FBI - Encryption is Great as Long as it Still Lets Us In

1389365257000-AP-State-Senator-Investigated-001.jpg

FBI Director James Comey

FBI Director James Comey defended his agency’s position that too-tough-to-crack encryption poses a threat to national security, arguing that terrorists are increasingly using the technology to lock out law enforcement and coordinate attacks.
Comey, in a brief op-ed appearing on the prominent national security blog Lawfare, said that “there are lots of good things” about universal strong encryption, such as expanded privacy and protection from cybercriminals. But those benefits must be balanced against the potential risks created by making it more difficult for the government to access the digital communications and data of those suspected of wrongdoing, he said.
“When the government’s ability—with appropriate predication and court oversight—to see an individual’s stuff goes away, it will affect public safety,” Comey wrote. “That tension is vividly illustrated by the current ISIL threat, which involves ISIL operators in Syria recruiting and tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment.”
Comey said that the same tension could be seen in domestic criminal investigations as well, adding that “there is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption.”
Comey’s post previews a showdown later this week on Capitol Hill, where he will testify before two powerful Senate committees on Wednesday about the dangers of law enforcement “going dark” in its investigations due to encryption. Comey will appear before the Intelligence Committee, a rare open hearing before the normally closed-door panel, and the Judiciary Committee.
The Obama administration has grown increasingly wary about encryption on smartphones ever since Apple and Google last year announced efforts to offer tighter security by default on their products. Earlier this year, President Obama warned that, “if we get into a situation which the technologies do not allow us at all to track somebody we’re confident is a terrorist … that’s a problem.”
But many cybersecurity experts strongly disagree with Obama and Comey. Many believe there is no such thing as a “golden key” for encryption that could allow law-enforcement, or national security professionals, access into an encrypted device without also creating a vulnerability that malicious hackers could exploit. A secret 2009 U.S. cybersecurity report obtained by Edward Snowden and published by The Guardian seemed to back that view up, warning that government and private computers are vulnerable to cyberattacks from Russia, China, and criminal actors if stronger encryption was not adopted across the board.
DefenseOne: http://bit.ly/1JdEgUX

« British PM Wants To Ban Encryption
Unlocking the Potential of the Internet of Things »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Roka Security

Roka Security

Roka Security is a boutique security firm specializing in full-scale network protection, defending against advanced attacks, and rapid response to security incidents.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Henderson Scott

Henderson Scott

Henderson Scott is a provider of award winning IT recruitment services in core technical markets including Cyber & Information Security.

Newtech Recycyling

Newtech Recycyling

Newtech Recycyling specializes in the removal and disposal of IT infrastructure which has reached the end of its life cycle.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

Hassans International Law Firm

Hassans International Law Firm

Hassans is the largest law firm in Gibraltar, providing a full range of legal services across corporate and commercial law including Data Protection and GDPR compliance.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

Simplilearn

Simplilearn

Simplilearn is the world's #1 online bootcamp for digital skills training in disciplines such as Cyber Security, Cloud Computing, Project Management, Digital Marketing, and Data Science.

TechBase

TechBase

TechBase is an innovation and start-up center offering technology-oriented start-ups optimal conditions for successful business development.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.