The FBI on Wednesday used the May shooting at a Prophet Muhammad cartoon contest in Texas by ISIS-inspired extremists to again try and convince Congress to pass laws limiting encrypted electronic communications services from providers like Apple and Google.
Assistant director of the FBI’s Counterterrorism Division Michael Steinbach told the House Homeland Security Committee the shooting by two men in Garland is a recent example of why the FBI needs access to encrypted digital communications transmitted online and through telecommunications providers.
“Some of these conversations occur in publicly accessed social media networking sites, but others take place via private messaging platforms,” Steinbach said. “As a result, it is imperative the FBI and all law enforcement organizations understand the latest communication tools and are equipped to identify and prevent terror attacks in the homeland.”
According to Steinbach, extremists like those in Garland are coming under the influence of a growing Islamic extremist propaganda and recruitment networks online, particularly through social media platforms like Twitter. After initial contact, the assistant director explained, many would-be recruits move to “dark web” communications services with end-to-end encryption to contact radicals and avoid surveillance.
John Mulligan, the deputy director of the National Counterterrorism Center, told the panel one of the suspects connected with ISIS-inspired propaganda accounts on Twitter encouraged his followers to switch to private direct messages on Twitter shortly before the May 3 shooting, in which both suspects were killed by police and one event security guard was injured.
The assistant director tried to change the FBI narrative calling for law enforcement “back doors” into encrypted products, which companies and experts argue inherently weakens security, and which has so far failed to convince Congress to mandate companies comply.
“This is not a conversation about national security at the expense of privacy or about weakening legitimate security of communication products through creation of technological ‘back doors.'” Steinbach said, explaining the agency wants to work with companies to find the right balance between privacy and security. “We are looking to be fully transparent, with a legal process showing evidence of a crime to gain access through the front door with full knowledge of those companies.”
The problem with Steinbach’s request is the lack of a front door for a growing number of companies. Apple and Google are two of the largest and most recent adopters of end-to-end message encryption, which in Apple’s case, not even the company itself can access and read according to a statement by Apple CEO Tim Cook last year.
“Like many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security,” Cook said via video during a speech for an event in Washington, D.C. Monday. “We can, and we must provide both in equal measure. We believe that people have a fundamental right to privacy. The American people demand it, the constitution demands it, morality demands it.”
During the Electronic Privacy Information Center awards dinner in Dupont Circle, Cook repeated his warning that giving law enforcement back doors into encryption “is incredibly dangerous,” and added that if agencies know there’s a way to get around encryption to surveil communications, “they won’t stop until they find it.”
“So let me be crystal clear — weakening encryption or taking it away harms good people who are using it for the right reason,” Cook said.
Ever since the initial default encryption announcement in September, which was quickly followed by a similar announcement from Android mobile developer Google, law enforcement and intelligence agencies across the U.S. led by FBI Director James Comey have warned default encryption standards for consumer devices will make it significantly harder to surveil and apprehend suspected terrorists and criminals.
Lawmakers on the Wednesday panel demonstrated a significant lack of knowledge about the technology inherent in end-to-end encryption, which secures messages from their origin device, across the web and all the way to the receiving device, where they are decrypted. Agencies like the FBI and the National Security Agency trying to intercept the messages in between only see the encrypted data, and are unable to decipher its content.
“When you say technological, explain that,” Mississippi Democratic Rep. Bennie Thompson asked Steinbach in response to a question about the problems the FBI encounters with encryption.
“When a communications company, or an [Internet service provider] or a social media company elects to build in its software end-to-end encryption, and leaves no ability for even the company to access that, we don’t have the means by which to see the content.”
“That’s the challenge — working with those companies to build technological solutions to prevent encryption above all else,” Steinbach said.
“When you talk about encrypted direct messages and dark space, can you give me some examples? Is it essentially just texting? Would that be considered off-limits to monitoring by the United States government even in cases where there might be imminent planning and plotting?” Pennsylvania Republican Rep. Scott Perry asked.
“If it’s not on Facebook, if it’s not on Twitter, does the federal government have the capability, and do the providers have the capability, and are there algorithms that pick this type of stuff up, and processes that pick this stuff up?”
“The answer is no,” Steinbach said. “There are 200-plus social media companies. Some of these companies build their business model around end-to-end encryption. There’s no ability currently for us to see that so if we intercept communication, all we see is encrypted communication.”
“So once you send it and it’s received, it disappears,” Perry said. “Is that an example of the dark space or is that just encrypted or direct communication? What is that?”
“The dark space is a general term,” Steinbach answered, explaining different methods of secure communication online, including point-to-point (when messages disappear after being read), timed automated message deletion and end-to-end encryption.
“Most of them are text-type forms, some are photographs that send — all kinds of different models,” Steinbach said.
“And all of that is off-limits right now to the federal government?” Perry asked.
“It’s not that it’s off-limits,” Steinbach said. “We will still go to those companies and serve them legal process, but if the company’s built in model is that even they can’t decrypt, then that doesn’t do us any good.”
Steinbach suggested the committee update the 1994 Communications Assistance for Law Enforcement Act to include other digital entities — particularly those using end-to-end encryption — and compel them to cooperate with law enforcement and facilitate electronic surveillance, the same way telephone companies must under the current law.
“We are imploring Congress to help us seek legal remedies towards that, as well as asking the companies to provide technological solutions to help that,” Steinbach said. “We understand privacy. Privacy above all other things, including safety and freedom from terrorism, is not where we want to go.”
Committee Chairman Michael McCaul and Thompson, the ranking Democrat on the committee, both agreed to discuss solutions to encryption in the future.
“I think this committee should be looking at this very important issue,” McCaul said.