Cybersecurity

Comey renews encryption plea on Capitol Hill

FBI Director James Comey, testifying March 25 before a House Appropriations subcommittee.

FBI Director James Comey told senators he did not have a specific legislative proposal in mind to address law enforcement's access to encrypted data.

FBI Director James Comey, in two Senate committee appearances, raised the specter of the Islamic State and other terror groups as he renewed his bid to get law enforcement access to encrypted communications.                                

The problem, as Comey sees it, is that criminals, terrorists and other malefactors are "going dark," by using end-to-end encryption built into mobile device operating systems offered by Apple and Google, and available in some communications software, like WhatsApp.

Comey and Deputy Attorney General Sally Yates, in a hearing of the Senate Judiciary Committee on July 8, said they didn't want direct access via encryption keys to communications. But they did say that they wanted companies that provided encryption services to retain access to customer accounts, and to decrypt communications upon the receipt of a search warrant or other legal instrument from law enforcement.

"We want to have each provider think about and work out a way where they will find a way to respond to these requests," Yates told the committee.

Comey said he was "not trying to scare folks," but told lawmakers that he thought that the ability of law enforcement to disrupt incipient terror plots would be diminished without access to encrypted communications.

"The terrorism threat is very different and has changed just in my two years as director," Comey said during an afternoon appearance at the Senate Select Committee on Intelligence. He warned that the Islamic State terror group had 21,000 English-language followers on Twitter, and was looking to task recruits to murder U.S. law enforcement and military personnel, and to launch lone-wolf terror plots.

"We cannot break strong encryption," Comey said.

Comey and other officials have covered this ground before. In an April hearing of the House Oversight and Government Reform Committee, members reacted skeptically to the idea that encryption could be maintained on a secure basis with third party access, either by providers or direct backdoor access by law enforcement.

In a letter to Comey dated June 1, two lawmakers with degrees in computer science, Rep. Will Hurd (R-Texas) and Rep. Ted Lieu (D-Calif.) cautioned the director against requiring companies to build in access to encrypted data for law enforcement purposes.

"Any vulnerability to encryption or security technology that can be accessed by law enforcement is one that can be exploited by bad actors such as criminals, spies and those engaged in economic espionage," they wrote.

Working computer scientists tend to agree. In a paper published a day ahead of Comey's testimony, a group of leading security experts warned that there was no known secure method of permitting third-party access to encrypted communications, and that current proposals are " unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm."

Comey's arguments met a friendlier reception in the Senate than in the House.

"This is not a theoretical issue," Sen. Dianne Feinstein (D-Calif.) said in a rare open hearing of the Intelligence Committee, where Comey gave testimony. "The FBI has briefed this committee on cases where it knows of communications involving ongoing terrorists by ISIL inside the United States, but it has no way to obtain the content of those communications, even with a court order based on probable cause," she said. She wants legislation to require communications companies to design their systems to support some form of law enforcement access.

"I believe United States companies, including many founded and headquartered in my home state, have an obligation to do everything they can to insure that their products and services are not allowed to be used to foment the evil that ISIL embodies," Feinstein said.

Comey said he did not have a legislative proposal in mind, and that his focus was on working with technology companies and raising the issue in public settings.

So far, law enforcement hasn't collected data on the scope of the problem.

"Being able to give you hard numbers on the number of cases that have been impacted is impossible,” Yates told the Senate Judiciary Committee. Comey noted in his Intel Committee testimony that FBI agents typically didn't collect data on instances when they encountered encrypted data.

The technology industry maintains objections to any incursion into their ability to offer end-to-end encryption.

"We ... caution the administration against pursuing policies that encourage or require companies to weaken encryption technologies, including requiring so-called 'back-doors,'" said Dean Garfield, president and CEO of the Information Technology Industry Council said in a statement.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.