FBI Director James Comey will take up his battle against consumer encryption products in a congressional double header next week in the Senate, where the director will testify on law enforcement’s need to get around default data masking offered by companies like Apple and Google, despite the dwindling number of investigations running into encrypted communications.
Comey is scheduled to appear before both the Senate Judiciary and Intelligence Committees Wednesday to discuss what he and other law enforcement officials have termed “going dark” — when criminals using digital communications services turn to encryption products to mask their communications, making it more difficult for law enforcement to surveil and apprehend them.
The FBI director has led the clarion call for Congress to step in and assist law enforcement in getting around encryption since Apple and Google announced they would begin encrypting users’ communications by default last fall — a move Comey and others warned would tie law enforcement’s hands in tracking down drug dealers and apprehending kidnappers.
“Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem,” Comey told the Brookings Institution in October. “We call it ‘Going Dark,’ and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority. We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”
Comey and others, including National Security Agency Director Michael Rogers, initially proposed mandating companies build “back doors” into encryption products for law enforcement, accessible through a series of “split keys” distributed between companies and government agencies. The idea was met with criticism from the industry to Congress, where experts and lawmakers alleged such back doors would inherently weaken encryption, make it more susceptible to hacking and drive down demand for American products in foreign markets already wary of NSA spying.
The FBI has recently changed its rhetoric away from back doors, turning instead toward what FBI Counterterrorism Division Assistant Director Michael Steinbach described to the House Homeland Security Committee last month as a “transparent” process for decrypting communications.
“That’s the challenge — working with those companies to build technological solutions to prevent encryption above all else,” Steinbach told the committee.
Specifically, Steinback suggested Congress update the 1994 Communications Assistance for Law Enforcement Act to include other digital entities, particularly those using end-to-end encryption, and compel them to cooperate with law enforcement and facilitate electronic surveillance — the same way telephone companies must under the current law.
A report out Wednesday from the Administrative Office of the United States Courts shows the agency is running into encryption less frequently. According to the office’s 2014 Wiretap Report, the number of state wiretaps in which law enforcement encountered encryption went from 41 in 2013 to 22 in 2014. Investigators were unable to decipher messages in only two of those cases.
In regard to federal wiretaps, investigators encountered only three cases of encryption in 2014, two of which could not be decrypted.
“Encryption was also reported for five federal wiretaps that were conducted during previous years, but reported to the AO for the first time in 2014,” the report states. “Officials were able to decipher the plain text of the communications in four of the five intercepts.”
It’s worth noting Apple and Android, the two largest smartphone platforms in the U.S., did not announce default end-to-end encryption for their users until September 2014.
Two tech industry associations, the Information Technology Industry Council and the Software & Information Industry Association, sent a letter to the White House last month asking President Obama to refuse the FBI’s request and maintain a healthy balance between privacy and national security.
“We urge you not to pursue any policy or proposal that would require or encourage companies to weaken these technologies, including the weakening of encryption or creating encryption ‘work-arounds,'” the groups wrote. “We appreciate that, where appropriate, law enforcement has the legitimate need for certain information to combat crime and threats. However, mandating the weakening of encryption or encryption ‘work-arounds’ is not the way to address this need.”
Lawmakers in the House are pushing back against the FBI’s request via a series of anti-spying amendments tacked onto an appropriations bill last month. These prohibit the government from forcing companies to build vulnerabilities or back door access into their encryption products, and prevent the government from using funds to set standards and guidelines for encryption products unless they strengthen their security — not undermine it.