> One of my children described to me what our problem is in recruiting. She said, “Dad, the problem is you’re the man.” I thought that was a compliment, so I said, “Thank you, I really appreciate that.” She said, “Dad, I don’t mean that in a good way. I mean you’re the ‘Man.’ Who would want to work for the ‘Man’?” I think she’s right. But I said to her, “You know, if people saw what this ‘Man’ and ‘Woman’ of the FBI was like, and what we do, and the challenges we face, I think they’d want to come work for us.”
Given that even after his daughter explained the term to him, he still doesn't know that 'The' is part of the phrase, I'm not sure if The Director of the FBI knows what the phrase 'The Man' means...
Well shoot, you keep producing plausible explanations: so now he might be so narcissistic that he thinks the reason he can't find capable subordinates is because people are intimidated by his awesomeness.
Wow, that is a stretch and reads like an advocacy of Bible skip code or Nostradamus predictions. So the best case scenario is that he doesn't understand conversational context? Well I stand corrected: he is either a liar, suffers from a mental disorder, or isn't a native English speaker.
"This is an enormous challenge for us, as for everybody in the government who’s sitting here, because we do not have the dough. We cannot compete on dough."
How are we not funding competitive salaries in this field when it's absolutely crucial to the safety of the nation?
> How are we not funding competitive salaries in this field when it's absolutely crucial to the safety of the nation?
The same could be asked about soldiers, teachers, and many others. Funding doesn't correlate well at all with to importance to society.
Football coaches are the highest paid employees of very many universities in the U.S., more than Nobel prize winning scientists, world-changing artists and social scientists, and life-saving doctors. Bench-riding professional athletes usually make more than the general commanding all U.S. forces in the Mideast.
If you believe those "tech salary" HN threads, there are top engineers at top tech companies making $400K. That's how much the president of the US makes. Good luck.
Exactly. And then there is a long chain of dept. heads, managers and so on in there. There is no way they'll accept making less money than some developer, even if they happen to be very good.
Now if they wanted to be creative they could for example build more offices out in other parts of town, make them more accessible, more moderen, allow a lot more vacation time, say start at 6 weeks, allow sabaticals and so on. But I just don't see FBI going that route.
I don't like that I'm paying the salary of people that spy on me, I'd really not like it if they were paid more than me. The USG dedicates very few resources to actual IT defense, the vast majority of the funding goes to attacking and intentionally crippling our own infrastructure.
Since when are we worried about safety of the citizens? It is more cost efficient to worry about safety of the corporations. And it is a great way for corporations to externalize their security costs. What's not to love?
(sarcasm)
Because all the funds we earmark for public safety are gobbled up by lowlife middlefolk and their cronies, the snake oil salefolk. Look at our defense spend, and compare it with the pitiful recompense seen by the people we expose to risk.
It's important to note that this means handicapped people are no longer allowed desk jobs as analysts at the FBI. Missing a limb? You can't fight crime anymore!
That's not my primary concern, though, per se. My concern is that firing and disqualifying people who are otherwise talented MUST reduce clearance rates. It's can't NOT do that. If FBI employees looking fit is more important to Mr. Comey[1] than arresting murderers, I have absolutely no interest in his organization.
[1] “I want you to look like the squared-away object of that reverence,” Comey wrote in a memo to agents. “I want the American people to be able to take one glance at you and think, ‘THERE is a special agent of the Federal Bureau of Investigation.’” http://www.vanityfair.com/news/2015/04/fbi-fitness-test
The FBI fitness test: hire people who have a higher statistical possibility of being narcissistic. (Wikipedia: "Narcissism is the pursuit of gratification from vanity or egotistic admiration of one's own attributes.")
Respect my authority. Bow and be reverent when I question you. Be glad I don't beat you to a bloody pulp right here when nobody is looking.
This sounds like way too much, but the sibling comment is a bit too little. Saying fatsos don't get a badge and a get a shittier title IS a deliberate status punishment. Reminds me of strong negative opinions I have about high school, where push-up ability translates into pecking order position.
Comey's statement does seem at least slightly vainglorious. He certainly has a high opinion of how the FBI should be viewed (exceeding, for instance, 'professional' or 'public servant's), and believes it should be obvious who FBI agents are, which will annihilate their undercover operations. So he is sacrificing a lot in order to get big(ger), dumb(er, due to firing and not hiring good investigators) jocks.
But I don't think it is meant to engender obedience or fear in civilians. I think it is just a Bad Decision.
The tri-letters seek more and more access to personal data, yet their own transparency worsens and their operations are increasingly classified or confidential, even to members of Congress. We have more reason to be concerned about the dark areas of government than Mr. Comey's "dark room" of civil privacy. Defending civil liberties is an uphill battle because their importance is not as immediately apparent as the security predicament of the day. On the other hand, once the government gains a new mandate and new authority it's rarely willing to relinquish this power once the cause for the mandate has been resolved or the solution demonstrated unworkable. So we should be cautious about granting broad authority to solve today's problems; we'll have to live with the consequences tomorrow and days to come even if it's realized the cure was worse than the disease.
The end game of government is all dark-room. Bills are written in secret by lobbying groups, treaties are negotiated and signed in secret, the TSA can arrest people through secret laws, more and more government lawsuits are in secret, we can withhold prisoners indefinitely in secret, the fact that a secret organization contacted you and demanded secret information is secret.
This isn't just TLAs, it's the entirety of government. Some bits and pieces are farther along than others, but it's all heading that way (same with local governments).
Edit: did I mention starting/conducting wars through secret re-interpretations of existing laws?
Edit 2: did I mention you can be prosecuted with secret evidence you and your lawyer aren't allowed to see?
Brought to you by the same agency you know and love who also gave you previous favorites such as "Trying to Make MLK Jr. Commit Suicide" and "Planning to Execute Occupy Protesters With Sniper Teams."
I don't believe the leaked document indicated government agents or personnel planned to kill leaders via suppressed sniper fire. You're talking about page 61 of this document I assume? http://www.justiceonline.org/fbi_files_ows
That document doesn't say that the FBI was trying to assassinate the Occupy Houston leaders. It says the FBI uncovered some other party's plot (apparently, organized crime) to do that. Ryan Shapiro sued to find who the snipers were but was eventually denied. http://www.courthousenews.com/2015/02/06/fbi-gets-ok-on-alle...
See the article linked at the end of my previous post:
> The FBI was right to withhold records about an alleged murder plot targeting the leaders of Occupy Houston, to protect its informants, a federal judge ruled.
(U) Law Enforcement Sensitive: This information is the property of the FBI and may be distributed to
state, tribal, or local government law enforcement officials with a need-to-know. Further distribution
without FBI authorization is prohibited. Precautions should be taken to ensure this information is stored
and/or destroyed in a manner that precludes unauthorized access.
None of the threats they mention involve encryption much, not in the sense of the FBI having access to the content. Ransomeware and phishing attacks, which are the high-cost items now, don't need that.
Anti-terrorism might, but US terrorism today is a family affair. Since 2010, almost all US terrorism attacks have been by individuals.
The Las Vegas shooting, Boston marathon bombing and the San Bernardino massacre were by family members. The Garland, TX shooting was three guys from Phoenix who lived together. In no case was any encrypted communication involved.
> Even our memories are not absolutely private in the United States. Even our communications with our spouses, with our lawyers, with our clergy, with our medical professionals are not absolutely private. A judge in certain circumstances can order all of us to testify about what we saw or remembered or heard.
And that's a problem. Communications with spouses, lawyers, clergy and physicians ought to be absolutely privileged. The disadvantages of doing so are outweighed by the advantages.
Frankly, I don't think anyone should be compelled to give testimony for the prosecution (I am okay with the defense being able to compel testimony). If someone has knowledge of a crime, but disagrees that it should be a crime, he should be free to keep his mouth shut.
> It is seductive when I hear someone say, “Absolute privacy is the paramount value. Our devices are designed to ensure that privacy is absolute in America.” Then, I stop and I step back and I realize, “You know, we’ve actually never lived that way. That is a different way to live.”
It's a better way to live.
> That’s criminals not caught, that’s evidence not found, that’s sentences that are far, far shorter for pedophiles and others because judges can’t see the true scope of their activity.
That is a price to pay, but it is IMHO worth it, Those of us who support strong encryption shouldn't be disingenuous and deny that it exists; rather, we should be forthright about it.
Frankly, strong encryption is out of the bag. You can roll a secure cypher by hashing a key with 0, then 1, then 2, and XORing that stream with your message.
What's most frustrating is that every person that pushes for further intrusions and further dismantling of privacy and liberty hold themselves exempt for any number of reasons.
I'd also like to know where they draw the line? What's too invasive? At what point are they willing to (cringe) let pedophiles get lighter sentences, because a privacy intrusion is too extreme? As we march ever forward down the road of always-on blanket surveillance, we might need to start asking this question so we know exactly how far elected leaders are willing to go (and if they believe themselves to be exempt from such intrusions).
Just a brief note for those coming late to this thread that this originally pointed to (and made it to the frontpage as) [1], which is a discussion of only the part of this speech by Comey which pertains to encryption and privacy, and which starts with "A brief word, because I can’t resist, to talk about encryption", which you can grep for.
A basic summary, not using the same words: They want backdoors, and they propose that still counts as 'strong encryption', only, well, with a backdoor. Also, they intend to make a push for this next year.
Having the director of a law enforcement agency wading so far in to public policy (and in a lot of ways far beyond) seems odd to me, is this typical of the position, historically?
> "First, we can reduce vulnerabilities. We in the government can equip you in the private sector to understand actors and cyber criminals and their techniques, their tactics, and their procedures." - From [1]
I realize the alphabet soup agencies don't have much communication between each other, but isn't the NSA hoarding vulnerabilities? Doesn't that go against this "let's work together" shtick?
> "We have gotten good at minimizing your disruption, minimizing disruption and pain to your employees, and protecting your privacy and your legitimate concerns about competitive advantage. We will not share your data about employees or operations. We will have adult conversations constantly with you to tell you what we’re going to do with the information you give us, so that you can make risk-benefit decisions about what information to give us. We will not allow you to be blindsided, because we understand that if we do that, you’re not going to talk to us anymore...We need to make sure you understand how important it is to your competitive advantage to integrate the FBI into your risk-assessment plan. You spend a lot of time, no matter where your facility is, making sure the fire department has a basic understanding of the layout your building, so that in the event of a disaster they can save lives. I suggest you do the same with respect to your cyber threat and your risk-assessment plan." - From [1]
This is absolutely nuts. Assuming they're even true about "minimizing your disruption" - which once they start they'll slam a gag order on you anyways so you can't even cry wolf about their "disruption" - the parallel to the fire department is completely unfit. The FBI's interests are not aligned with yours, he even admits as much in the article! Furthermore, the role of the fire department, in the case of a fire, is to save as many lives as possible. The FBI's role in response to an attack is to not save your data, nor is it to save your business, it's to find and punish the actors responsible. The fire department doesn't go after the arsonist, they're there for a fundamentally different reason. Giving the FBI "backdoor" access is akin to letting the FBI be the judge, jury, and executioner in your case.
> "We believe in the FBI that we need a conversation. If at the end of the day the American people say, “You know what, we’re okay with that portion of the room being dark. We’re okay with”—to use one example—“the FBI, in the first 10 months of this year, getting 5,000 devices from state and local law enforcement and asked for assistance in opening them, and in 650 of those devices being unable to open those devices.” That’s criminals not caught, that’s evidence not found, that’s sentences that are far, far shorter for pedophiles and others because judges can’t see the true scope of their activity." - From [1]
That could also easily be 650 regular American citizens who've done nothing wrong. The absence of evidence is not evidence, and this argument bears a striking similarity to the "nothing to hide" argument.
> > "First, we can reduce vulnerabilities. We in the government can equip you in the private sector to understand actors and cyber criminals and their techniques, their tactics, and their procedures."
They are worse than useless at this. They actually have very little to offer in this area.
There's a lot wrong with some of the things Comey said, but this simply isn't true.
Its a pretty common occurrence for a large company to find out that they've been hacked only when the FBI notifies them. There are small teams at the FBI that have a ton of experience dealing with enterprise intrusions.
> The FBI's interests are not aligned with yours, he even admits as much in the article!
In the context of hiring, yes.
> Giving the FBI "backdoor" access is akin to letting the FBI be the judge, jury, and executioner in your case.
Bringing them in to investigate a breach is akin to letting the police be … the police in an arson case. You're confusing talk of encryption backdoors (which are truly bad ideas) with his suggestion for companies to work closely with the FBI (which may or may not be a bad suggestion; given how political the bureau can be I'd be concerned).
> That could also easily be 650 regular American citizens who've done nothing wrong.
True enough. But even that doesn't matter: it's impossible to get rid of strong encryption; thus the FBI and everyone else must learn to live with it.
The "650 unopened devices" bit stood out to me also. He's very clearly saying that this is not about finding criminality, it's about punishing criminality.
Inaccessible devices might might reveal a different crime than is being prosecuted, they might reveal something legal but embarrassing, they might even clear a suspect who's refusing to share a password on conscience (or has honestly forgotten it). It would have been very easy to pitch this as "making prosecutions more accurate", and it's rather telling that only one side of that was addressed.
I think you touched many very important points. One of which being that the FBI and NSA aren't even aligned in goals and interests. Let alone the FBI and your company!1
A couple years ago I attended a talk at an Amazon hosted security conference where a guest speaker was an FBI agent. Of course for the Q&A section Snowden revelations was a hot topic.
All the agent could do was assure us that the FBI has your best interests at heart and you should share data with them and engage them because they swear they are different than the NSA.
Perhaps this is true. But at the end of the day people still see both the NSA and FBI as "the man". The way to distinguish yourself is not to tell a story of valour and honour by working for the agency but to instill control mechanisms and channels of transparency. This article just validates my belief that the FBI still doesn't "get it".
> The Sony attack was an attack aimed at free expression. It was the act of a bully looking to silence speech in the United States, and around the world, by intimidation and harassment, in that case, of Sony Pictures.
What? Can anyone provide me some concrete evidence that that's what the Sony attack was about? In the Wikipedia article on the event, I found this sentence:
> This followed a message that several Sony Pictures executives had received via email on the previous Friday, November 21; the message, coming from a group called "God'sApstls" [sic], demanded "monetary compensation" or otherwise, "Sony Pictures will be bombarded as a whole". [1]
The key phrase I see here is monetary compensation, not silence of speech in the United States. To me, Comey and the FBI (and of course the NSA, CIA, etc.) have a history of stripping the rights of citizens to protect America. Everything in this speech leads me to believe that that is continuing to happen.
I just hope that the strategic footholds we gain are worth the costs we pay as citizens.
1. Seal, Mark (February 4, 2015). "An Exclusive Look at Sony's Hacking Saga". Vanity Fair. Retrieved February 4, 2015.
It seems to me that be most bang-for-buck way the FBI could counter the cyber threat is to contribute security reviews and patches to popular open-source software. "Get paid full time to do security patches for Open Source" seems like a good recruiting call as well.
In a round-about way, this letter indicates that they are doing some of that. But, I'm not clear how much.
Your biases are showing themselves to be painfully blinding. The site itself says it's published by the ICFI in its header on every page. And the ICFI is a Trotskyist organization. This is all easily found with 1 click from anywhere on the site, as well as by using your eyes to read the subheading of the main header.
Also, the NKVD, KGB, and Stasi are no more brought to us by Marxist philosophy than the NSA, CIA, and FBI are brought to us by liberal democratic philosophy.
Surely you can do better than take cheap shots with incorrect philosophical attribution, while still making the point that good journalism ought to include source attribution.
Given that even after his daughter explained the term to him, he still doesn't know that 'The' is part of the phrase, I'm not sure if The Director of the FBI knows what the phrase 'The Man' means...