Recently 60 Minutes aired a segment where FBI Director James Comey described how he threatened to quit as acting Attorney General back in 2004 rather than reauthorize warrantless wiretapping programs. He also described an old Hoover-era memo that he keeps on his desk as a reminder of what not to do. The memo is a request by J. Edgar Hoover to conduct “technical surveillance” on Martin Luther King Jr. The basic impression that 60 Minutes viewers come away with is that James Comey is a man who is “deeply skeptical of government power.”
This 20-minute biopic was likely timed in such a way as to prepare the public for Comey’s speech this past week at the Brookings Institution. Comey explained that in order to safeguard the public against terrorism he wanted U.S. companies to modify their encryption technology to offer a special backdoor for law enforcement. Strictly speaking Comey referred to this backdoor as a “front door,” but either way what he’s describing is a mechanism for the authorities to bypass encryption.
The concept of a secret golden key for authorities is a zombie idea from the 1990s. I’m talking about what’s known in cryptographic circles as “key escrow.” Under key escrow vendors create a built-in decryption password (also known as a decryption key) that’s held in escrow. When law enforcement agents supply a court order they can acquire the corresponding decryption key.
Key escrow died long ago and with good reason. This is because it’s impossible to create a backdoor that only the police can access. Once the escrow key finds its way out into the wild it can be utilized by crooks, spies, and oppressive governments for their own purposes. Key escrow puts everyone at risk.
In short, Comey suggests undermining digital security and privacy across an industry while concurrently asserting that he’s “looking for security that enhances liberty.”
This begs a question: why would the Director of the FBI knowingly advocate a strategy which is patently flawed? Does he assume collective amnesia? That thousands of security professionals have somehow forgotten the lessons of the past?
Good Cop/Bad Cop
Hi-tech companies need to keep quarterly profits strong and in order to do that they’ve got to manufacture the impression that they’re standing up for our civil liberties. As James Comey acknowledges encryption is a “marketing pitch.” A way to attract customers by distinguishing certain products from the rest. Government officials, many of them who end up working in the private sector after they leave office, are keenly aware of this.
By proposing to revive key escrow the FBI is essentially lending credibility to hi-tech companies, which come across as resisting the big bad government. Comey’s gambit makes it appear as though Silicon Valley is siding with users against intrusive government surveillance. Even though, despite marketing campaigns that plug encryption, the sad reality is that most hi-tech service providers don’t care one jot about user privacy. If anything hi-tech companies want to be able to collect as much data as possible because they can turn around and sell it. Government spies and online service providers have a lot in common.
Another thing to keep in mind is that the whole discussion of key escrow keeps the focus on overt backdoors, allowing the ensuing public debate to sidestep conversations about existing covert back doors. Rest assured that the FBI has plenty of tools in their arsenal to foil encryption. It’s been this way for well over a decade. For example, do some homework the Bureau’s Magic Lantern program. Or read up on how they snagged a Federal Cybersecurity Director on child pornography charges. The NSA, for instance, has a whole catalogue of “implants” that can be wielded to thwart encryption.
The Whole Snowden Spectacle
In addition to the mystifying resurrection of key escrow there are other signs that something is amiss. Specifically, in an early interview with the Guardian Ed Snowden declared:
“I don’t want to be a celebrity, I don’t want to go somewhere and have people pay attention to me, just as I don’t want to do that in the media. There are much more important issues in the world than me and what’s going on in my life and we should be focusing on those.”
And yet here we see Ed Snowden in a forlorn embrace with an American flag compliments of the techno-libertarians at Wired magazine. Then the Intercept covers how Ed is shacking up with his own pole dancing Miss Moneypenny as he stars in feature film and generally does his best to look like Tom Cruise. Avoiding the spotlight are we Ed? Ahem.
Did you know that Julian Assange is coming out with his own line of apparel? There’s a discernable commercial aroma that’s begun to accompany all this noble whistleblowing. In the case of the Ed Snowden affair I smell a billionaire. These days the plutocrats are following the mandates of the Powell memorandum and entrenching themselves in American policymaking apparatus, forming their own news outlets and political movements.
There are reasons why President Truman regretted turning the CIA “into peacetime cloak and dagger operations.” Clandestine programs of subversion are antithetical to democracy. By spotlighting the messenger, witness Ed Snowden’s descent to celebrity status, elements in the media create a parade that leads society away from the unsettling repercussions of mass surveillance (i.e. the specter of state capture).
Denouement – Selling Snake Oil
As NSA documents trickled into the public arena a cry arose that “something must be done.” And so both politicians and executives are engaged in obligatory gestures of sham opposition and faux public debate, a choreographed mind-numbing performance aimed to placate Main Street rabble without threatening the intelligence agencies or their corporate overlords in the defense sector. The DNI’s recent report on Presidential Policy Directive 28 illustrates this.
Quelle surprise! The proposal of surveillance restructuring is noise for rubes mostly, a head fake towards privacy protection that goes nowhere. Officials dither around the edges while leaving the global surveillance apparatus itself in place. As uproar subsides the public begins to wonder when Ed Snowden and Miss Moneypenny will be expecting their first child.
Chalk up a victory to the American Deep State.
Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal , and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.