You are here

The FBI's new cybersecurity head wants spying tools rather than back doors

Gerry Bello

On Tuesday August 14th, Amy Hess was appointed as the new head of the FBI's Criminal, Cyber, Response, and Services Branch.capabilities She previously Executive Assistant Director of Science and Technology. Prior to that she was Special Agent in Charge of the Louisville Office and the head of the FBI's “Citizens Academy” which teaches business leaders about the role of federal law enforcement in society. This appointment signals a switch in the FBI's direction on encryption to an emphasis on gaining in house tools to defeat secure devices held by citizens as opposed to demanding back doors be built into encrypted products through court orders or legislation. The results will be a change from antagonizing the tech titans of Silicon Valley to greater hiring smaller start ups to build in-house tools for the FBI to spy on citizens.

Ever faithful to the national security establishment's investment in the tech and media sectors of the economy, The Washington Post heaped praise on Hess's appointment while lauding her backstory as a moderating voice in 2016 showdown between former FBI Director James Comey and Apple over the latter's refusal to provide a backdoor into the iPhones of the San Bernardino shooter and his wife.

Comey had been complaining about being unable to get his fingers into an iPhone instantly for over 2 years before bullets began flying in California and the FBI was stuck with two dead shooters, a press circus and a pair of locked phones. Comey is the kind of guy who like the pizza delivery to show up before he hangs up the phone so he was always intent on getting back doors built into everything just for his own use.

Hess inquired all over the FBI to see if they did not in fact have the tools. It turns out that they did not have the ability readily at hand. Before a suit was filed she made exhaustively sure. Meanwwhile, I had a short but somewhat in-depth look at iPhone architechture and decided it would not be hard to do and published on this. As the legal battle with Apple loomed, an Israeli security company over charged the FBI to do something that was likely identical or similar to what I proposed in print. I'm not a towering genius of a hacker, but I am competent to read a publicly available block diagram and make a plan of attack based on known principles applied to known specifications.

It is more than a year since Comey's threadbare principles intersected with Trump's basic urges for self-protection and now he is hawking his ghost written book and shadow campaigning for a party he sought to undermine the year before that. Thus is the swamp. Some frogs croak and some toadies shift lily pads. Meanwhile actually dangerous people like Hess move forward because they seek practical tools to do their job. Remember her job is to be a spying cop and you will respect her work ethic and still be alarmed.

What Hess was probably asking was not “Do we have the tools to do this?” but “Why don’t we have the people that can make the tools to do this?” At least that was likely to subtext of the various conversations. In reality, the FBI has access to some of the tools to do this. They borrow those tools from the NSA. Meanwhile, Comey was complaining in public, going so far as to fake public support, to get tools given to him, on demand, without contract for free.

The Hess approach is essentially to build a mini-NSA into the FBI. The NSA is the world's largest employer of mathematicians, electronics engineers and programmers. They have small scale chip fabrication facilities at their Fort Meade Headquarters. If they come up with a hardware solution to decrypting a standard Chinese cypher they don't take bids to see if Samsung or Motorola will do it cheaper or quicker. If the NSA needs only a few of one special thing they just build it and keep it in a place so secret the zip code used to be classified.

There is no clear information how extensive the FBI's FBI's Criminal, Cyber, Response, and Services Branch actually is.Motorola Some of what it does and what it can and can not do are no doubt classified and therefore it will be some time before this publication can offer the reader so much as a code name. The FBI is able to have it's own air force and keep most of that off the books. Therefore the FBI having it's own mostly secret NSA is not a stretch. It does not need to be as big as the real NSA. It only has to spy on Americans, not the whole world.

Hess at the helm of this effort shows that it will change shape and move along a path similar to the CIA's method, which is investing in start-ups that are producing technologies that it would like to buy when they are mature. Likely the FBI will hybrid between the in-house NSA approach and the CIA approach. This will allow them to both have their own secret capabilities and make peace with Silicon Valley. Silicon Valley does not like too much overt talk of violations of privacy by the government, because the discussion often turn to how the tech titans profit it from them also. Hess will be a personality to watch for some time.