Information Security News mailing list archives
FBI director: Ability to unlock encryption is not a ‘fatal’ security flaw
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 11 Sep 2015 07:58:12 +0000 (UTC)
https://www.washingtonpost.com/world/national-security/fbi-director-ability-to-unlock-encryption-is-not-a-fatal-security-flaw/2015/09/10/6dd0ac8e-57fc-11e5-8bb1-b488d231bba2_story.html By Ellen Nakashima The Washington Post September 10, 2015In the tug of war between the government and U.S. companies over whether firms should hold a key to unlock encrypted communications, a frequent argument of technologists and privacy experts is that maintaining such a key poses a security threat.
But on Thursday, FBI Director James B. Comey pointed out that a number of major Internet companies do just that “so they can read our e-mails and send us ads.”
And, he said: “I’ve never heard anybody say those companies are fundamentally insecure and fatally flawed from a security perspective.”
Comey was airing a new line of government argument in the year-old public debate over the desirability of compelling Internet companies to provide a way for law enforcement to have access to decrypted communications.
Although he didn’t name names, he was alluding to major e-mail providers Google and Yahoo, which both encrypt customers’ e-mails as they fly between servers, but decrypt them once they land in order to scan them and serve customers relevant ads.
Comey, who spoke at a cyberthreats hearing held by the House Intelligence Committee, has been a leading voice advancing the concerns of law enforcement that the growing trend of strong encryption — where devices and some communications are encrypted and companies do not hold the keys to decode them — will increasingly leave criminal investigators in the dark.
[...]
-- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- FBI director: Ability to unlock encryption is not a ‘fatal’ security flaw InfoSec News (Sep 11)