FBI Director Claims That The World's Most Knowledgeable Cybersecurity Experts Are Not 'Fair Minded' About Encryption Backdoors

from the oh-really? dept

A group of tech companies and some prominent folks wrote a letter to the President yesterday that I frankly found depressing. Because their letter contains no acknowledgment that there are societal costs to universal encryption. Look, I recognize the challenges facing our tech companies. Competitive challenges, regulatory challenges overseas, all kinds of challenges. I recognize the benefits of encryption, but I think fair-minded people also have to recognize the costs associated with that. And I read this letter and I think, “Either these folks don’t see what I see or they’re not fair-minded.” And either one of those things is depressing to me. So I’ve just got to continue to have the conversation.

We’ve got to have a conversation long before the logic of strong encryption takes us to that place. And smart people, reasonable people will disagree mightily. Technical people will say it’s too hard. My reaction to that is: Really? Too hard? Too hard for the people we have in this country to figure something out? I’m not that pessimistic. I think we ought to have a conversation.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Earlier this week, we noted that a huge list of companies, non-profits and cybersecurity experts had signed a letter to the White House about the stupidity and danger of trying to order backdoors into encryption (disclaimer: we signed the letter as well). While many in the press focused on the companies that had signed onto the letter (including Google, Apple, Cisco, Microsoft, Twitter and Facebook), as we noted, what was muchinteresting was the long list of cybersecurity/encryption experts who signed onto the letter. Just in case you don't feel like searching it out, I'll post the entire list of those experts after this post.It's a who's who of the brightest minds in encryption and cryptography. Whitfield Diffiepublic key cryptography. Phil Zimmermann created PGP. Ron Rivest is the "R" in "RSA." Peter Neumann has been working on these issues for decades before I was even born. And many more on the list are just as impressive.So how do you think FBI director James Comey -- who has been leading the charge on backdooring encryption -- responded to these experts?I wish I was joking.First of all, it's kind of hilarious for the FBI director to be arguing that the people who signed that letter haven't done a cost-benefit analysis, since we've noted that the intelligence and law enforcement communities almost never do such an analysis. They always insist "more surveillance" must be better, without considering the costs involved.And then there's this, showing that Comeythe letter at all:Hey, Comey! No one is saying it's "too hard." They're saying it's IMPOSSIBLE to do this without weakening everyone's security. Impossible. It's not a "hard" problem, it's an impossible problem. Because if you weaken security to let the FBI in,you are weakening the security to let others in as well. That's the point that was being made.And this is important. For all of the ridiculous claims by Comey and others that we need to "have a conversation" on this,. A conversation is counterproductive. All of these people can andbe working on systems to make us all more safe and secure. But if they have to keep explaining to ignorant folks like Comey why this is a bad idea, then they are. You can have a discussion over things that are hard. But there isin having a discussion over things that areHal Abelson, Professor of Computer Science and Engineering, Massachusetts Institute of TechnologyBen Adida, VP Engineering, Clever Inc.Jacob Appelbaum, The Tor ProjectAdam Back, PhD, Inventor, HashCash, Co-Founder & President, BlockstreamAlvaro Bedoya, Executive Director, Center on Privacy & Technology at Georgetown LawBrian Behlendorf, Open Source software pioneerSteven M. Bellovin, Percy K. and Vida L.W. Hudson Professor of Computer Science, Columbia UniversityMatt Bishop, Professor of Computer Science, University of California at DavisMatthew Blaze, Director, Distributed Systems Laboratory, University of PennsylvaniaDan Boneh, Professor of Computer Science and Electrical Engineering at Stanford UniversityEric Burger, Research Professor of Computer Science and Director, Security and Software Engineering Research Center (Georgetown), Georgetown UniversityJon Callas, CTO, Silent CircleL. Jean Camp, Professor of Informatics, Indiana UniversityRichard A. Clarke, Chairman, Good Harbor Security Risk ManagementGabriella Coleman, Wolfe Chair in Scientific and Technological Literacy, McGill UniversityWhitfield Diffie, Dr. sc. techn., Center for International Security and Cooperation, Stanford UniversityDavid Evans, Professor of Computer Science, University of VirginiaDavid J. Farber, Alfred Filter Moore Professor Emeritus of Telecommunications, University of PennsylvaniaDan Farmer, Security Consultant and Researcher, Vicious Fishes ConsultingRik Farrow, Internet SecurityJoan Feigenbaum, Department Chair and Grace Murray Hopper Professor of Computer Science Yale UniversityRichard Forno, Jr. Affiliate Scholar, Stanford Law School Center for Internet and SocietyAlex Fowler, Co-Founder & SVP, BlockstreamJim Fruchterman, Founder and CEO, BenetechDaniel Kahn Gillmor, ACLU Staff TechnologistRobert Graham, creator of BlackICE, sidejacking, and masscanJennifer Stisa Granick, Director of Civil Liberties, Stanford Center for Internet and SocietyMatthew D. Green, Assistant Research Professor, Johns Hopkins University Information Security InstituteRobert Hansen, Vice President of Labs at WhiteHat SecurityLance Hoffman, Director, George Washington University, Cyber Security Policy and Research InstituteMarcia Hofmann, Law Office of Marcia HofmannNadim Kobeissi, PhD Researcher, INRIAJoseph Lorenzo Hall, Chief Technologist, Center for Democracy & TechnologyNadia Heninger, Assistant Professor, Department of Computer and Information Science, University of PennsylvaniaDavid S. Isenberg, Producer, Freedom 2 ConnectDouglas W. Jones, Department of Computer Science, University of IowaSusan Landau, Worcester Polytechnic InstituteGordon Fyodor Lyon, Founder, Nmap Security Scanner ProjectAaron Massey, Postdoctoral Fellow, School of Interactive Computing, Georgia Institute of TechnologyJonathan Mayer, Graduate Fellow, Stanford UniversityJeff Moss, Founder, DEF CON and Black Hat security conferencesPeter G. Neumann, Senior Principal Scientist, SRI International Computer Science Lab, Moderator of the ACM Risks ForumKen Pfeil, former CISO at Pioneer InvestmentsRonald L. Rivest, Vannevar Bush Professor, Massachusetts Institute of TechnologyPaul Rosenzweig, Professorial Lecturer in Law, George Washington University School of LawJeffrey I. Schiller, Area Director for Security, Internet Engineering Task Force (1994- 2003), Massachusetts Institute of TechnologyBruce Schneier, Fellow, Berkman Center for Internet and Society, Harvard Law SchoolMicah Sherr, Assistant Professor of Computer Science, Georgetown UniversityAdam Shostack, author, “Threat Modeling: Designing for Security”Eugene H. Spafford, CERIAS Executive Director, Purdue UniversityAlex Stamos, CISO, YahooGeoffrey R. Stone, Edward H. Levi Distinguished Service Professor of Law, The University of ChicagoPeter Swire, Huang Professor of Law and Ethics, Scheller College of Business, Georgia Institute of TechnologyC. Thomas (Space Rogue), Security Strategist, Tenable Network SecurityDan S. Wallach, Professor, Department of Computer Science and Rice Scholar, Baker Institute of Public PolicyNicholas Weaver, Researcher, International Computer Science InstituteChris Wysopal, Co-Founder and CTO, Veracode, Inc.Philip Zimmermann, Chief Scientist and Co-Founder, Silent Circle

Filed Under: backdoors, cybersecurity, encryption, fbi, james comey, phil zimmermann, ron rivest, security, whitfield diffie