FBI’s International Framework On Encrypted Data Access

Uploaded on 2017-04-19 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law


FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.

Speaking recently, Comey suggested that the US might work with other countries on a “framework” for creating legal access to encrypted tech devices.

“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said.

Comey made his comments at the University of Texas at Austin, when trying to address a key concern facing US tech firms in the encryption debate: the fear that providing government access to their products might dampen their business abroad.

Critics have said this government access amounts to a “backdoor” into tech products that essentially weakens a device’s security, putting consumers at risk.

But another worry is the business impact. Customers might prefer non-US products that don't have law enforcement access. Comey said: “I don’t want to be any part of chasing the innovation from this great country to other places.”

However, he said that other nations such as France, Germany and the UK are also trying to solve the problem faced by law enforcement access to encrypted data. That might result in “inconsistent standards” that hurt the US companies, when it comes to their international business.

“There’s a danger that we, the mother and father of all this innovation, will be the last to solve it (the encryption problem),” he said. Comey didn’t elaborate further on his idea, but privacy experts are calling it unrealistic.

“I don’t think it makes sense,” said Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California Berkeley.

Comey’s idea means that all countries will essentially agree to weaken the security in their vendors’ tech products, Weaver said. However, other countries will balk, fearing that the US might exploit the cooperation for spying purposes.

“Would you still use a US product, even if you know the NSA (National Security Agency) could have the rights to it?” he said.
Others think any mandated government access to tech devices risks cyberespionage from US rivals.    

“Once you build that backdoor good luck trying to keep the Russians and Chinese out,” said Nate Cardozo, an attorney with the privacy advocate the Electronic Frontier Foundation.

Nevertheless, the FBI director has been more vocal in recent weeks about reigniting the encryption debate. He said the FBI had been trying to unlock 2,800 electronic devices, collected from federal agents and local police in criminal investigations. However, the FBI has failed to open 43 percent of them, even with classified techniques.

Although private companies are generating today’s technology, Comey said: “their job is not to decide how the American people should live. The American people should decide how they live.”

Last year, the FBI publicly feuded with Apple over gaining access to a locked iPhone from the San Bernardino shooter. But on Thursday, Comey said the tech industry can find an approach that creates government access, while keeping malicious actors out.

“I reject the, ‘it’s impossible’ response,” he said. “I just think we haven’t actually tried it.”

Cardozo said he doesn’t think Comey’s comments did much to convince anyone in Silicon Valley. “It’s childish to stomp your foot, and say, ‘nerds you have to try harder,’” Cardozo said.

Weaver said that both the tech industry and FBI have valid arguments in the encryption debate, but both sides are “talking past each other.”

However, unlike Comey, he doesn't see any middle ground in the encryption debate. "They are asking for something that cannot be done, without significantly weakening the systems," he said. 

Computerworld:

You Might Also Read: 

The FBI Is Looking For A Fight Over Encryption:

Apple's Questionable Victory Over the FBI:

European Privacy Directive: Encryption Without Backdoors:

Obama Says Apple's Technology Can't Be Inaccessible To The State:

 

« Safeguard Data When Employees Leave
Cyber Attacks Against Korean Missile Launches »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Socura

Socura

Socura helps make the digital world a safer place; changing the way organisations think about cyber security through a dynamic, innovative, and human approach.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.

S4E (Security for Everyone)

S4E (Security for Everyone)

At S4E.io, our mission is to democratize digital security, making it accessible, simple, and effective for individuals and businesses of all sizes.

Corgea

Corgea

Corgea is AI-powered security platform that finds, triages and fixes your insecure code.