FBI director wants access to encrypt Apple, Google users’ data, demands law ‘fix’

Screen Shot 2014-10-18 at 12.33.13 PM

The FBI director has slammed Apple and Google for offering their customers encryption technology that protects users’ privacy. “Deeply concerned” James Comey wants to push on Congress to “fix” laws to ensure police can still access private data.

“It’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked,” Comey, speaking at the Brookings Institute in Washington DC, referred to the encryption technology calling the new service “a marketing pitch.”

“But it will have very serious consequences for law enforcement and national security agencies at all levels,” he warned.

Apple has recently presented its latest Mac OS X operating system for desktop and laptop computers, encouraging its customers to use FileVault disk encryption technology to keep their data secure. The tool would also prevent NSA or FBI from having access to phones and computers.

Google said it wanted to follow suit with its Android operating system and “encryption will be enabled by default.”

If a customer does not decline the encryption offer, his or her computer or phone will be locked.

This means that the companies will not be able to unlock a phone or a hard drive to reveal photos, documents, e-mail or recordings stored within.

“Criminals and terrorists would like nothing more than for us to miss out,” Comey said, adding that encrypted information on “a bad guy’s phone has the potential to create a black hole for law enforcement.”

“Justice may be denied because of a locked phone or an encrypted hard drive,” he said.

READ MORE: Mass internet surveillance is ‘corrosive of online privacy’ – UN report

While law enforcements would still be able to intercept conversations, it would be impossible to access call data, contacts, photos and emails.

Comey believes that “encryption threatens to lead all of us to a very dark place,” while the companies argue that it is a necessary option that will protect customers from unlawful surveillance and private data access.

Edward Snowden’s revelations have provoked the US tech companies to find better protection for personal information.

Comey acknowledged: “The post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust.”

“Some believe that the FBI has these phenomenal capabilities to access any information at any time—that we can get what we want, when we want it, by flipping some sort of switch,” he said. “It may be true in the movies or on TV. It is simply not the case in real life.”

The FBI director would like to see changes made to the Communications Assistance for Law Enforcement Act, or CALEA, “enacted 20 years ago—a lifetime in the internet age.”

Companies like Apple or Google, should be required to build lawful intercept capabilities for law enforcement, Comey says.

“We aren’t seeking to expand our authority to intercept communications,” he said. “We are struggling to keep up with changing technology and to maintain our ability to actually collect the communications we are authorized to intercept.”

CALEA only covers landline and cellphone companies, broadband services or internet phone services, which connect with traditional phones.

“We also need a regulatory or legislative fix,” Comey said, “so that all communication service providers are held to the same standard.”

Comey’s speech was not the first time he lashed out at Apple and Google for encrypting smartphones. In September, he told reporters in Washington that the encrypting technology offered by the companies, powering nearly 95 percent of the smart phones in the United States, severely hinder law enforcement operations.

FBI DIRECTOR: IF APPLE AND GOOGLE WON’T DECRYPT PHONES, WE’LL FORCE THEM TO

Capture

Comey went ballistic on Apple and Google’s decision to make everything more private

Everyone is stoked that the latest versions of iOS and Android will (finally) encrypt all the information on your smartphone by default. Except, of course, the FBI: Today, its director spent an hour attacking the companies and the very idea of encryption, even suggesting that Congress should pass a law banning the practice of default encryption.

It’s of course no secret that James Comey and the FBI hate the prospect of “going dark,” the idea that law enforcement simply doesn’t have the technical capability to track criminals (and the average person) because of all those goddamn apps, encryption, wifi network switching, and different carriers.

ENCRYPTION THREATENS TO LEAD ALL OF US TO A VERY DARK PLACE
It’s a problem that the FBI has been dealing with for too long (in Comey’s eyes, at least). Today, Comey went ballistic on Apple and Google’s recent decision to make everything just a little more private.

“Encryption isn’t just a technical feature; it’s a marketing pitch … it’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked. And my question is, at what cost?” Comey said. “Both companies [Apple and Google] are run by good people, responding to what they perceive is a market demand. But the place they are leading us is one we shouldn’t go to without careful thought and debate.”

In a tightly moderated speech and discussion at the Brookings Institution—not one technical expert or privacy expert was asked to participate; however, several questions from the audience came from privacy-minded individuals—Comey railed on the “post-Snowden” world that has arisen since people began caring about their privacy.

CONGRESS MIGHT HAVE TO FORCE THIS ON COMPANIES
Comey’s speech and thinking was out-of-touch and off on many levels: He continually referred to potential “bad guys” as the only ones using encryption, and suggested that, with default encryption, people who are wrongly arrested won’t be able to unlock data within their phones that could exonerate them.

Comey also said, in all seriousness, that the FBI has “FOMO” on catching predators, just like the kids.

“With Going Dark, those of us in law enforcement and public safety have a major fear of missing out—missing out on predators who exploit the most vulnerable among us … kids call this FOMO,” he said.

Comey kept referring to the “debate” and “national conversation” that needs to be had regarding widespread encryption. That conversation, in Comey’s mind, should stop and start with the idea that there must be a “front door” means for the FBI, NSA, and other law enforcement agencies to blast through encryption. In other words, companies should be “developing [law enforcement] intercept solutions during the design phase,” a proposition that, beyond making encryption useless, is potentially not even technically feasible.

“Congress might have to force this on companies,” he said. “Maybe they’ll take the hint and do it themselves.”

Comey repeatedly noted that Apple and Google are simply responding to the “market” and consumer demand, as any good capitalist company would do. But he noted that encryption is not really what people should want, lest the “bad guys” win.

“If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place,” he said. “Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust.”

It’s absolutely worth noting that this out-of-control pendulum has so corrupted the thinking of the people that Congress has found it prudent to not pass a single law, not do a single thing, to reign in government mass surveillance, despite Comey’s goal of real-time interception essentially amounting to the ability to peek into anyone’s phone as they use it.

“It might be time to ask: Where are we, as a society? Are we no longer a country governed by the rule of law, where no one is above or beyond that law?,” he said, without irony. “Are we so mistrustful of government—and of law enforcement—that we are willing to let bad guys walk away?”

It also might be time to ask: Are the people chosen to run our law enforcement agencies so out of touch with the American people that they believe that only “bad guys” want privacy?

NYFF: EDWARD SNOWDEN DOC ‘CITIZENFOUR’ REVEALS EXISTENCE OF SECOND NSA WHISTLEBLOWER

Screen Shot 2014-10-11 at 5.39.12 PM

At the end of the Laura Poitras doc, the famed informant registers shock over another who outranks him

A second National Security Agency whistleblower exists within the ranks of government intelligence.

That bombshell comes toward the end of Citizenfour, a new documentary from filmmaker Laura Poitras about NSA informant Edward Snowden that had its world premiere on Friday at the New York Film Festival.

In the key scene, journalist Glenn Greenwald visits Snowden at a hotel room in Moscow. Fearing they are being taped, Greenwald communicates with Snowden via pen and paper.
Screen Shot 2014-10-11 at 5.41.03 PM
While some of the exchanges are blurred for the camera, it becomes clear that Greenwald wants to convey that another government whistleblower — higher in rank than Snowden — has come forward.

The revelation clearly shocks Snowden, whose mouth drops open when he reads the details of the informant’s leak.

Also revealed by Greenwald is the fact that 1.2 million Americans are currently on a government watch-list. Among them is Poitras herself.

And the surprises don’t end there. Near the end of the film, which received a rousing standing ovation, it is revealed that Lindsay Mills, Snowden’s dancer girlfriend of 10 years, has been living with Snowden in Moscow.

When Poitras went to Moscow in July to show Snowden an early cut of the film, she shot footage of the two cooking dinner together, which appears in the final cut.

Snowden fled to Russia after the U.S. government revoked his passport and put pressure on other governments not to grant him asylum.

After spending 39 days in a Moscow airport, Snowden was granted a one-year asylum from President Vladimir Putin. He is now in the country on a three-year residency permit.

Poitras took the stage at Lincoln Center’s Alice Tully Hall following the screening, flanked by Greenwald, with whom she partnered on a pair of explosive stories in The Guardian and Washington Post about Snowden’s surveillance disclosures in June 2014.

Also joining them was Jeremy Scahill, their partner on the website The Intercept, and Snowden’s father and stepmother. Snowden’s father thanked Poitras for having made Citizenfour, which he deemed a “wonderful piece of work.”

Poitras kept her comments following the screening to a minimum, and thanked her crew and Snowden. Instead it was Greenwald and Scahill who did most of the talking, with Scahill at one point describing Poitras as “the most bad-ass director alive, period.”

Before the screening, Poitras told The Hollywood Reporter that she will never forget the moment when Snowden — who was so young Greenwald initially doubted his authenticity — said he was willing to go on the record with his allegations.

“One of the most intense moments was when Snowden told us his identity would not remain anonymous, and I knew that somebody was really, really putting their life on the line,” Poitras said.

Homeland Security to scan federal computer networks without prior authorizat​ion

Capture

After failing to identify the potentially disastrous Heartbleed bug, the United States Department of Homeland Security has successfully lobbied to have the ability to conduct “regular and proactive scans” of civilian agency systems.

Beth Cobert, the deputy director for management at the White House Office of Management and Budget, wrote on Friday that “growing cybersecurity threats,” including this year’s Heartbleed bug, have prompted the federal government to embrace better tactics aimed at ensuring the computer networks used by agencies stays secure.

“In a rapidly changing technological environment, we must have robust procedures, policies and systems in place to protect our nation’s most sensitive information,” Cobert wrote in a blog post first published last week by the White House. To accomplish as much, her office has announced the establishment of a new process that subjects civilian agency networks to greater scrutiny.

According to the official memorandum published last week by the White House OMB, the new mechanism being rolled out by DHS will see to it that the agency “Scan[s] internet accessible addresses and public facing segments of Federal civilian agency systems for vulnerabilities on an ongoing basis as well as in response to newly discovered vulnerabilities on an urgent basis, to include without prior agency authorization on an emergency basis where not prohibited by law.”

By having the DHS “formalize” this process, the memo continues, critical cybersecurity areas of the federal government will be hopefully be better prepared in the event of a cyberattack or major network issue.

“The Federal Government’s response to the ‘Heartbleed’ security vulnerability highlighted the need to formalize this process, and ensure that Federal agencies are proactively scanning networks for vulnerabilities,” the memo reads. “This year’s guidance clarifies what is required of DHS and Federal agencies in this area.”

But according to NextGov reporter Aliya Sternstein, the new process unveiled last week by DHS does more than just ensures networks stay safe — it also provides DHS with the unprecedented power to monitor these public-facing civilian agency networks.

“DHS officials Friday toldNextgovthat, in the past, the department would have to obtain essentially permission slips from agencies before using Einstein and scanning their systems,” Sternstein wrote, referring to the diagnostic hardware and software suite currently used to detect and prevent cyberattacks. “Officials added that DHS now has 110 agreements from agencies to scan for vulnerabilities.”

Cobert’s announcement of the new DHS initiative was made just one day after Rep. Mike Rogers (R-Michigan), the chairman of the House Intelligence Committee, said the US lacks solid policies for both protecting its networks and launching cyber offensives.

“As the [US government] writ large, we don’t have the policies down. We debate it a lot — I can’t tell you how much time we spent in the intelligence committee trying to figure out the way forward on what that looks like — and part of the challenge is the government has about 15 percent of the networks, and the private sector holds about 85 percent of the networks,” Rogers said. “And, contrary to popular belief, the NSA is not monitoring those networks. It is not on those networks. The only way that they see anything coming in is from the outside, so most of the offensive talk is from the private sector saying, ‘I’ve had enough and I’m going to do something about it.’ Because basically what we’ve done today by doing nothing in Congress is telling the 85 percent of these private networks, ‘You’re on your own. You have nation states who are targeting you; who are raving your networks. But you’re on your own. Good luck.’”

Rogers has twice introduced bills in Congress that would let the government monitor activity on private sector networks, but privacy advocates have opposed the act citing the potential of unnecessary surveillance on those systems.