Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

The Door to Nowhere

Today I was walking around, exploring the local downtown area, and I noticed a door. Or more accurately, what used to be a door, and the symbolism was too perfect to ignore. It’s a door to nowhere.

A door once stood here, carefully built, thoughtfully placed, well crafted. Long ago someone decided that they didn’t want the door to exist anymore — so they filled it in. They made an attempt at reversing the decisions of the past to suit their desire at the moment — but they couldn’t.

What stands now is a scar, a flawed edifice, a clear sign that someone tried, and yet failed to change reality.

The door, though forever closed, can not be erased.

James Comey & Closing Doors #

The FBI Director is trying to do something very similar. James Comey is trying his best to close the door to cryptography for Americans, in a vain attempt to roll back the clock to a time when Americans didn’t have easy access to strong and easy to use encryption tools. A friend of mine summed up his efforts better than anyone else:

That is, in a nutshell, what’s going on — between the creation of the internet, and the wide scale deployment of encryption, law enforcement had it easy. Getting information was simple; now it’s not and they want to go back to things being easy for them. Why actually investigate when you can just have companies deliver all the information to you? If one is to believe the narrative that Comey is pushing, you’d have to believe that the FBI was entirely useless prior to the creation of the internet.

In the past Comey has called for magical solutions to allow the US Government to have access to data, while somehow keeping it secure from everyone else. Everyone that understands cryptography immediately made it clear just how ridiculous that idea is. Now, Comey has a new tactic — declare that there is no technical problem with backdooring systems.

Instead of trying to understand the problem, the FBI’s position is now to just pretend it doesn’t exist.

The goal of the FBI now is to compel companies, by political pressure or legislation, to add backdoors to their systems, to allow them (and hackers, and malicious employees, etc.) to bypass encryption and provide the US Government with clear text. Or, put more simply, the goal is to eliminate end-to-end encryption.

Yet, the door has been opened — strong cryptography is readily available. So, how does Comey see this little fact?

I think there’s no way we solve this entire problem. … The sophisticated user could still find a way.

They understand that those that are motivated to hide, such as the terrorists they are purportedly targeting with these calls to control encryption, will still use strong encryption. Yet they call for average Americans to lose access to end-to-end cryptography.

Any legislative option would only apply to American companies — Silent Circle for example, left the country in 2014 to get away from the problems with the US legal system. Should such legislation be enacted, smaller players would likely follow very quickly. With issues, such as the collapse of the US-EU Safe Harbor due to the US failing to live up to its privacy requirements, life has already been getting harder for the larger US-based companies; they may just opt to leave as well.

By trying to force US companies to backdoor their own systems for the convenance of the FBI, knowing that those that are motivated to encrypt will do so, the real loser is the American people & companies. Foreign countries will be able to offer more secure products, terrorists and criminals will still be just as able to use strong encryption as they are now, life will be easier for hackers and malicious employees that want to steal data.

As a final demonstration of the short-sighted foolishness of the FBI’s mission to keep end-to-end encryption away from Americans, they seem to completely fail to understand that other governments will demand access to these backdoors as well — this action would simplify state-sponsored corporate espionage, as well as monitoring US officials.

Comey wants to change the past, yet at worst, all he will be able to do is leave a scar on America.

Adam Caudill

Related Posts

  • Crypto Crisis: Fear over Freedom

    Yesterday, President Obama spoke at SXSW on topics including the oft-discussed fight between Apple and the FBI – what he called for, while more thoughtful than some of the other comments that we have been hearing from Washington, was still tragically misinformed. He repeated the call for a compromise, and by compromise, he meant backdoors. Here, I feel I must paraphrase one of my favorite authors to properly express the magnitude of what’s being discussed here:

  • Battle Fronts in the Crypto War

    or, These aren’t the droids apps you are looking for… The Chinese government has passed new anti-terror legislation, drafts of which have been criticized for months due to broad language, and the massive privacy concerns. This legislation is a critical move in the global Crypto War – effectively giving the Chinese what the FBI has been seeking for well over a decade: a CALEA-style law, that mandates providers be able to supply law enforcement with decrypted data.

  • Crypto Front Door: Everyone Welcome!

    For decades, the US Government has fought — sometimes with itself — to prevent the use of secure cryptography. During the first crypto war, they allowed strong cryptography within the US, but other countries were limited to small keys — making brute force attacks practical. But what about those pesky US citizens? They didn’t really want them to have strong crypto either — enter key escrow. What is key escrow? According to Wikipedia:

  • On Apple, Privacy, and Device Control

    If you’ve bothered to look at Twitter or any technology news source, you’ve seen that Apple made a major announcement: Expanded Protections for Children. This has been written about by countless outlets, so I’ll assume you’re familiar with the basics. The announcement covered a few new features being added to the next version of Apple’s operating systems, namely: Scanning of inbound and outbound messages for sexually explicit images. Scanning images being uploaded to iCloud for CSAM.

  • Confide, Screenshots, and Imaginary Threats

    Recently Vice published a story about a lawsuit against the makers of the ‘secure’ messaging application Confide. This isn’t just a lawsuit, it’s a class-action lawsuit and brought by Edelson PC – an amazingly successful (and sometimes hated1) law firm – this isn’t a simple case. The complaint includes a very important point: Specifically, Confide fails to deliver on two of the three requirements that it espouses as necessary for confidential communications: ephemerality and screenshot protection.