Modern field guide to security and privacy

FBI chief Comey says strong encryption diminishes agency's efforts

FBI Director James Comey testified on Capitol Hill that tech companies should find a way for government investigators to access data that is encrypted on consumer devices.

|
Kevin Lamarque/Reuters
FBI Director James Comey testifies during a Senate Judiciary Committee hearing on encryption in Washington on Wednesday.

In two congressional hearings Wednesday, FBI Director James Comey urged tech companies to work with law enforcement agencies so that encryption on consumer devices won’t hinder criminal and terrorist investigations.

Mr. Comey told senators that encryption allows criminal suspects to cloak their communications – which he refers to as “going dark” — in a way that eludes agents and has the potential to harm public safety and national security. Therefore, he said, the government should have some way to access data protected by encryption.

“If we intercept data in motion between two encrypted devices across an encrypted mobile app, we can’t break it,” Comey said. "On the current course and current speed, my ability to discharge my No. 1 responsibility would be materially diminished in the not too distant future. It’s certainly diminished today.”

Growing calls by Obama administration officials such as Comey and Adm. Mike Rogers, head of the National Security Agency, for technology companies to allow the government access to private data has set off a fierce debate within the technology community over the use of encryption. Privacy experts and tech executives have repeatedly said that weakening encryption to give government access to data would compromise privacy safeguards for all users.

But Comey said he wants to work with American technology companies so that customers will be able to use encryption and tech companies can still comply with warrants to give investigators access users' information. Current encryption on mobile devices means only the user can access the encrypted data. The tech companies that manufacture the hardware can’t unlock it even if they wanted to.

Still, Comey told the Senate Intelligence Committee in the afternoon, he wants to start a “conversation” on how to create some form of law enforcement access to encryption. “The innovation is here, the energy is here, the infrastructure is here, what we do here will set the tone and the pattern for the rest of the world.”

Deputy US Attorney General Sally Yates, who testified alongside Comey at Wednesday morning’s Senate Judiciary Committee hearing, said the government is not asking for so-called "back doors" into encryption.

“What we are seeking,” she said, “is to be able to work with the industry such that the companies themselves will be able to retain an ability to be able to access the information and to provide that information to us with lawful court orders."

Matthew Green, a Johns Hopkins University cryptographer, says allowing companies to implement solutions to give law enforcement data access has problems. Letting companies have a key to encrypted data could create new vulnerabilities in encryption as well as additional security risk for the companies and individual customers.

Even if companies were able to produce such a solution, it may prove too technically challenging to smaller tech firms and app makers, Dr. Green said.

"I trust Apple, I trust Google, but smaller companies with only five people don’t have cryptography experts and won’t be able to get it right,” he said. “My guess is many companies will determine that getting end-to-end encryption to work will increase liability, and say no to encryption," said Green, who was one of several respected cryptographers and security researchers who coauthored a report released Tuesday outlining the security risks in allowing government access to secure data.

Unlike a previous House hearing on the issue of encryption, in which one congressman called the notion of giving law enforcement access to secured data “technologically stupid,” senators largely approached the issue today without vitriol, though Sen. Ron Wyden (D) of Oregon suggested that the government may not be coping with issues of cryptography if it weren't for the National Security Agency revelations about its surveillance program. After those programs were revealed by NSA leaker Edward Snowden, tech companies took steps to strengthen security measures on their devices.

“As we start this debate, I want to emphasize how exactly we got here. Executive branch agencies are now dealing with a problem they largely created,” said Senator Wyden.

Comey didn't offer any evidence regarding FBI investigations thwarted by strong encryption technology. At a separate Judiciary Committee panel Wednesday, Cyrus Vance Jr., a New York district attorney representing Manhattan, provided the only concrete statistics on how many times mobile encryption had prevented law enforcement from accessing data during an investigation. Over the past six months, he said investigators couldn’t access data on 72 out of 92 iPhones running the latest version of Apple's mobile operating system.

Yet, Comey suggested that most “ordinary folks” aren’t interested in having phones with strong encryption. “I don’t exactly know where the great demand for this is coming from,” he said. “I don’t know ordinary folks who say, ‘I want a phone that can’t be opened even if an American judge finds that it ought to be opened because it’s really important.'"

The original version of this story was updated.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to FBI chief Comey says strong encryption diminishes agency's efforts
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0708/FBI-chief-Comey-says-strong-encryption-diminishes-agency-s-efforts
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe