When Michael Chertoff made the case against back doors, he noted that if the government moved to require back doors, it would leave just the bad guys with encrypted communications.
The second thing is that the really bad people are going to find apps and tools that are going to allow them to encrypt everything without a back door. These apps are multiplying all the time. The idea that you’re going to be able to stop this, particularly given the global environment, I think is a pipe dream. So what would wind up happening is people who are legitimate actors will be taking somewhat less secure communications and the bad guys will still not be able to be decrypted.
I doubt he had the Transnational Crime Organizations on Wall Street in mind when he talked about the bad guys “still not be able to be decrypted.”
But HSBC, JP Morgan Chase, Citi, Deutsche Bank, Goldman Sachs and the other big banks supporting Symphony Communications — a secure cloud based communications system about to roll out — are surely among the world’s most hard-core recidivists, and their crime does untold amount of damage to ordinary people around the globe.
Which is why I’m so amused that Elizabeth Warren has made a stink about the imminent rollout of Symphony and whether it will affect banks’ ability to evade what scant law enforcement might be thrown their way.
I have  concerns about how the biggest banks use of this new communications tool will impact compliance and enforcement by the Department of Justice [Warren sent versions of the letter to 6 regulators] at the federal level.
My concerns are exacerbated by Symphony’s publicly available descriptions of the new communications system, which appear to put companies on notice — with a wink and a nod — that they can use Symphony to reduce compliance and enforcement concerns. Symphony claims that “[i]n the past, communication tools designed for the financial services sector were limited in reach and effectiveness by strict regulatory compliance … We’re changing the communications paradigm” The company’s website boasts that it has special tools to “prevent government spying,” and “there are no backdoors,” and that “Symphony has designed a specific set of procedures to guarantee that data deletion is permanent.”
Warren is right to be concerned. These are serial conspiracists on a global scale, and (as Warren notes elsewhere) they’ve only been caught — to the extent that hand slaps count as being caught — when DOJ found the chat rooms in which they’ve colluded.
That said, the banks, too, have real reason to be concerned. The stated reason they give for pushing this project is Bloomberg’s spying on them — when they were using Bloomberg chat — for reporting reasons, which was revealed two years ago. The reference to government spying goes beyond US adversaries, though I’m sure both real adversaries, like China, and competitors, like the EU, are keeping watch on the banks to the extent they can. But the US has spied on the banks, too. As the spy agency did with Google, the NSA spied on SWIFT even though it also had a legal means to get that data. I wouldn’t be surprised if the rise in bank sanctions violations in recent years stemmed from completely necessary spying if you’re going to impose sanctions, but spying that would compromise the banks, too. Remember, too, that the Treasury Department has, at least as of recently, never complied with EO 12333’s requirement for minimization procedures to protect US persons, which would include banks.
And there have even been cases of hacker-insider trader schemes of late.
So banks are right to want secure communications. And while these banks are proven crooks — and should be every bit the worry to Jim Comey as ISIS’s crappier encryption program, if Comey believes in hunting crime — the banks should be reined in via other means, not by making them insecure.
If we’re going to pretend — and it is no more than make-believe — that the banks operate with integrity, then they need to have secure communications. But without that make-believe, a lot of the important fictions America tells itself about capitalism start to fall apart.
Which is my way of saying that the 6 regulators need to think through how they can continue to regulate recidivist crooks who have their own secure messaging system, but that the recidivist crooks probably need a secure messaging system (though having their own might be a stretch).
If Jim Comey is going to bitch and moan about criminals potentially exploiting access to encrypted communications, then he should start his conversation with the banks, not Apple. If he remains silent about this gang and their secure communications, then he needs to concede, once and for all, that actual humans need to have access to the same privilege of secure communications.
On this topic, see also District Sentinel’s piece on this.