FBI’s International Framework On Encrypted Data Access

Uploaded on 2017-04-19 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law


FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.

Speaking recently, Comey suggested that the US might work with other countries on a “framework” for creating legal access to encrypted tech devices.

“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said.

Comey made his comments at the University of Texas at Austin, when trying to address a key concern facing US tech firms in the encryption debate: the fear that providing government access to their products might dampen their business abroad.

Critics have said this government access amounts to a “backdoor” into tech products that essentially weakens a device’s security, putting consumers at risk.

But another worry is the business impact. Customers might prefer non-US products that don't have law enforcement access. Comey said: “I don’t want to be any part of chasing the innovation from this great country to other places.”

However, he said that other nations such as France, Germany and the UK are also trying to solve the problem faced by law enforcement access to encrypted data. That might result in “inconsistent standards” that hurt the US companies, when it comes to their international business.

“There’s a danger that we, the mother and father of all this innovation, will be the last to solve it (the encryption problem),” he said. Comey didn’t elaborate further on his idea, but privacy experts are calling it unrealistic.

“I don’t think it makes sense,” said Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California Berkeley.

Comey’s idea means that all countries will essentially agree to weaken the security in their vendors’ tech products, Weaver said. However, other countries will balk, fearing that the US might exploit the cooperation for spying purposes.

“Would you still use a US product, even if you know the NSA (National Security Agency) could have the rights to it?” he said.
Others think any mandated government access to tech devices risks cyberespionage from US rivals.    

“Once you build that backdoor good luck trying to keep the Russians and Chinese out,” said Nate Cardozo, an attorney with the privacy advocate the Electronic Frontier Foundation.

Nevertheless, the FBI director has been more vocal in recent weeks about reigniting the encryption debate. He said the FBI had been trying to unlock 2,800 electronic devices, collected from federal agents and local police in criminal investigations. However, the FBI has failed to open 43 percent of them, even with classified techniques.

Although private companies are generating today’s technology, Comey said: “their job is not to decide how the American people should live. The American people should decide how they live.”

Last year, the FBI publicly feuded with Apple over gaining access to a locked iPhone from the San Bernardino shooter. But on Thursday, Comey said the tech industry can find an approach that creates government access, while keeping malicious actors out.

“I reject the, ‘it’s impossible’ response,” he said. “I just think we haven’t actually tried it.”

Cardozo said he doesn’t think Comey’s comments did much to convince anyone in Silicon Valley. “It’s childish to stomp your foot, and say, ‘nerds you have to try harder,’” Cardozo said.

Weaver said that both the tech industry and FBI have valid arguments in the encryption debate, but both sides are “talking past each other.”

However, unlike Comey, he doesn't see any middle ground in the encryption debate. "They are asking for something that cannot be done, without significantly weakening the systems," he said. 

Computerworld:

You Might Also Read: 

The FBI Is Looking For A Fight Over Encryption:

Apple's Questionable Victory Over the FBI:

European Privacy Directive: Encryption Without Backdoors:

Obama Says Apple's Technology Can't Be Inaccessible To The State:

 

« Safeguard Data When Employees Leave
Cyber Attacks Against Korean Missile Launches »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

CQS (Certified Quality Systems)

CQS (Certified Quality Systems)

CQS is an organisation specialising in ISO assessment and certification, including ISO 27001, along with other management system standards.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

SensorHound

SensorHound

SensorHound’s mission is to improve the security and reliability of the Internet of Things (IoT).

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

IdentityIQ

IdentityIQ

IdentityIQ is a US-based identity theft and credit protection company designed to help users stay on top identity thieves and data breaches.

DataCloak

DataCloak

DataCloak is an innovation company that focus on providing enterprise data-in-motion security solutions based on zero-trust security technology.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

LastPass

LastPass

LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.

Atlas Systems

Atlas Systems

Atlas Systems helps companies large and small accelerate their digital transformation journeys – expanding their capabilities and delivering tailored solutions including cybersecurity.