A backdoor by any other name…

Yesterday James B. Comey, the Director of the FBI continued the propaganda campaign against encryption with a fresh batch of lies and misdirection. The FBI has been pushing to add backdoors to cryptosystems around the world – no matter how many people they put at risk in the process. Starting in the 1990’s, the FBI has been at the forefront of trying to make their job easier by endangering the world.

What Comey did today was to lay the foundation for a renewed push for a new, expansive, CALEA type law that would give governments access – via court orders or surreptitiously, to all of your data. In 2013 they were pushing for CALEA 2, which would have expanded their ability to secretly access your data in a massive way. Thankfully the Snowden documents put an end to that – at least for awhile.

I use the term governments instead of specifying the US Government very intentionally. Under CALEA, certain systems must be compliant to be sold in the US – so companies add support, and then ship them all over the world instead of supporting two versions. So the FBI’s desire to have easy access to anything they want puts people around the world at risk. But surely nobody would abuse this, right?

In 2004, thanks to support for this type of “lawful intercept” support, Vodaphone in Greece was hacked – tapping top government and civil leaders. Who did it still isn’t known, but many suspect that the US Government was behind it. Then there’s SOMALGET, the NSA program to collect all calls made in the Bahamas. The DEA was given access to their phone systems for the purposes of “lawful intercept” – again, a CALEA compliant setup, which was then used to collect everything they were able to get. These are just two high profile examples, there are many cases where researchers have found flaws in these systems, making them easy prey.

For years, it’s been made clear that such backdoors were disasters – and it’s not just CALEA compliance either. There’s the infamous Clipper chip which would encrypt voice calls, but allow the government to easily listen in – but thanks to fatal flaws, anyone else could as well.

Thanks to this, pretty much everybody agrees that backdoors are a bad idea, so the FBI had a great idea – call it something else!

A rose by any other name…

Comey, deciding that he shouldn’t have to deal with reality, and that the best way to address the public was misdirection:

We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law.

And by “front door”, he means some new backdoor into everything.

He wants the ability to decrypt data, without having to get information from the suspect; which means adding a backdoor to systems, to allow them – and likely many others to get in. This is no different from the disastrous Clipper chip idea.

The FBI is trying to misdirect the public, lead them to believe in some magical, secure backdoor that is abuse-proof. But when such an idea is being pushed by an organization that has so much abuse and illegal activity in its history – should anyone trust what they say?

Putting enforcement first

At one point Comey said something that I found shocking:

Are we so mistrustful of government—and of law enforcement—that we are willing to let bad guys walk away…

If you read the US Constitution, this is answered for him – in many places it is made clear, it’s better to let a criminal walk free than to infringe on the rights of the innocent. Preserving the rights of the people trumps everything.

For law enforcement, this isn’t about justice, or the rule of law – this is about their power, their ability to get what they want, when they want it. If they put people in harm’s way in the process, that’s a price they are willing to let the public pay.

Only one government?

In the discussions about this, one major point keeps being missed – this isn’t just about the US Government, but about the governments all around the world. If companies are forced to add backdoors to products for the US market, you can bet that same backdoor will be shipped to every country they work in.

So the danger is global – but as this is something that can be used for intelligence, as CALEA has been used for in the past, I’m sure this fact hasn’t escaped the attention of planners at the NSA. For the NSA, a CALEA 2 style law would give them easy access to expand their already vast – and illegal – collection operations. It would be a dream come true.

There’s also another international component to this issue – many major tech companies operate in several countries, making them subject to local courts. What happens when they receive a court order for access to this backdoor and a gag order, to prevent them from talking about it? Suddenly American data will be at risk from foreign powers.

There are so many issues opened up when backdoors are added, that one could talk for days and still not cover all the ways it could be abused.

Lies and mistrust

Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust.

It seems that Comey is surprised that people don’t trust the government, after lies, deception, and violations of law are revealed. How shocking.

The US Government has failed to uphold the Constitution, and technology companies have stepped up to provide a level of protection in the face of a Government that has ignored its obligations. I’m sure that the FBI would love to go back the old days – where we assume the government is doing the right thing while secretly violating the Constitution and ignoring international law. Anything to give them more power and control.

The New Crypto Wars

In the 1990s, the first crypto war was fought, and many believed that the public had won. What we are seeing is, without question, that a new war has started. Apple’s decision to change the way they encrypt phones wasn’t what started it – the writing had been on the walls for some time, it was just the ammunition they were waiting to go on the attack.

Those that work with cryptography daily fighting to protect users, while the government is busy trying to protect what they want, over the rights and protection of the people. Expect it to get ugly.

It’s going to be a fight, and what happens in the next year or two will be critical. If the FBI wins, privacy dies.

(Sorry for the ranty nature of this post – it’s an issue I feel strongly about, and something that we must take action on.)