FBI boss 'concerned' by smartphone encryption plans

What is wrong with this guy? What would he say if his phone was wide open or he was watched where ever he went online? Of course he sees no issue, since he is immune to all of it being an "important figure". Does this guy not see that if law enforcement can get in with ease, anyone can? This is just another damned panic attack they are having, just like everything done after 9/11. I am all for law enforcement and proper government, but this has gotten ridiculous. If I am not committing a crime, stay out of my affairs and my devices.

 

So, if we are to believe him, if a criminal doesn't use a smartphone or a computer the FBI will not be able to catch him/her because the agents don't have all the information they need at one click away?

 

Maybe LEA just wants people to think that encrypted smartphones are secure

 

Did the FBI complain about Windows 8.1 doing it?

 

They probably know the ins and outs of Windows more than Microsoft does. I doubt Windows worries them too much.

 

The Politics Behind iPhone Encryption and the FBI

 

I am finding more and more reasons to stay with old operating systems and devices. If the government had not been so abusive of their authority and did not start trying to act like all citizens are future criminals just waiting for a chance, they would not have people fighting back so hard. I am sorry, when you start treating me like a law abiding citizen again and not monitoring every move I make before you even have reason to, I will be more sensitive to your concerns Mr. FBI guy. Until then, bugger off.

 

The fact that they haven't complained about it tells you all that you need to know. The same applies to making most websites HTTPS as well as STS and encrypted DNS.

Smartphones are designed from the ground up to be tracking and spying equipment. Being "connected" all of the time isn't necessary and isn't worth the tradeoff. Windows has been complicit for a long time, beginning in the 9X era. Through XP, the user could, with effort, disable all of the activity logging, disable the unnecessary services, and close the ports that they open. From Vista onwards, it's impossible by design.

 

Perhaps it's because of this Windows 8.1 aspect (from the linked article in post #29):

 

- this apparently applies if you want to use their (default) device encryption; presumably with the justification that device recovery is only possible in a way that allows your company and the NSA to access it.

Of course, Bitlocker on Windows 7 works just fine with local administrative accounts, and your very own arrangements for recovery key storage.

 

EFF Response to FBI Director Comey's Speech on Encryption | Electronic Frontier Foundation

 

The FBI Director's Evidence Against Encryption Is Pathetic - The Intercept

By Dan Froomkin and Natasha Vargas-Cooper

 

EFF, Snowden Dispute FBI Claims on Device Encryption | Threatpost | The first stop for security news

 

The FBI's Secret House Meeting to Get Access to Your iPhone.

-- Tom

 

Beefed up iPhone crypto will lead to a child dying, DOJ warned Apple execs

http://arstechnica.com/tech-policy/...lead-to-a-child-dying-doj-warned-apple-execs/

 

Is it plausible that stronger encryption could at some point prevent authorities from saving a child's life? I'd have to say yes. On the other hand, I'd have to say it is also plausible that LACK of stronger encryption could do the same. Perhaps the latter context would involve an unstable abusive spouse/parent that retrieves a personal diary entry that sets them off. Perhaps it would involve a stalker/kidnapper that is able to carry out their plans by accessing information they shouldn't be able to.

While it is reasonable to identify a specific type of scenario where weaker encryption might allow a good to be achieved in the end, it is entirely unreasonable and extremely dangerous to base any decision on that one scenario alone. There are countless scenarios, some involving direct consequences and far more involving indirect consequences, that would have to be identified and analyzed in order to understand the potential outcomes that could result from weakening encryption and therefore security/privacy.

In many of those scenarios, it would be corporations and/or government agencies... rather than ordinary criminals... that would be the foe we need to protect ourselves against. Have corporations ever marketed unsafe products which harm large numbers of people? Have government agencies ever conducted experiments, or tried to hide the truth about accidents, which harmed large numbers of people? Have such entities ever used aggressive tactics, including making use of security/privacy vulnerabilities, to attack people who are trying to inform the public and prevent further harm to the population? I think the answer is yes, many times, and that is only one scenario class.

I don't think our species is at a point where it is able to project the ripple effects and consequences of things like this. However, we must try. By extension, we must try to prevent those who do not try from making the decisions. IOW, if a body isn't intellectually honest about the tremendous range of potential consequences, and trying to weigh in many other scenarios where harm could result, then that particular body shouldn't be allowed to make the decisions.

 

I agree with you @TheWindBringeth.
For me, this is similar to discussion whether seat belts can cause harm. In some circumstances they can. But they do save much more lives than they cause harm, so we should wear it.

 

@TheWindBringeth - this is good and reasoned, and at the same time is not strong enough against the disreputable and emotive tactics being used to justify unconstitutional actions they are already doing.

The basic problem is that they say these things based on no evidence whatsoever, certainly regarding the balance of harm. As you point out, it's complex and they have a way of not accounting for costs. The same happens with the war on drugs.

I'm surprised that they didn't point out how puppies might be harmed as well. You could doubtless dream up a scenario there.

All this is leaving aside the moral decrepitude of the argument when it relates to non-US children affected by US actions (or their allies).

 

Let's rephrase that: at some future date, a child will die, and police will say they would have been able to rescue the child, or capture the killer, if only they could have looked inside a certain house.

So let's put a surveillance camera inside every house.

 

Those people have no shame

 

Trusting your encryption to a company like Apple seems foolish to begin with...

There's an Ubuntu phone and the Blackphone with encryption built-in, no backdoors, if you want any shred of protection from the FBI. But phones are inherently insecure from prying eyes, it's long been known that they can very easily be used as bugs to listen in to any conversation going on around them by covertly activating the microphone, given that I think it's best to just assume that anything you do on your phone can be easily found out.

 

Right, and then there's the firmware, which is totally under control of the service provider

 

Properitary software is never safe from LEA.

 

I would bet that this whole story is just a honeypot to get naive people to trust Apple's obviously insecure software

Besides, afaik, phone encryption passwords are either 4- or 6-digits long (no letters or special characters), *trivial* to a brute force attack

 

You are right...a 4 to 6 digit long password is trivially easy to brute force attack