Comey: 'Going dark' is business, not technical, challenge

Image copyright to FBI: James Comey.

FBI Director James Comey wants tech companies to help law enforcement access encrypted communications.

FBI Director James Comey told lawmakers Dec. 9 he is convinced the solution to the challenge posed to law enforcement by end-to-end encryption on mobile devices is not a technical one but instead involves persuading tech firms to change their business models.

"There are plenty of companies today that provide secure services to their customers and still comply with court orders," Comey told the Senate Judiciary Committee.

He sounded upbeat after the bureau’s recent discussions with technology companies on encryption. Giving law enforcement access to encrypted communications might require convincing companies that it is in their business interests to do so, he added.

Comey has been the Obama administration's most outspoken advocate of addressing what he calls the "going dark" phenomenon, in which only the end user holds the key to encrypted communications. That approach leaves law enforcement shut out, even with a court order.

In the wake of Edward Snowden's revelations about government surveillance, more companies, including Google and Apple, are offering default encryption on devices, which means the companies do not retain any way to access the content of customer communications.

Technologists and privacy activists have sharply criticized Comey's campaign for law enforcement to access encrypted communications, saying such cryptographic "backdoors" would make Internet users vulnerable.

Matt Blaze, a cryptographer and associate professor at the University of Pennsylvania, told FCW he was baffled by Comey's comments at the hearing. "There are fundamentally difficult underlying technical problems in doing what he wants reliably and safely," he said.

Blaze cited a recent paper he wrote with other computer scientists that concluded that any mandates for law enforcement access to encrypted communications would likely "introduce unanticipated, hard-to-detect security flaws."

Comey's critics have challenged him to provide specific examples of investigations that have been thwarted by encryption. At the hearing, Comey said one of the two men who opened fire at an event in Garland, Texas, in May had sent 109 encrypted messages to an "overseas terrorist" beforehand.

In October, Comey said that, for the time being, the administration was dropping its pursuit of a legislative fix to the "going dark" conundrum. At the hearing, however, Sen. Dianne Feinstein (D-Calif.) said she intended to pursue legislation that would give law enforcement access to encrypted communications. Comey told her that the administration continues to mull the issue.

While acknowledging that encryption has a role in Internet security, Comey cast the challenge to law enforcement as a long-term struggle.

"I think there's no way we solve this entire problem," Comey said. "Encryption is always going to be available to the sophisticated user. The problem we face post-Snowden is it's moved from being available to the sophisticated bad guy to being the default. So it's now affecting every criminal investigation that folks engage in."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Thu, Dec 10, 2015 Don O'Neill

Does Director Comey really believe that he can claim success by reducing the encryption impasse to a business rules problem simply to finesse the unsolved technical challenge? The government needs to accept and encourage private encryption and not hold out for key escrow or split key encryption. Data encryption, contested by government and slow to be adopted by industry, lies at the intersection of privacy and security, and the public wants both. Hampered by straight-line thinking and linear processes, the government has thrown up its hands when it comes to encryption, that is, the decryption of encrypted files in support of law enforcement. Is it a matter of algorithmic knowledge or computational power? Or is it a deeper question of computability and solvability? Where are the Jasons when we need them?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group