Finding a Way to Access Encrypted DataFBI's Comey Rejects Cryptographers' View on Technical Barriers
FBI Director James Comey says he has faith in American technological ingenuity to overcome obstacles and give law enforcement the ability to access and decrypt data on the devices of criminals and terrorists.
See Also: Top 50 Security Threats
Comey testified before the Senate Judiciary Committee on July 8, one day after a dozen cryptographers and cybersecurity specialists published a paper that contends it's unrealistic to create a so-called "backdoor" to allow law enforcement and intelligence agencies to decrypt coded information (see Experts Blast Encryption Backdoor Plan). The paper's authors assert that any process or technology that would allow law enforcement to decrypt data could be used by bad actors as well.
Neither Comey nor Deputy Attorney General Sally Quillian Yates, who also testified, offered a technical solution that could give law enforcement access to encrypted data without providing hackers with the same privileges. Still, Comey said he rejected the cryptographers' supposition that such technical obstacles cannot be surmounted.
"This is a really, really hard problem," Comey testified. "You hear lots of folks say it's too hard; it can't be fixed. My reaction to that is, 'Really?' I think Silicon Valley is full of folks who, when they stood in their garages years ago [and] were told that their dreams were too hard to achieve, thank goodness, they didn't listen and they built remarkable things that changed all of our lives.
"Maybe this is too hard, but given the stakes, given the importance of securing the Internet, and public safety for the good folks of this country, we've got to give it a shot. I don't think it's been given an honest, hard look."
Working with Industry
Yates, the No. 2 official at the Justice Department, told the lawmakers that the Obama administration was not seeking a "one size, fits all legislative solution at this point to essentially cram down the throats of technology industry."
Rather, Yates said, the government seeks individual meetings with technology companies to develop ways to help the vendors respond to court orders giving law enforcement access to encrypted data. "We're not seeking a front door, backdoor or any other kind of door," she said. "We're not seeking for the government to have direct access to these communications. But we are seeking to work with the industry such that they would be able to respond to these valid [court] orders."
Encryption became more of an obstacle for law enforcement when Apple and Google last year announced that they would design their smartphone systems to give device owners complete control over encryption keys. Once a smartphone is sold, even the manufacturers cannot decrypt coded data without the owner's permission.
Comey explained why law enforcement needs access to encrypted data. One example he provided involves how the Islamic State, also known as ISIL or ISIS, uses Twitter to recruit terrorists in the United States. Though law enforcement can monitor the Twitter conversations, ISIL eventually communicates with some of its 21,000 English-language followers through end-to-end encrypted messaging. "This is an enormous problem," Comey said. "It is different. Al-Qaeda would never vet an operative by tasking them. ISIL says, 'Go kill, go kill. Here's a list of military members you can kill. Go do it.'
"We are stopping these things so far through tremendous hard work, use of sources, the use of online undercovers, but it is incredibly difficult. I cannot see me stopping these indefinitely. I'm not trying to scare folks. I just want people to know that this a change in my world, the top responsibility of the FBI, that implicates this growing dark problem."
Bypassing a Backdoor
Another witness, Herbert Lin of the think tank Hoover Institution, said even if vendors agreed to give law enforcement access to encrypted data, that wouldn't necessarily prevent a device owner from installing an app created by a third party overseas to circumvent a backdoor. Then, the government would "have to prevent people from bringing into the U.S. [those] apps from abroad," which would require "an Internet firewall around the United States that blocks such apps and border inspections and import controls," said Lin, a senior research scholar for international security and cooperation.
It's a point expanded on by the committee's ranking member, Sen. Patrick Leahy, D-Vt. "Some say that any competent Internet user would be able to download strong encryption technology, or install an app allowing encrypted communications, regardless of restrictions on American businesses," he said. "But it would put American companies at a disadvantage in the global marketplace."