FBI director: Ability to unlock encryption is not a ‘fatal’ security flaw

[InfoSec News <alerts () infosecnews org>]

https://www.washingtonpost.com/world/national-security/fbi-director-ability-to-unlock-encryption-is-not-a-fatal-security-flaw/2015/09/10/6dd0ac8e-57fc-11e5-8bb1-b488d231bba2_story.html

By Ellen Nakashima
The Washington Post
September 10, 2015

In the tug of war between the government and U.S. companies over whether 
firms should hold a key to unlock encrypted communications, a frequent 
argument of technologists and privacy experts is that maintaining such a 
key poses a security threat.

But on Thursday, FBI Director James B. Comey pointed out that a number of 
major Internet companies do just that “so they can read our e-mails and 
send us ads.”

And, he said: “I’ve never heard anybody say those companies are 
fundamentally insecure and fatally flawed from a security perspective.”

Comey was airing a new line of government argument in the year-old public 
debate over the desirability of compelling Internet companies to provide a 
way for law enforcement to have access to decrypted communications.

Although he didn’t name names, he was alluding to major e-mail providers 
Google and Yahoo, which both encrypt customers’ e-mails as they fly 
between servers, but decrypt them once they land in order to scan them and 
serve customers relevant ads.

Comey, who spoke at a cyberthreats hearing held by the House Intelligence 
Committee, has been a leading voice advancing the concerns of law 
enforcement that the growing trend of strong encryption — where devices 
and some communications are encrypted and companies do not hold the keys 
to decode them — will increasingly leave criminal investigators in the 
dark.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/