FBI - Encryption is Great as Long as it Still Lets Us In

1389365257000-AP-State-Senator-Investigated-001.jpg

FBI Director James Comey

FBI Director James Comey defended his agency’s position that too-tough-to-crack encryption poses a threat to national security, arguing that terrorists are increasingly using the technology to lock out law enforcement and coordinate attacks.
Comey, in a brief op-ed appearing on the prominent national security blog Lawfare, said that “there are lots of good things” about universal strong encryption, such as expanded privacy and protection from cybercriminals. But those benefits must be balanced against the potential risks created by making it more difficult for the government to access the digital communications and data of those suspected of wrongdoing, he said.
“When the government’s ability—with appropriate predication and court oversight—to see an individual’s stuff goes away, it will affect public safety,” Comey wrote. “That tension is vividly illustrated by the current ISIL threat, which involves ISIL operators in Syria recruiting and tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment.”
Comey said that the same tension could be seen in domestic criminal investigations as well, adding that “there is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption.”
Comey’s post previews a showdown later this week on Capitol Hill, where he will testify before two powerful Senate committees on Wednesday about the dangers of law enforcement “going dark” in its investigations due to encryption. Comey will appear before the Intelligence Committee, a rare open hearing before the normally closed-door panel, and the Judiciary Committee.
The Obama administration has grown increasingly wary about encryption on smartphones ever since Apple and Google last year announced efforts to offer tighter security by default on their products. Earlier this year, President Obama warned that, “if we get into a situation which the technologies do not allow us at all to track somebody we’re confident is a terrorist … that’s a problem.”
But many cybersecurity experts strongly disagree with Obama and Comey. Many believe there is no such thing as a “golden key” for encryption that could allow law-enforcement, or national security professionals, access into an encrypted device without also creating a vulnerability that malicious hackers could exploit. A secret 2009 U.S. cybersecurity report obtained by Edward Snowden and published by The Guardian seemed to back that view up, warning that government and private computers are vulnerable to cyberattacks from Russia, China, and criminal actors if stronger encryption was not adopted across the board.
DefenseOne: http://bit.ly/1JdEgUX

« British PM Wants To Ban Encryption
Unlocking the Potential of the Internet of Things »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Concorde Technology Group

Concorde Technology Group

Concorde Technology Group is one of the UK’s leading IT support and services providers, delivering cost-effective and innovative IT solutions to businesses across the country.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.

Avatar Managed Services

Avatar Managed Services

Avatar offers proven, process driven IT support to companies who want to utilize their technology to their best advantage.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.