FBI Official Reluctantly Touts Encryption Since US Telecom Providers Are Still Compromised By Chinese Hackers

Thanks to government-mandated backdoors in US telecom/broadband services, the FBI — at least in the form of an official who refused to identify themself — has had to recommend (albeit extremely half-heartedly) that encrypted communications are perhaps the only thing keeping phone owners from being actively surveilled by Chinese hackers.

The news of a massive breach linked to “Salt Typhoon,” a Chinese state-sponsored hacking group made at least one thing perfectly clear: the sort of encryption the FBI approves of — the one with all the holes in it — is a terrible idea. What was leveraged here were the backdoors created for law enforcement access. To facilitate wiretaps, telcos and broadband providers were required by CALEA (Communications Assistance for Law Enforcement Act) to proactively make surveillance easier for law enforcement. The law, passed in 1994, originally targeted phone companies. The law was amended in 2006 to cover broadband providers.

There’s no such thing as a “safe” encryption backdoor. That much has been made obvious by this hack, along with the disturbing fact that it appears — months after discovery — these systems are still very much compromised.

If there’s any good that might come of this, it’s that the FBI might finally stop bitching so much about what it calls “warrant-proof” encryption. That’s just encryption to the rest of us, but one without government-mandated backdoors a government — whether it’s ours or China’s — can exploit at will.

With no end in sight, government officials — including one representing the FBI — are telling people to keep their devices and software updated, to set up multi-factor authentication wherever possible, and, believe it or not, to utilize encrypted services.

In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.

“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible,” Greene said.

It’s no surprise a CISA rep would encourage the use of encrypted services. No one actually involved in cyber security would ever say otherwise. The FBI — personified here by a nameless official — says pretty much the same thing, although it’s not quite as enthusiastic about recommending encryption.

The FBI official said, “People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant” multi-factor authentication for email, social media and collaboration tool accounts.

I would love to know what this person’s definition of “responsibly managed encryption” is. For those of us who aren’t on board with the FBI’s anti-encryption plans, that would be any encrypted service that hasn’t been deliberately weakened by service providers to serve government interests. For the FBI, I would imagine it means the opposite. Or, at the very least, “responsibly managing” encryption means willingly handing over passcodes to any law enforcement investigator that asks for them prior to performing a device search.

But even if the FBI can’t bring itself to wholeheartedly recommend strong encryption, this massive breach undercuts any arguments it might attempt to make in the near future in favor of weakened encryption, a.k.a., the “lawful access” it has tried to convince legislators for years would never result in EXACTLY THE SORT OF THING WE’RE SEEING RIGHT NOW.

Hopefully, this will bring a swift — if temporary — end to the FBI’s anti-encryption agitating. But with a new(ish) boss coming to town early next year, all the logic in the world likely won’t make much of a difference if the returning president decides encryption is just another obstacle (you know, like civil rights) law enforcement shouldn’t have to deal with when going after the baddies.