FBI Director tells Senate he doesn’t understand demand for strong encryption

Empty Bank Vault

Jason Baker/Flickr (CC BY 2.0)

‘We are fighting a war on terror,’ said one senator sympathetic to the push for encryption backdoors.

Terrorists are using encryption more than ever before, two of the nation’s top law enforcement officers told the Senate Judiciary Committee on Wednesday morning.

Strong encryption that can foil government interception techniques is a “real national security problem” that necessitates special government access to encrypted communications, FBI Director James Comey and Deputy Attorney General Sally Yates argued during a Judiciary Committee hearing on encryption.

“ISIL [the terrorist group also known as the Islamic State] is reaching out, primarily through Twitter, to about 21,000 English-language followers,” Comey said. “Their message is two-pronged: Come to the caliphate and live a life of glory, and if you can’t come, kill somebody.”

When a recruitment connection is made on Twitter, Comey told the senators, the parties involved switch to encrypted communications, putting them beyond the reach of federal authorities.

The debate over encryption and its place in civil society has heated up in recent years, with Comey and other national-security officials calling for special law-enforcement portals allowing them access to encrypted commercial products. Nearly every security expert in the country agrees that these backdoors would severely threaten consumers’ security and privacy.

But many of the senators who heard testimony from Comey and Yates did not seem to share that view, despite lacking security expertise themselves.

“We are fighting a war on terror,” said Sen. Thom Tillis (R-NC), a committee member who, like several of his colleagues at the hearing, called strong encryption a grave danger to U.S. citizens.

“Can you state without equivocation that unless we solve this problem that Americans will die?” Sen. John Cornyn (R-Texas), the second-ranking Republican in the upper chamber, asked Comey.

The FBI director declined to say yes, but he did say that the risk was rising “steadily.” Cornyn said he sympathized with the director’s concerns about tech companies making their products increasingly resistant to law-enforcement interception.

“It strikes me as irresponsible and perhaps worse for a company to design a product that would intentionally prevent them from complying with a lawful court order,” Cornyn said.

Yates, the number-two official at the Justice Department, which oversees the FBI, said that tech companies were just trying to give consumers what they wanted.

“The companies are not the villains here,” she said. “They are responding to market demands to protect the privacy of their customers.”

Despite widespread support among committee members for the government’s position, several senators did ask pointed questions of Comey and Yates.

Sen. Mike Lee (R-Utah) presented a hypothetical situation to Comey that he said illustrated the concerns over backdoors. Imagine that a safe-building company included a backdoor key that an employee of the company could open for the government. Wouldn’t safe-buyers be uncomfortable that someone could walk away with their information and belongings?

“I would ask who they’re marketing this to,” Comey answered, referring to the company. “I don’t understand the demand for people who would want encryption that couldn’t be decrypted at the order of an American judge.”

Not once during the entire two-hour hearing did the acronym “NSA” come up, nor did anyone mention the PRISM data-interception program that the NSA operated with the tacit cooperation of major tech companies. Cornyn briefly brought up Edward Snowden when he asked Yates if she supported the idea of a plea deal to bring him home on reduced charges. Yates demurred, saying only that the government’s position on charging Snowden hadn’t changed, and Cornyn insisted that he serve a lengthy prison sentence if he ever returned to the country.

After many of the world’s leading computer scientists sharply criticized Comey’s push for backdoors, Yates and Comey tried to shift the language of the debate and avoid terms like “backdoors,” “front doors,” and “special access.”

“We’re not seeking special law enforcement access to any communication,” Yates argued. “Instead, what we’re seeking is that the companies retain access [to their products’ data] in order to respond to lawful orders.”

But the scuffle over semantics has changed little on either side of this debate, as Yates’ argument is, in nearly every technical and legal sense, equivalent to a backdoor mandate.

Security researchers and other technology experts widely agree that “secure” and “backdoored” are contradictory descriptions, and they say that Comey’s idea of a secure but guaranteed law-enforcement intercept solution is a technical and practical impossibility.

“This isn’t a debate over how many children are stuck down the bottom of a well, or how many terrorists escape,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told the Daily Dot. “This is a debate about whether the proposal has technical merit.”

“I’m not saying they’re not motivated by good reason,” he added. “What I’m saying is, what they’re proposing, it’s not possible. It’s almost like, if their proposal was that the encryption keys should be locked in a mountain and guarded by a dragon and magical unicorn, it would be basically the same as what they’ve proposed.”

The technical report released yesterday, titled “Keys Under Doormats,” laid out the pitfalls of Comey’s approach.

“This report’s analysis of law enforcement demands for exceptional access to private communications and data shows that such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report’s authors wrote. “The costs would be substantial, the damage to innovation severe, and the consequences to economic growth di?cult to predict. The costs to developed countries’ soft power and to our moral authority would also be considerable.”

Lee, who raised the safe analogy to point out problems with backdoors, said at the hearing, “We need to be weary of reaching first for the most blunt and far reaching solution.”

Sen. Dianne Feinstein (D-Calif.), a longtime supporter of the surveillance state and the law-enforcement community, said at the hearing that she had tried to convince American tech companies to implement voluntary backdoors in their encryption. But she, Comey, and Yates agreed that legislative mandates might be necessary if voluntary steps were not taken. 

Feinstein suggested that Comey pull together the CEOs of leading Silicon Valley firms for a closed-door meeting in which they could hear the FBI director’s arguments about the dangers of encryption face-to-face.

“In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do [my] job,” Comey wrote in a recent op-ed.

With the hearing taking place four days after Independence Day, the Founding Fathers and the revolutionary period were predictably present in the discussion.

“Rapidly changing technology has made the way we store and communicate our personal data today quite different than in 1776—let alone even five or ten years ago,” said Sen. Chuck Grassley (R-Iowa), the chairman of the Judiciary Committee. “Today’s revolution, then, is a technological one.”

Sen. Patrick Leahy (D-Vt.), a former prosecutor, said that he was sympathetic to law enforcement concerns, but from the beginning of the hearing, he criticized the idea of backdoors in encryption.

“Some have suggested that technology companies should build special law enforcement access into their systems,” Leahy said. “But we also have to consider the risks of this approach. Strong encryption has revolutionized the online marketplace and protects American businesses and consumers from cybercrime, espionage, identity theft, stalking, and other threats on the Internet. Undermining strong encryption could make our data more vulnerable.”

Leahy noted that the senators and witnesses had met in a classified meeting prior to the public hearing that was “even more productive” than Wednesday’s open session.

Although the FBI director stopped just short of guaranteeing that Americans would die because of strong encryption, both he and Yates pointed to pedophiles, kidnappers, and terrorists as reasons to reconsider the way encryption works.

“I cannot see me stopping these [attacks] indefinitely,” Comey said. “I’m not trying to scare people when I say that.”

Dell Cameron contributed reporting.

Photo via Jason Baker/Flickr (CC BY 2.0)

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.