Encryption Hinders Investigations: FBI Chief - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Devices
06:06 PM
Connect Directly

Encryption Hinders Investigations: FBI Chief

The Senate Judiciary Committee heard a different story from technologists, who argue that surveillance has never been easier.

10 Great Websites For Learning Programming
10 Great Websites For Learning Programming
(Click image for larger view and slideshow.)

FBI Director James Comey appeared before the Senate Judiciary Committee on Wednesday to argue for legal support to weaken strong encryption, which he claims obstructs criminal investigations.

The title of the hearing, "Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy," borrows Comey's characterization of encryption as a way to conceal evidence of criminal acts.

"We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet, or a laptop -- evidence that may be the difference between an offender being convicted or acquitted," said Comey and Sally Quillian Yates, US Deputy Attorney General, in joint prepared remarks. "If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders."

The concerns of Comey and Yates were echoed by Cyrus Vance Jr., District Attorney for New York County, who, last fall, complained about the device encryption deployed by Apple and Google.

"Before September 2014, investigators could access a locked iPhone with a warrant," said Vance at the hearing. "Today, unless we have a passcode, we cannot ... Criminals are literally and figuratively laughing in the faces of law enforcement."

(Image: ISerg/iStockphoto)

(Image: ISerg/iStockphoto)

FBI officials have been using the term "going dark" at least since 2008. And worries about technologies that may inhibit surveillance go back further still. In 1994, the Communications for Law Enforcement Act was passed to address FBI concerns that the shift toward fiber optic cable would render traditional phone tapping obsolete.

Yet legal and technical experts at the Senate Judiciary hearing Thursday, as well as those weighing in through open letters, argued against any requirement that companies provide a way to bypass encryption.

Peter Swire, professor of law and ethics at Georgia Institute of Technology, challenged the premise of Comey's argument. "It is more accurate to say that we are in a 'Golden Age of Surveillance' than for law enforcement to assert that it is 'Going Dark,'" said Swire in a prepared statement.

Conceding that strong encryption on devices can render some data inaccessible to investigators, Swire stressed that any loss of access is more than made up for by the availability of location data, social network connections, and databases full of details about suspects' digital lives.

(Image: Chris Dag via Flickr)

(Image: Chris Dag via Flickr)

As Swire and co-author Kenesa Ahmad put it in a 2011 paper, "We live in a new age where most people carry a tracking device, a mobile phone."

In May, dozens of prominent technologists, civic organizations, and companies signed an open letter to President Obama urging him to preserve strong encryption in order to protect national security and US business interests. "Whether you call them 'front doors' or 'back doors,' introducing intentional vulnerabilities into secure products for the government's use will make those products less secure against other attackers," the letter argued, adding that any such requirement would harm the market for such products abroad.

Earlier this week, a group of cryptography experts published a similar letter warning that demands for exceptional access to encrypted data by law enforcement are fraught with problems. "We find that [granting law enforcement exceptional access] would pose far more grave security risks, imperil innovation, and raise thorny issues for human rights and international relations," the letter said.

As examples of the risk of compromised cryptography, the Electronic Frontier Foundation has cited past security flaws in Cisco's wiretapping architecture and the compromise of Google's legal compliance system in China.

In the 1990s, the technology and business community pushed back against export controls on encryption and a government effort to encourage mobile handset makers to use the Clipper Chip, a mobile phone chipset developed by the NSA that provided authorities with a backdoor.

The technology community prevailed in this so-called Crypto War, or so it seemed until 2013. Documents made available by Edward Snowden revealed that the NSA has developed a variety of tools and techniques to access electronic information. These techniques demonstrate that strong encryption cannot compensate for weak security practices elsewhere, and that some strong encryption may not be as strong as supposed.

More recently, the hacking of Italian surveillance software vendor Hacking Team offered a reminder that the NSA is not alone in practicing such techniques. Ironically, the incident also demonstrated the problem with exceptional access -- the Motherboard website reported that the company's surveillance software contains a previously undisclosed backdoor.

Law enforcement's war against math (cryptography) and speech (computer code) never ended. And it isn't likely to end soon. But it isn't a war that can be won by fiat. Mandating compromised encryption to protect society will only ensure universal vulnerability.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
Thomas Claburn,
User Rank: Author
7/9/2015 | 12:11:15 PM
Re: Wrong Problem?
>Article mentions that they used to be able to compel access with a warrant, but no longer can. That sounds like the root problem that should be fixed.

The problem is that when a third party like Apple doesn't have the encryption key, it cannot be compelled to decrypt the data. Math trumps a court order. Moreover, companies have discovered that it's not helpful to their businesses to be the go-to source for law enforcement. Many don't want the responsibility (or compliance cost) of betraying customers on-demand.

It's possible to make it a crime to withhold encryption keys when authorities ask the first party/suspect, but in the US that presents consitutional problems against self-incrimination. Authoritarian regimes can simply declare you must provide us access or we'll beat you, jail you, or seize your assets. But that doesn't make for an appealing business climate.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll