Posted inGovernment / Spying / Surveillance / ToMl

Government want your private information

FBI Director James Comey is set to testify against encryption before the Senate Intelligence Committee today, as the United States and Britain push for “exceptional access” to encrypted communications. Encryption refers to the scrambling of communications so they cannot be read without the correct key or password. The FBI and GCHQ have said they need access to encrypted communications to track criminals and terrorists. Fourteen of the world’s pre-eminent cryptographers, computer scientists and security specialists have issued a paper arguing there is no way to allow the government such access without endangering all confidential data, as well as the broader communications infrastructure.

Bruce Schneier talking:

It’s extraordinary that governments—that free governments are demanding that security be weakened because the government might want to have access. This is the kind of thing that we see out of Russia and China and Syria. But to see it out of Western countries, I think, is extraordinary. What we wanted to do in the paper is say, as technologists, trying to do this will be incredibly damaging. There’s a policy debate going on right now. You talked about Comey talking before the Senate. We want to come together as technologists to try to inform that debate, and that’s why we wrote the report.

What Comey wants is encryption that he can break with a court order. But as a technologist, I can’t design a computer that operates differently when a certain piece of paper is nearby. If I make a system that can be broken, it can be broken by anybody, not just the FBI. So his requirement for access gives criminals access, gives the Chinese government access. We need encryption for security, for many more reasons than he wants to break it. Trying to break it just makes it weak. We all have less security because of that.

Encryption only foiled wiretaps in four cases. Comey has not been able to give good examples of iPhones being encrypted. He gave some examples; they were pretty much instantly refuted. So we get a lot of scare stories, but we don’t get actual credible evidence that this is hindering law enforcement.

It turns out we give a lot of data that is not encrypted and can’t be encrypted—Facebook, email, lots of conversations, location data on our cellphone. This is actually the golden age of surveillance. And a lot of this stuff can be used against us. Remember, Apple’s—the photos from Apple’s servers that were stolen and leaked, and these were compromising photos of celebrities. And this is how our data is being stored. The fact that some stuff is being put on phones, some communications are secure, that’s not a hindrance to him. He says it is, but it’s scare stories.

And we heard these scare stories before. In the mid-’90s, we had this exact same debate. And most of the group of us that wrote the report we released yesterday released a report in the mid-’90s saying the same things. Here we are 20 years later, and there hasn’t been a problem. So I don’t see a problem, and I’m afraid the solution is damaging.

We’re concerned about criminals. We’re concerned about Chinese nationals, other countries. We’re concerned about the security of our data, and encryption is a valuable tool. To deliberately weaken that at the behest of the FBI or the U.K. government, I think, is a really crazy trade-off. It doesn’t make us safer; it makes us more at risk.

Cameron is proposing something even more extreme. He’s made statements saying that secure encryption should be illegal. Now, that, I think, would be incredibly damaging. It’s also unworkable. I mean, if he wants to make that so, he has to seize my computer, my laptop, when I enter the country. He’s not going to do that. That will destroy tourism. But the noise here is even more extreme, that it should be a crime to use secure encryption. I think it really should be the opposite, that not using it, you should be liable for damages.

While encryption is a very powerful too and very strong, computer security is very weak. We, as scientists, don’t know how to build secure computers. So I can protect the encryption of your phone, but I can’t stop someone from hacking into it. And if you look at what the NSA does, what the Chinese government does, what criminals do, they hack into devices. And that’s something that we’re still very much at risk at. The big breaches you’re seeing are not breaches of encryption. They’re hacking. We know the FBI does hacking.

And a lot of us on the group believe that lawful hacking is the solution to Comey’s problem. Don’t break encryption for everybody, but hack into the computers of just the suspects you want to eavesdrop on. That’s more powerful. That’s something we can’t really prevent. And that gives you, the FBI, the U.K. government, the access you need. And that is both a problem and a solution. We do need to get better at it. I mean, all the breaches you’re seeing show how bad it is, whether it’s Office of Personnel Management; whether it’s a cyberweapons arms manufacturer in Italy, Hacking Team, last week; whether it’s Target or Home Depot or any bank. You know, these are all breaches of computer security from these flaws.

Leaked documents appear to show an Italy-based private spyware company known as the Hacking Team was selling its products to U.S. law enforcement agencies and repressive governments around the world. The Hacking Team sells software which lets users seize remote control of another person’s computer. Its customers include the FBI, the Drug Enforcement Administration and the U.S. Army, as well as foreign governments including Ethiopia, Sudan, Saudi Arabia and Bahrain. The documents were published to the company’s own Twitter feed following an apparent breach.

Hacking Team is a company—it’s a cyberweapons arms manufacturer—that sells both to the U.S. government and to repressive regimes all over the world. Hacking Team has been responsible for people dying. I have no doubt about that. And what happened is, some hacker decided to publish all of their documents. We learned some extraordinary things, like the company has secret access into the products it sold to all these countries and didn’t tell them. The company has problems. I mean, it’s one thing to have dissatisfied customers. Hacking Team has dissatisfied customers with hit squads. This is going to be bad. This is a company that I believe has behaved immorally. So I’m really kind of happy to see them on the ropes here.

The data that Snowden revealed via the reporters has been nothing short of amazing. We’ve learned a lot about how the NSA works, the justifications behind what they do, the things they do. And by extension, we’ve learned what other countries do, as well. Right? The NSA is not made of magic. These are the same things Russia and China and Israel and France and other countries do. So we’re learning a lot about nation-state surveillance. And that teaches us how to make things more secure. At the same time, we’ve had this great political debate in the United States about what are the limits of U.S. surveillance. There’s been less of a debate in the U.K., but there has been some, as well. So Snowden has done two things, from my perspective: He’s shown citizens what the government is doing in their name, and he’s shown technologists what the capabilities of attack are, so we can build better defensive capabilities.
____
Bruce Schneier, security technologist and author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He’s also a fellow at Harvard’s Berkman Center for Internet and Society and a board member of the Electronic Frontier Foundation.

— source democracynow.org

Leave a Reply

Your email address will not be published. Required fields are marked *