FBI Director James Comey has some advice for the tech companies and great people of America: Work harder at coming up with custom encryption solutions for law enforcement, or the terrorists win.
Comey appeared in a rare open session of the US Senate Intelligence Committee today to plead his case that law enforcement needs special "front door" access to encryption technology, in order to catch bad guys.
Comey wants law enforcement to have a way to access messages, files, and other information sent using services that use encryption as a security tool. Tech companies like Apple and Google say there's no way to give the FBI a way in without compromising the whole system, but Comey's not buying that.
"I don't think the great people of America have really put their minds to this," Comey said. "Maybe it's impossible. Maybe the scientists are right! But I'm not ready to give up on that."
Comey insisted that there probably a way to give law enforcement front door access to encrypted communications without weakening the protection encryption provides, if only tech experts would properly shove on their thinking caps. This despite admitting that he has no idea how, and that experts have suggested doing so could have a "disastrous impact" on digital security.
Trotting out ISIS's use of encrypted messaging as a grave threat to national security, Comey lamented how encryption thwarted FBI efforts to investigate ISIS luring wayward Americans to the dark side. When pressed for exact figures on whether that had happened, Comey said he didn't have information on how many investigations had been thwarted by encryption, because officers tend to give up if they see encryption. (And... apparently can't bother taking notes on when this occurs, providing a valuable data set?)
Comey and the FBI have repeatedly painted encryption as an enemy of law enforcement, describing the privacy feature as a dark spot or "safe that can't be cracked" that serves as a dangerous haven for nefarious actors. Comey stressed today that he does not want the government to hold encryption keys or have exceptional access, or to apply a "one size fits all" mandate on tech companies, preferring to directly work on custom solutions with tech companies using digital security tools.
Privacy advocates, tech companies like Apple and Google, and digital security experts argue against this characterisation. Activists weren't impressed by the meandering hearing.
"Weakening encryption is a lose-lose proposition, which decreases security and privacy. In the wake of recent data breaches, the DOJ should not encourage companies to weaken encryption to provide the government even more access to Americans' information," the ACLU's legislative counsel Neema Singh Guliani said in a statement to Gizmodo. "Strong encryption is critical to secure the internet and protect our information; policies that weaken these technologies diminish cybersecurity, decrease privacy, and threaten the notion of a free and open Internet.
Sen. Ron Wyden (D-Ore.) rebutted a written statement Comey made earlier this week arguing for encryption loopholes for law enforcement, pointing out flaws in Comey's logic in a post on Genius:
The 4th Amendment gives the government the authority to search a person's belongings, it doesn't restrict how individuals can secure their belongings. Security doors and safes also make it more difficult to access a person's possessions, but Director Comey has not proposed banning wall safes or weakening locks. That would rightly be seen as laughable.
Wyden asked Comey if the FBI had any way of guaranteeing that a stockpile of keys created to give the government access wouldn't get stolen by bad actors.
"A hypothetical stockpile of keys? Surely not," Comey said, adding that Wyden shouldn't listen to him anyways on technical solutions, because he's not an expert.
Then Sen. John McCain voiced his opinion, which is that the FBI should ask that tech companies make them a special stockpile of encryption keys. "What's the problem with that?" McCain asked, apparently having done zero research before speaking.
"Well, a lot of smart people — smarter than I — say that would have a disastrous impact on broader security across the internet," Comey said.
"Do you believe that?" McCain said.
"I'm sceptical," Comey said.