FBI - Encryption is Great as Long as it Still Lets Us In

Uploaded on 2015-07-15 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

1389365257000-AP-State-Senator-Investigated-001.jpg

FBI Director James Comey

FBI Director James Comey defended his agency’s position that too-tough-to-crack encryption poses a threat to national security, arguing that terrorists are increasingly using the technology to lock out law enforcement and coordinate attacks.
Comey, in a brief op-ed appearing on the prominent national security blog Lawfare, said that “there are lots of good things” about universal strong encryption, such as expanded privacy and protection from cybercriminals. But those benefits must be balanced against the potential risks created by making it more difficult for the government to access the digital communications and data of those suspected of wrongdoing, he said.
“When the government’s ability—with appropriate predication and court oversight—to see an individual’s stuff goes away, it will affect public safety,” Comey wrote. “That tension is vividly illustrated by the current ISIL threat, which involves ISIL operators in Syria recruiting and tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment.”
Comey said that the same tension could be seen in domestic criminal investigations as well, adding that “there is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption.”
Comey’s post previews a showdown later this week on Capitol Hill, where he will testify before two powerful Senate committees on Wednesday about the dangers of law enforcement “going dark” in its investigations due to encryption. Comey will appear before the Intelligence Committee, a rare open hearing before the normally closed-door panel, and the Judiciary Committee.
The Obama administration has grown increasingly wary about encryption on smartphones ever since Apple and Google last year announced efforts to offer tighter security by default on their products. Earlier this year, President Obama warned that, “if we get into a situation which the technologies do not allow us at all to track somebody we’re confident is a terrorist … that’s a problem.”
But many cybersecurity experts strongly disagree with Obama and Comey. Many believe there is no such thing as a “golden key” for encryption that could allow law-enforcement, or national security professionals, access into an encrypted device without also creating a vulnerability that malicious hackers could exploit. A secret 2009 U.S. cybersecurity report obtained by Edward Snowden and published by The Guardian seemed to back that view up, warning that government and private computers are vulnerable to cyberattacks from Russia, China, and criminal actors if stronger encryption was not adopted across the board.
DefenseOne: http://bit.ly/1JdEgUX

« British PM Wants To Ban Encryption
Unlocking the Potential of the Internet of Things »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

Kernelios

Kernelios

Kernelios is a simulator-based training center and an incubator for cyber experts worldwide.

Panaseer

Panaseer

Panaseer is an enterprise cybersecurity automation and data analytics company that helps organizations stop preventable breaches by ensuring security controls are working effectively.

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

VIBE Cybersecurity International

VIBE Cybersecurity International

VIBE’s certificate-less authenticated encryption enables scalable, flexible key exchange, and other advanced cryptographic functions using identity-based elliptic curve cryptosystems (ECC).

TAC Security (TAC Infosec)

TAC Security (TAC Infosec)

TAC Security (aka TAC Infosec) is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

SurePassID

SurePassID

SurePassID is a provider of highly secure, highly extensible multi-factor authentication (MFA) solutions.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

Centroid

Centroid

Centroid is a cloud services and technology company that provides Oracle enterprise workload consulting and managed services across Oracle, Azure, Amazon, Google, and private cloud.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

Sterling Information Technologies

Sterling Information Technologies

Sterling is an information security, operational risk consulting and advisory group. Our Advisory services help to safeguard information assets while supporting business operations.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

Diversified Technical Services Inc. (DTSI)

Diversified Technical Services Inc. (DTSI)

DTSI provides a wide range of technology solutions for Federal Agencies, the Department of Defense, and commerical organizations with capabilities including Cyber Security and DevSecOps.

Soteria Communications

Soteria Communications

Soteria Communications supports clients to prepare for and manage crises, with a focus on cyber incidents.