The FBI, no matter the decade, really has an issue with people resisting their power trips. Rather than following the constitutional way of investigating crimes, they prefer to circumnavigate laws meant to protect the civil liberties of ordinary citizens. Such was the case in the San Bernardino mass shooting case where then-Director James Comey sought a universal key to break iPhone encryption en masse. With a new FBI director now leading the charge against strong encryption standards and looking for an encryption backdoor, as Led Zeppelin once said, the song remains the same.
At the FBI International Conference on Cyber Security at New York's Fordham University, FBI Director Christopher Wray outlined the state of the organization's cybersecurity policies. The speech, entitled Raising Our Game: Cyber Security in an Age of Digital Transformation, consisted of a broad range of topics. There was a great deal of discussion of the Bureau's successful investigations against cybercrime as well as how the FBI can improve its reaction to the plethora of threats that face companies and regular citizens.
What really stuck out, however, was the penultimate topic covered in Director Wray's speech. As was alluded to earlier, the topic of encryption came up and it was... infuriating. The director stated the following on the topic:
In fiscal year 2017, we were unable to access the content of 7,775 devices—using appropriate and available technical tools — even though we had the legal authority to do so. Each one of those nearly 7,800 devices is tied to a specific subject, a specific defendant, a specific victim, a specific threat... Being unable to access nearly 7,800 devices is a major public safety issue... This problem impacts our investigations across the board — human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation, and cyber.
Once again the FBI shows its true colors by attacking strong encryption standards as a threat to public safety (which is nonsense). Director Wray went on to state that the FBI supports cybersecurity's aims, however hollow that statement rings in the face of the bureau's constant attacks:
Let me be clear: The FBI supports information security measures, including strong encryption. But information security programs need to be thoughtfully designed so they don’t undermine the lawful tools we need to keep this country safe... we need and want the private sector’s help. We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both...
We’re not looking for a “back door"... What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.
We need to work together — the government and the technology sector — to find a way forward, quickly.
Bloody hell the contradictions in these statements. You say you support strong cybersecurity measures yet want a way to bypass said measures whenever your agency so chooses. That, Director Wray, is asking for an encryption backdoor. You cannot have strong encryption while simultaneously giving universal access to an entity known to abuse its power (see: COINTELPRO). That is a total contradiction and the director shouldn't act as though it is anything else.
You say you want to work together with the technology sector, Director Wray? A good show of faith would be to let the InfoSec community do what we do best; keep people safe. Your bureau has proven time and again it does not care about due process, so until you change, we cannot trust you. Many may not appreciate my tone here, but I am done with agencies like the FBI, CIA, and NSA infringing on basic civil liberties and common cybersecurity standards for their own aims.
You are naive if you believe that the FBI will not abuse a master key giving them an encryption backdoor to your devices. Wake up, and wake up fast.
Photo credit: Wikimedia