Encryption

DNC Hacks and Leaky Government Make Encryption Restrictions Look More Foolish Than Ever

FBI investigations reveal that encryption is increasingly important, and government officials can't be trusted with a backdoor.

|

James Comey
Dennis Brack/dpa/picture-alliance/Newscom

How telling is it that in the summer of the hacker, when politicians have been repeatedly (and entertainingly!) humiliated by unauthorized access to information, FBI Director James Comey is still wagging his finger at the American public, chastising us for our insistence on protecting privacy by encrypting our gadgets and communications.

"In the first 10 months of this fiscal year, our examiners received 5,000 or so devices from state and local law enforcement asking for our help, with a search warrant, to open those devices. About 650 of them we could not open. We did not have the technology. We can't open them. They are a brick to us," he told the American Bar Association annual meeting.

Well, yes. That's the whole idea of encrypting things, as well as of locking doors, and hiding valuables—so that strangers can't get to them without our permission.

This should be an obvious point to Comey, who recently excoriated former Secretary of State Hillary Clinton for her sloppy handling of classified emails. In a now-famous July press conference, Comey stopped short of recommending the current presidential candidate's prosecution, but took her and her staff to task for being "extremely careless in their handling of very sensitive, highly classified information." He went on to admit "hostile actors gained access to the private commercial e-mail accounts of people with whom Secretary Clinton was in regular contact" and that "it is possible that hostile actors gained access to Secretary Clinton's personal e-mail account."

How could that be? In part, because "for the first 3 months of Secretary Clinton's term, access to the [email] server was not encrypted or authenticated with a digital certificate," according to cybersecurity firm Venafi. During that time she traveled to countries including China, Egypt, Indonesia, Israel, Japan and South Korea where her messages were relayed through networks controlled by foreign officials. Even after that time, only server access was encrypted—not the email itself.

Since then, of course, the Democratic National Committee also found itself on the receiving end of hackers' curiosity—with the results released for public edification. The Democratic presidential nomination convention, expected to be a somnolent coronation, was much enlivened by the release of a treasure trove of communications revealing the allegedly impartial party apparatus colluding with the Clinton campaign (and friendly journalists) to defeat rival Bernie Sanders.

It's all very amusing for the public at large, but it's also a fiasco that could have been prevented had the DNC implemented basic security measures.

"Encrypt everything! I'm here to preach the gospel of encryption," commented Jamie Winterton, director of strategy for Arizona State University's Global Security Initiative. "While of course I'm not standing up for unethical, immoral or illegal activities being hidden by encryption, the DNC could have avoided it by encrypting their files and communications."

But they didn't. And now the FBI—headed by Comey—is investigating the incident.

And today roughly 200 members of Congress are screeching over the unauthorized release of their email addresses and phone numbers which, shudder, might allow constituents to actually contact them. This comes as the result of a hack of the Democratic Congressional Campaign Committee which is also being investigated by the FBI.

Y'know, a different FBI might recommend that government officials, political parties, businesses, and the world at large should take security more seriously and implement measures such as encryption to prevent data breaches. But Comey's FBI has bigger worries—it's afraid that pawing through our text messages and emails is going to become too difficult. It might have to ask for them instead of browsing at will.

Actually, asking for them is the traditional way. As Comey acknowledges in his ABA speech, "We have never had absolute privacy in this country. … Any one of us, in appropriate circumstances, can be compelled to say what we saw. Our communications with our lawyers, with our clergy, with our spouses, are not absolutely private. They can be pierced in the appropriate circumstance."

But that hasn't changed. If you have an encrypted phone, the government can seek a court order to compel you to decrypt it. If you refuse, you can be punished. The government might not get the information it seeks, but you'd face the consequences for concealing it—just as you would, for example, if you refused to produce financial documents that you'd hidden away, or refused to testify about facts that only you know.

True, "we have never had absolute privacy" guaranteed by law in this country. But it's also true that the government has never had an absolute guarantee that it could find everything it looked for—sometimes all it can do is penalize noncompliant people.

And that's a hell of a lot safer than entrusting the power to curb privacy protections or require backdoor access to communications to officials who continue to leak sensitive information a year after losing personnel files on every single federal employee, including extremely personal details on intelligence officers, to hackers allegedly sponsored by the Chinese government (also investigated by the FBI, by the way). The keys to the hobbled encryption Comey plans to allow us are the one type of sensitive information the geniuses in Washington, D.C., will keep safe? Really?

And that's assuming benign intent on the part of government officials—that their inevitable fumbling of our privacy will be accidental, not malicious. But Comey started his ABA speech by conceding that the United States government has sometimes abused its power. He described an open-ended application for authority to wiretap Martin Luther King submitted by FBI legend J. Edgar Hoover and signed by Robert F. Kennedy. "Then they were off, bugging and wiretapping King without limitation, without constraint, without oversight," he said.

Comey tells the story to underline his desire for balance, which in his view requires limits on state authority, but also compromises when it comes to personal privacy. But that balance, arguably, already exists in the power of the courts to compel people, through appropriate process, to produce information and to punish people who refuse. The authorities won't always get what they want, but they'll get most of it if they follow the rules. Meanwhile, the rest of the population remains reasonably secure.

Compromising everybody's privacy while hoping that the likes of Hoover and Kennedy never reappear and that government officials will start demonstrating a level of competence that has hitherto remained far beyond their reach isn't a considered effort to reach balance at all—except maybe in the sense of a high-wire act, without a net.

James Comey and his colleagues say we need to learn from the past in "forcing constraint and oversight into all of our lives." Maybe he'd be better off learning from the investigations his own agency has undertaken in recent months and see that encryption, unhampered by meddling officials, is more important than ever.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

29 responses to “DNC Hacks and Leaky Government Make Encryption Restrictions Look More Foolish Than Ever

  1. Agile Cyborg doesn’t have to bother with encrypting anything. There is a lesson there for all of us.

    1. My last pay check was 9700 dollar working 12 hours a week online. My sisters friend has been averaging 15k for months now and she works about 20 hours a week. I can’t believe how easy it was once I tried it out.
      This is what I do,…. http://bit.do/FOX92

    2. Anybody can earn 450$+ daily… You can earn from 9000-14000 a month or even more if you work as a full time job…It’s easy, just follow instructions on this page, read it carefully from start to finish… It’s a flexible job but a good eaning opportunity.. go to this site home tab for more detail… http://bit.do/ctDjs

  2. It seems to me there’s an easy way to get around the government forced decryption. Set up your phone so that it requires a successful password entry every 24 hours or it wipes itself. Then all you have to do is stall for one day and poof.

  3. OT: Just heard George Soros referred to as ‘the liberal billionaire’. Considering that he was/is an actual Nazi I suppose that is accurate.

    1. From what I’ve heard, a significant portion of the illegal grow ops are conducted by the sheriff offices themselves in more rural areas. They have access to and can control surveillance of large uninhabited areas.

    2. Up here in the great progressive north it’s the same, many legal grows are ex RCMP, the phrase “it’s rigged” springs to mind.

      As a multi decade, self reliant producer it doesn’t affect me personally, the issue of course is the government picking the winners.

  4. I’ve worked in IT, trying to explain to my boss why QWETRTY1 isn’t a good password is an exercise in frustration. Fuck it, only the nerds recognize the value of strong passwords.

    1. Yep. A good mix of upper, lower, numerical, and special characters.

      1. … of sufficient length (at least 12 characters if you have access to the full printable ASCII table, 14 if you just have upper- and lower-case letters and numbers).

        1. What if you’re using the entire Unicode table? 😀

        2. If your password is for AD (i.e. for logging into windows networks at work) then you should use a minimum of 16 characters of all character classes.

    2. At the first firm where I worked, I was de facto in-house technical support in addition to what I had been hired to do. Sweet baby Baphomet, you would not believe what supposedly highly educated and technologically savvy people chose as passwords.

    3. Let them get hacked. That usually teaches them a very poignant and memorable lesson, especially if they get hit by crypto-ransomware AND they’ve been blowing you off when you remind them to back up their files regularly.

  5. ” the DNC could have avoided it by encrypting their files and communications.”

    This is clearly blaming the victim and that IS NOT OK

    1. I have a hard time thinking of either the DNC or GOP as victims.

      1. You must be joking. Clearly they are victims of the hard-headed, ignorant masses they must govern. Look how we’ve failed the One during His time in as our Ruler!

    2. Teach hackers not to hack.

      1. make it a crime to hack, oh never mind

  6. “Any one of us, in appropriate circumstances, can be compelled to say what we saw. Our communications with our lawyers, with our clergy, with our spouses, are not absolutely private. They can be pierced in the appropriate circumstance.”

    “Pillow talks with our lovers, even our innermost fantasies — all penetrable. BWAHAHAHAHAHAAA!!”

    1. Boy, these masturbation euphemisms are getting permeable.

  7. What’s sad is that this article was written before the NSA hack came to light.

  8. RE: DNC Hacks and Leaky Government Make Encryption Restrictions Look More Foolish Than Ever
    FBI investigations reveal that encryption is increasingly important, and government officials can’t be trusted with a backdoor.

    Encryption is a key element in privacy. Therefore, the little people should not be trusted with it. Encryption is a sign of guilt and must be investigated by our loving socialist slaver masters if we are to continue down the path of enlightened socialist slavery. History, especially 20th century world history, has shown time and again that the ruling class has always known what is best for the unwashed masses, and have always produced happy and contented little people when they have been ruled with an iron fist. Employing encryption only raises the eyebrows of our penthouse progressives that enslave us. Encryption only makes them sad that the untermenschen does not trust them enough to allow common languages so the secret police can review their comments for possible counter-revolutionary thoughts and writings. Therefore it is time to end all forms of encryption if we are to put our faith and love in those who rule over us in a benevolent, beneficent and heavy handed matter if we are to be a true workers paradise.

  9. Molly . I can see what your saying… Samuel `s c0mment is unimaginable… last monday I got a great new Infiniti after bringing in $6142 this past month and-also, $10k lass month . without a question it is the most comfortable work I’ve had . I began this 5 months ago and straight away began to make over $81 p/h

    +_+_+_+_+_+_+_+_+ http://www.factoryofincome.com

  10. Christopher . if you, thought Maria `s postlng is astonishing… on thursday I got a gorgeous Honda NSX from having made $8819 this-past/5 weeks and-more than, $10 thousand this past munth . without a doubt it is the nicest work Ive had . I started this 8-months ago and pretty much immediately startad bringin home at least $78.
    +_+_+_+_+_+_+_+_+ http://www.factoryofincome.com

  11. There is currently another scandal brewing, with hackers having posted a portion of what they claim to be the NSA’s hacking toolset. The remaining portion is up for auction.

    So we are now confronted with the very real possibility that some of the most sophisticated tools in the world for gaining unauthorized access to computer systems and data are now in the hands of an unknown number of unknown hackers.

    This pretty much vindicates Apple’s entire argument. Their compromised OS was never written so it is safe from all manner of prying eyes.

Please to post comments

Comments are closed.