"Comey also posed as a question “whether companies not subject currently to Calea should be required to build lawful intercept capabilities for law enforcement”, something he contended would not “expand” FBI authorities”. Calea is a 1994 surveillance law mandating that law enforcement and intelligence agencies have access to telecommunications data, which Comey described as archaic in the face of technological innovation. … Comey, frequently referring to “bad guys” using encryption, argued access to the cloud is insufficient. “Uploading to the cloud doesn’t include all the stored data on the bad guy’s phone,” he said. “It’s the people who are most worried what’s on the device who will be most likely to avoid the cloud.”" -- http://www.theguardian.com/us-news/2014/oct/16/fbi-director-attacks-tech-companies-encryption
"Under questioning Comey admitted that even if the US did pass laws allowing law enforcement access to encrypted information, there were still plenty of tools produced outside of the US that would be untappable, saying "we'd have a heck of a time trying to do that." Comey declined to say if selling borked crypto would put American companies at a disadvantage when trying to sell overseas. " -- http://www.theregister.co.uk/2015/07/08/crap_crypto_enforcement_laws_coming_as_fbi_boss_testifies_to_congress/
"And as I mentioned, there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it. And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve. And in the past several years because of a number of unauthorized disclosures and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that are taken that make our ability collectively internationally to find these terrorists much more challenging. And I do hope that this is going to be a wake-up call, particularly in areas of Europe where I think there has been a misrepresentation of what the intelligence security services are doing by some quarters that are designed to undercut those capabilities" -- https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/attachments/151116_GSF_OpeningSession.pdf
"What we're asking for is not to lower those standards by developing some type of lawful intercept or lawful access capability, but rather to be able to come up with a way we may be able to implement perhaps multiple keys or some other way to be able to securely access the information — or rather be provided with the information," [Amy Hess, executive assistant director of the FBI’s Science and Technology Branch] said. -- https://www.washingtonpost.com/news/the-switch/wp/2015/04/30/congressman-with-computer-science-degree-encryption-back-doors-are-technologically-stupid/
Oh you dear sweet summer child...
"If history repeats itself first as tragedy and then as farce, what does the FBI have in store next for its encryption war with Apple? … Yet forgive us if this “conversation” now seems more like a Jim Comey monologue. The debate might start to be productive if the FBI Director would stop trying to use the courts as an ad hoc policy tool and promised not to bring any more cases like the one in Brooklyn. Meanwhile, the White House has taken the profile-in-courage stand of refusing to endorse or oppose any encryption bill that Congress may propose. If the Obama team won’t start adjusting to the technological realities of strong and legal encryption, they could at least exercise some adult supervision at Main Justice. -- http://www.wsj.com/articles/the-encryption-farce-1461624399 / https://archive.is/CYpbc
Comey's gotta Comey:
Widespread encryption built into smartphones is “making more and more of the room that we are charged to investigate dark,” Comey said in a cybersecurity symposium. […] “The conversation we’ve been trying to have about this has dipped below public consciousness now, and that’s fine,” Comey said at a symposium organized by Symantec, a technology company. “Because what we want to do is collect information this year so that next year we can have an adult conversation in this country.” “With good reason, the people of the United States — through judges and law enforcement — can invade our private spaces,” Comey said, adding that that “bargain” has been at the center of the country since its inception. “We are working hard to make people at keyboards feel our breath on their necks and try to change that behavior,” he said. “We’ve got to get to a point where we can reach them as easily as they can reach us and change behavior by that reach-out.” -- https://apnews.com/article/7d57f576e3f74b6ca4cd3436fbebf160
""Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety," Deputy Attorney General Rod Rosenstein said in a speech at the US Naval Academy today (transcript). "Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries." … "We know from experience that the largest companies have the resources to do what is necessary to promote cybersecurity while protecting public safety. A major hardware provider, for example, reportedly maintains private keys that it can use to sign software updates for each of its devices. That would present a huge potential security problem, if those keys were to leak. But they do not leak, because the company knows how to protect what is important. Companies can protect their ability to respond to lawful court orders with equal diligence." " -- https://arstechnica.com/tech-policy/2017/10/trumps-doj-tries-to-rebrand-weakened-encryption-as-responsible-encryption/
"The Justice Department signaled Tuesday it intends to take a more aggressive posture in seeking access to encrypted information from technology companies, setting the stage for another round of clashes in the tug of war between privacy and public safety. … “Warrant-proof encryption is not just a law enforcement problem,” Mr. Rosenstein said at a conference at the U.S. Naval Academy. “The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost. " “Technology companies almost certainly will not develop responsible encryption if left to their own devices,” Mr. Rosenstein said. “Competition will fuel a mind-set that leads them to produce products that are more and more impregnable. That will give criminals and terrorists more opportunities to cause harm with impunity.”” -- https://www.wsj.com/articles/justice-department-to-be-more-aggressive-in-seeking-encrypted-data-1507651438 / http://archive.is/i1jNu
"Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety. Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries." "When encryption is designed with no means of lawful access, it allows terrorists, drug dealers, child molesters, fraudsters, and other criminals to hide incriminating evidence. Mass-market products and services incorporating warrant-proof encryption are now the norm. Many instant-messaging services employ default encryption designs that offer police no way to read them, even if an impartial judge issues a court order. The makers of smart phones previously kept the ability to access some data on phones, when ordered by a court to do so. Now they engineer away even that capability." "We refer to this problem as “Going Dark” – the threat to public safety that occurs when service providers, device manufacturers, and application developers deprive law enforcement and national security investigators of crucial investigative tools. " […] ". Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists. Examples include the central management of security keys and operating system updates; the scanning of content, like your e-mails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop." […] "Responsible encryption can protect privacy and promote security without forfeiting access for legitimate law enforcement needs supported by judicial approval." -- https://www.lawfareblog.com/deputy-attorney-general-rod-rosenstein-remarks-encryption
"Some technology experts castigate colleagues who engage with law enforcement to address encryption and similar challenges," Rosenstein said. "Just because people are quick to criticize you does not mean that you are doing the wrong thing. Take it from me." […] There is nothing virtuous about refusing to help develop responsible encryption, or in shaming people who understand the dangers of creating any spaces—whether real-world or virtual—where people are free to victimize others without fear of getting caught or punished," Rosenstein said." -- https://www.wired.com/story/rod-rosenstein-encryption-backdoor/
"One of the most profoundly disruptive developments occurring in the cyber security arena today is the headlong rush by a set of parties to ubiquitously implement extreme End-to-End (e2e) encryption […] The generally understood objective by its zealous leaders is to cause everyone except the end parties of the communications services to "go dark"" "Responsible commercial and intergovernmental industry technical venues have for decades adopted appropriate forms of Transport, Network, and Application Layer Security — rejecting extreme e2e encryption capabilities" "There is flatly no "right" to unfettered personal encrypted communication on publicly available infrastructures and services." -- Future talking points to watch for, via http://www.circleid.com/posts/20171024_legal_controls_on_extreme_end_to_end_encryption_ee2ee/
“I think there should be [room for compromise],” Wray said Wednesday night at a national security conference in Aspen, Colorado. “I don’t want to characterize private conversations we’re having with people in the industry. We’re not there yet for sure. And if we can’t get there, there may be other remedies, like legislation, that would have to come to bear.” -- https://www.cyberscoop.com/fbi-director-without-compromise-encryption-legislation-may-remedy/
"And if we can't get there, there may be other remedies, like legislation, that would have to come to bear. But I really do believe that if people come at it with a goal I think we all share of having both strong cybersecurity and protecting flesh-and-blood Americans -- Again, there's a way to do this. We're a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can't solve this problem as a society -- I just don't buy it." -- https://www.techdirt.com/articles/20180721/12074340282/fbi-boss-chris-wray-we-put-man-moon-so-why-not-encryption-backdoors.shtml
“The idea of the ‘golden key’ — access that only the ‘good guys’ can use — is a myth,” said Jamie Winterton, director of strategy for Arizona State University’s Global Security Initiative. “Once that access has been created, it could be used by the FBI, or it could be used by foreign adversaries.”
Vikram Phatak, chief executive of the cybersecurity firm NSS Labs, said: “How long would it take for the backdoor ‘key’ to be stolen? Even if the possibility is remote (it isn’t), having the backdoor key stolen would be catastrophic.”
“The number of inaccessible devices is quite low in a relative sense and the risk of missing a threat indicator is extremely low, while the digital security risks would be incredibly high if encryption were weakened,” said Chris Finan, who served as director for cybersecurity legislation and policy on the National Security Council during the Obama administration. “This is a no-brainer when you examine the actual data: Strong encryption increases our well-being.” -- https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/06/11/the-cybersecurity-202-we-surveyed-100-experts-a-majority-rejected-the-fbi-s-push-for-encryption-back-doors/5b1d39eb1b326b6391af094a/
"Senior officials debated whether to ask Congress to effectively outlaw end-to-end encryption, which scrambles data so that only its sender and recipient can read it, these people told POLITICO. … “The two paths were to either put out a statement or a general position on encryption, and [say] that they would continue to work on a solution, or to ask Congress for legislation,” said one of the people. -- https://www.politico.com/story/2019/06/27/trump-officials-weigh-encryption-crackdown-1385306
"“I am here today to tell you that, as we use encryption to improve cybersecurity, we must ensure that we retain society’s ability to gain lawful access to data and communications when needed to respond to criminal activity,” Mr. Barr said. “While we should not hesitate to deploy encryption to protect ourselves from cybercriminals, this should not be done in a way that eviscerates society’s ability to defend itself against all these other types of criminals.”" --https://www.wsj.com/articles/barr-revives-debate-over-warrant-proof-encryption-11563894048?tesla=y&mod=article_inline
Honarary mention:
"As the cybersecurity community dismissed Barr’s demands and outlined the myriad ways in which such backdoors could be exploited by criminals, the sad reality that most of the cybersecurity community has missed is that the encryption debate is already over – Facebook ended it earlier this year […] The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service." -- https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#1cb746ce5362
Welcome to our UK friends joining in:
“We need to ensure that our law enforcement and security and intelligence agencies are able to gain lawful and exceptional access to the information they need,” the Home Office said in a statement. -- https://amp.theguardian.com/uk-news/2019/jul/30/five-eyes-backdoor-access-whatsapp-encryption
Welcome to the rest of "Five Eyes":
"After a two-day summit in London, senior ministers from the group comprising the United States and allies Britain, Canada, Australia and New Zealand, said encryption should not come at the expense of the public’s safety. “We are concerned where companies deliberately design their systems in a way that precludes any form of access to content, even in cases of the most serious crimes,” the group said in a statement following the conference. “Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.” -- https://www.reuters.com/article/us-security-fiveeyes-britain-idUSKCN1UP199
"We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety […] Signed by Barr, UK Home Secretary Priti Patel, acting US Homeland Security Secretary Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton, the letter raises concerns that Facebook’s plan to build end-to-end encryption into its messaging apps will prevent law enforcement agencies from finding illegal activity conducted through Facebook, including child sexual exploitation, terrorism, and election meddling. […] "Security enhancements to the virtual world should not make us more vulnerable in the physical world," the letter reads. "Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes." -- https://www.buzzfeednews.com/article/ryanmac/bill-barr-facebook-letter-halt-encryption
"Shorter encryption debate: Them: Terrible things are terrible Us: Yes they are Them: Stop the terrible things Us: We don't know how to do that without side effects that would be even more terrible. Them: Just do it without causing the side effects." -- Matt Blaze; https://twitter.com/mattblaze/status/1180092773975953409
Starting 2020 off by really raising the level of the debate:
"We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements. They will have to step up to the plate and help our great Country, NOW! MAKE AMERICA GREAT AGAIN." -- @realDonaldTrump; https://gizmodo.com/old-man-yells-at-icloud-1841005709
"Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations" -- Lindsey Graham; https://duo.com/decipher/new-bill-takes-direct-aim-at-encrypted-devices-and-services
"Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet" - Tom Cotton, https://threatpost.com/new-bill-targeting-warrant-proof-encryption-draws-ire/156877/
"The bill announced today balances the privacy interests of consumers with the public safety interests of the community by requiring the makers of consumer devices to provide law enforcement with access to encrypted data when authorized by a judge … I am confident that our world-class technology companies can engineer secure products that protect user information and allow for lawful access." Attorney General Bill Barr, https://www.cnet.com/news/republicans-push-bill-requiring-tech-companies-to-help-access-encrypted-data/