FBI still not pushing for encryption legislation
- By Derek B. Johnson
- Feb 05, 2020
FBI Director Christopher Wray declined to say whether he would endorse legislation that would create a pathway for law enforcement to access encrypted apps and devices.
At a Feb. 5 House Judiciary Committee hearing, Wray was asked by Rep. Matt Gaetz (R-Fl.) if there is any "meaningful legislation that Congress should consider so that technology partners have a yellow brick road to work with the government" on encryption.
Wray did not rule of the possibility but stopped short of calling for Congress to draft such a bill, beyond saying it was a decision "that should be made by the American people through their elected representatives, not through one company making a business decision on behalf of all of us."
"Whether it's done by legislation or done by the companies doing it voluntarily, I think we have to find a solution," said Wray, later adding that "there are some countries that have already passed legislation of a sort that you are referring to – Australia for example."
FBI and Department of Justice officials have waged a concerted public relations campaign to convince tech companies to develop a way to allow law enforcement access to encrypted communications for investigations when they have a warrant that won't also dramatically weaken cybersecurity or allow other bad actors to gain similar access.
"I reject the possibility that this isn't doable," said Darrin Jones, Assistant Director for the FBI's Information Technology Infrastructure Division at a Feb. 5 conference hosted by American University in Washington D.C.
Most computer scientists have been adamant that no such compromise solution exists, and FBI and DOJ officials have been reluctant to put forth specific proposals in response. In 2018, former Microsoft Chief Technology Officer Ray Ozzie released a proposal that would have companies create public and private keys for each device, with the private key stored in a secured database that law enforcement could access with a warrant. Jones appeared to endorse a similar approach.
"I don't want the keys, I don't need the keys," he said. "The companies are in the best place to design these capabilities and maintain these capabilities. I want to go to these companies like I always do, with a warrant in my hand."
However, Ozzie's idea was subsequently panned by many cryptologists as a rehash of older "key escrow" proposals that do not address how to secure private key databases from other bad actors.
Former FBI General Counsel Jim Baker, who once echoed DOJ's position while in government but now opposes it, said the issue has been gridlocked for so long because there are a wide variety of equities at stake in weakening encryption: law enforcement interests, cybersecurity, privacy, maintaining competitiveness and protecting human rights.
"There is no technical solution that I'm aware of today or that I've heard about anywhere that adequately and completely and simultaneously protects all of those equities," Baker said at the same American University conference. "It just doesn't exist, and I think it's kind of magical thinking to expect that companies are going to just come up with a solution in that regard."
Derek B. Johnson is a former senior staff writer at FCW.