FBI’s International Framework On Encrypted Data Access


FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.

Speaking recently, Comey suggested that the US might work with other countries on a “framework” for creating legal access to encrypted tech devices.

“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said.

Comey made his comments at the University of Texas at Austin, when trying to address a key concern facing US tech firms in the encryption debate: the fear that providing government access to their products might dampen their business abroad.

Critics have said this government access amounts to a “backdoor” into tech products that essentially weakens a device’s security, putting consumers at risk.

But another worry is the business impact. Customers might prefer non-US products that don't have law enforcement access. Comey said: “I don’t want to be any part of chasing the innovation from this great country to other places.”

However, he said that other nations such as France, Germany and the UK are also trying to solve the problem faced by law enforcement access to encrypted data. That might result in “inconsistent standards” that hurt the US companies, when it comes to their international business.

“There’s a danger that we, the mother and father of all this innovation, will be the last to solve it (the encryption problem),” he said. Comey didn’t elaborate further on his idea, but privacy experts are calling it unrealistic.

“I don’t think it makes sense,” said Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California Berkeley.

Comey’s idea means that all countries will essentially agree to weaken the security in their vendors’ tech products, Weaver said. However, other countries will balk, fearing that the US might exploit the cooperation for spying purposes.

“Would you still use a US product, even if you know the NSA (National Security Agency) could have the rights to it?” he said.
Others think any mandated government access to tech devices risks cyberespionage from US rivals.    

“Once you build that backdoor good luck trying to keep the Russians and Chinese out,” said Nate Cardozo, an attorney with the privacy advocate the Electronic Frontier Foundation.

Nevertheless, the FBI director has been more vocal in recent weeks about reigniting the encryption debate. He said the FBI had been trying to unlock 2,800 electronic devices, collected from federal agents and local police in criminal investigations. However, the FBI has failed to open 43 percent of them, even with classified techniques.

Although private companies are generating today’s technology, Comey said: “their job is not to decide how the American people should live. The American people should decide how they live.”

Last year, the FBI publicly feuded with Apple over gaining access to a locked iPhone from the San Bernardino shooter. But on Thursday, Comey said the tech industry can find an approach that creates government access, while keeping malicious actors out.

“I reject the, ‘it’s impossible’ response,” he said. “I just think we haven’t actually tried it.”

Cardozo said he doesn’t think Comey’s comments did much to convince anyone in Silicon Valley. “It’s childish to stomp your foot, and say, ‘nerds you have to try harder,’” Cardozo said.

Weaver said that both the tech industry and FBI have valid arguments in the encryption debate, but both sides are “talking past each other.”

However, unlike Comey, he doesn't see any middle ground in the encryption debate. "They are asking for something that cannot be done, without significantly weakening the systems," he said. 

Computerworld:

You Might Also Read: 

The FBI Is Looking For A Fight Over Encryption:

Apple's Questionable Victory Over the FBI:

European Privacy Directive: Encryption Without Backdoors:

Obama Says Apple's Technology Can't Be Inaccessible To The State:

 

« Safeguard Data When Employees Leave
Cyber Attacks Against Korean Missile Launches »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Singularico

Singularico

Singularico help secure your software using the power of AI.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Covenant Technologies

Covenant Technologies

Make Covenant Technologies the only choice for your IT and cybersecurity recruitment needs. We deliver quality candidates at the forefront of the cybersecurity and IT industry.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.