Comey: 'Going dark' is business, not technical, challenge

Image copyright to FBI: James Comey.

FBI Director James Comey wants tech companies to help law enforcement access encrypted communications.

FBI Director James Comey told lawmakers Dec. 9 he is convinced the solution to the challenge posed to law enforcement by end-to-end encryption on mobile devices is not a technical one but instead involves persuading tech firms to change their business models.

"There are plenty of companies today that provide secure services to their customers and still comply with court orders," Comey told the Senate Judiciary Committee.

He sounded upbeat after the bureau’s recent discussions with technology companies on encryption. Giving law enforcement access to encrypted communications might require convincing companies that it is in their business interests to do so, he added.

Comey has been the Obama administration's most outspoken advocate of addressing what he calls the "going dark" phenomenon, in which only the end user holds the key to encrypted communications. That approach leaves law enforcement shut out, even with a court order.

In the wake of Edward Snowden's revelations about government surveillance, more companies, including Google and Apple, are offering default encryption on devices, which means the companies do not retain any way to access the content of customer communications.

Technologists and privacy activists have sharply criticized Comey's campaign for law enforcement to access encrypted communications, saying such cryptographic "backdoors" would make Internet users vulnerable.

Matt Blaze, a cryptographer and associate professor at the University of Pennsylvania, told FCW he was baffled by Comey's comments at the hearing. "There are fundamentally difficult underlying technical problems in doing what he wants reliably and safely," he said.

Blaze cited a recent paper he wrote with other computer scientists that concluded that any mandates for law enforcement access to encrypted communications would likely "introduce unanticipated, hard-to-detect security flaws."

Comey's critics have challenged him to provide specific examples of investigations that have been thwarted by encryption. At the hearing, Comey said one of the two men who opened fire at an event in Garland, Texas, in May had sent 109 encrypted messages to an "overseas terrorist" beforehand.

In October, Comey said that, for the time being, the administration was dropping its pursuit of a legislative fix to the "going dark" conundrum. At the hearing, however, Sen. Dianne Feinstein (D-Calif.) said she intended to pursue legislation that would give law enforcement access to encrypted communications. Comey told her that the administration continues to mull the issue.

While acknowledging that encryption has a role in Internet security, Comey cast the challenge to law enforcement as a long-term struggle.

"I think there's no way we solve this entire problem," Comey said. "Encryption is always going to be available to the sophisticated user. The problem we face post-Snowden is it's moved from being available to the sophisticated bad guy to being the default. So it's now affecting every criminal investigation that folks engage in."

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected