Speaking before the House of Representatives Appropriations Committee on Wednesday, FBI Director James Comey urged Congress to pass legislation requiring tech companies to install backdoors in their encryption programs. These backdoors would allow government agencies to easily intercept the electronic communications of American citizens, the District Sentinel reports.
“We’re drifting to a place where a whole lot of people are going to look at us with tears in their eyes,” Comey told lawmakers. “Tech execs say privacy should be the paramount virtue… When I hear that, I close my eyes and try to image what the world looks like where pedophiles can’t be seen, kidnappers can’t be seen, drug dealers can’t be seen.”
“It will only become worse and worse,” Comey continued, while answering questions about the FBI’s 2016 budget. “I think it’s going to require some sort of legislative fix.”
Comey’s push comes at a time when the the bureau is being chided for not being aggressive enough when it comes to its cyber strategy. The Guardian reports that an in-house body called the 9/11 Review Commission recently found that the agency recommended a number of major changes in how the FBI gathers electronic intelligence. While the board focused largely on “human intelligence” the implication that the FBI should be casting its net both wider and deeper is hard to ignore.
When it comes to encryption in general, the FBI hasn’t always exclusively sided with security over privacy. As TechDirt notes, a page on the FBI’s website with tips for people to keep their personal data safe from hackers advised people to use encryption on their mobile devices. “Depending on the type of phone, the operating system may have encryption available,” read the page, which has since been removed. “This can be used to protect the user’s personal data in the case of loss of theft.”
These two directives may not be as contrary as they initially seem. Comey’s beef isn’t with the idea of encryption as a whole. Instead, what he’s advocating for is an end to encryption schemes that law enforcement and intelligence officials can’t access when they are legally allowed to do so.
Especially since the 2013 revelations of the government’s widespread surveillance in a trove of classified documents leaked by former NSA contractor Edward Snowden, there’s been a push among many tech companies to build encrypted communications channels that even they themselves don’t have the keys to decrypt. If a company were to turn over data on one of its users to the government, it would be a scrambled form that’s largely useless.
As the largest employer of mathematicians in the country, the NSA has been working overtime to beat many of the encryption programs in wide use—and has reportedly been largely successful. Even so, breaking the stronger forms of encryption can be difficult, time consuming, and, in some cases, impossible. For law enforcement officials interested in getting information right when they need it, putting encryption roadblocks is understandably frustrating. A report found that the use of encryption stymied law enforcement officials from getting information a record nine times in 2013.
Comey has harped on this point before. In 2014, he gave a speech at the Brookings Institution, a Washington think tank, where he laid out a handful of examples, ranging from the murder of children to drug trafficking, where encryption prevented officials from nabbing the bad guys.
“Some believe that the FBI has these phenomenal capabilities to access any information at any time—that we can get what we want, when we want it, by flipping some sort of switch,” Comey said. “It may be true in the movies or on TV. It is simply not the case in real life.”
The Intercept looked into a number of the examples Comey gave and argued that the use of unbreakable encryption did not play the primary role in the difficulties experienced by law enforcement. That said, there’s nothing illegal about building electronic communications systems the government can’t crack.
“It’s a common misconception that it’s somehow illegal to make privacy technology that the government wouldn’t be able to break,” Electronic Frontier Foundation Senior Staff Technologist Seth Schoen told the Daily Dot in an interview last year. “There’s never been a regulation in the U.S. limiting the private use of cryptography by end users; there’s no law that says you can’t use the crypto of your choice.”
In 2010, the Obama Administration proposed a bill that would have required online services like Facebook and Skype to install backdoors into their encryption mechanisms. However, the effort was abandoned among tech companies and Internet freedom advocates.
Photo via CarbonNYC [in SF!]/Flickr (CC BY 2.0)