same objective—security—in mind.
“The polarization of this debate is really harmful,” Blaze said. “I
think that in terms of the end goals, there’s a lot more common ground
here than maybe the debate lets on.”
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cypherpunks
mailing list