FBI’s International Framework On Encrypted Data Access


FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.

Speaking recently, Comey suggested that the US might work with other countries on a “framework” for creating legal access to encrypted tech devices.

“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said.

Comey made his comments at the University of Texas at Austin, when trying to address a key concern facing US tech firms in the encryption debate: the fear that providing government access to their products might dampen their business abroad.

Critics have said this government access amounts to a “backdoor” into tech products that essentially weakens a device’s security, putting consumers at risk.

But another worry is the business impact. Customers might prefer non-US products that don't have law enforcement access. Comey said: “I don’t want to be any part of chasing the innovation from this great country to other places.”

However, he said that other nations such as France, Germany and the UK are also trying to solve the problem faced by law enforcement access to encrypted data. That might result in “inconsistent standards” that hurt the US companies, when it comes to their international business.

“There’s a danger that we, the mother and father of all this innovation, will be the last to solve it (the encryption problem),” he said. Comey didn’t elaborate further on his idea, but privacy experts are calling it unrealistic.

“I don’t think it makes sense,” said Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California Berkeley.

Comey’s idea means that all countries will essentially agree to weaken the security in their vendors’ tech products, Weaver said. However, other countries will balk, fearing that the US might exploit the cooperation for spying purposes.

“Would you still use a US product, even if you know the NSA (National Security Agency) could have the rights to it?” he said.
Others think any mandated government access to tech devices risks cyberespionage from US rivals.    

“Once you build that backdoor good luck trying to keep the Russians and Chinese out,” said Nate Cardozo, an attorney with the privacy advocate the Electronic Frontier Foundation.

Nevertheless, the FBI director has been more vocal in recent weeks about reigniting the encryption debate. He said the FBI had been trying to unlock 2,800 electronic devices, collected from federal agents and local police in criminal investigations. However, the FBI has failed to open 43 percent of them, even with classified techniques.

Although private companies are generating today’s technology, Comey said: “their job is not to decide how the American people should live. The American people should decide how they live.”

Last year, the FBI publicly feuded with Apple over gaining access to a locked iPhone from the San Bernardino shooter. But on Thursday, Comey said the tech industry can find an approach that creates government access, while keeping malicious actors out.

“I reject the, ‘it’s impossible’ response,” he said. “I just think we haven’t actually tried it.”

Cardozo said he doesn’t think Comey’s comments did much to convince anyone in Silicon Valley. “It’s childish to stomp your foot, and say, ‘nerds you have to try harder,’” Cardozo said.

Weaver said that both the tech industry and FBI have valid arguments in the encryption debate, but both sides are “talking past each other.”

However, unlike Comey, he doesn't see any middle ground in the encryption debate. "They are asking for something that cannot be done, without significantly weakening the systems," he said. 

Computerworld:

You Might Also Read: 

The FBI Is Looking For A Fight Over Encryption:

Apple's Questionable Victory Over the FBI:

European Privacy Directive: Encryption Without Backdoors:

Obama Says Apple's Technology Can't Be Inaccessible To The State:

 

« Safeguard Data When Employees Leave
Cyber Attacks Against Korean Missile Launches »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Digital Shadows

Digital Shadows

Digital Shadows is a cyber threat intelligence company that helps clients discover sensitive data exposed through social media, cloud services and mobile devices

Tresorit

Tresorit

Tresorit helps teams to collaborate securely and easily by protecting their data with end-to-end encryption.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Quick Heal Technologies

Quick Heal Technologies

Quick Heal Technologies is a leading IT security solutions provider focused on endpoint and network security solutions.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Vehere

Vehere

Vehere specialises in mission critical signals aquisition and analytics platform and cyber defence systems.

M12

M12

M12 (formerly Microsoft Ventures) is the corporate venture capital subsidiary of Microsoft.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

Viettel Cyber Security

Viettel Cyber Security

Viettel Cyber Security is an organization under the Military Telecommunication Industry Group, conducting research and developing information security solutions for domestic and foreign customers.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Diligent

Diligent

Diligent's SaaS GRC platform gives leaders a connected view of governance, risk, compliance and ESG across their organization.

BAE Systems

BAE Systems

BAE Systems develop, engineer, manufacture, and support products and systems to deliver military capability, protect national security, and keep critical information and infrastructure secure.

InnovateHer

InnovateHer

At InnovateHer, our vision is to make the tech sector more equitable, by increasing diversity across the spectrum and creating more inclusive workplaces.