The FBI has long said that the use of strong encryption software hampers the bureau’s investigations and makes life easier for criminals. Current FBI Director James Comey continued this line of reasoning in a speech on Oct. 17, saying that the use of crypto could lead the country to a dark place, and the EFF and others said Monday that the FBI’s notions about encryption are outdated and naive.
Last week, Comey said in a forum at the Brookings Institute in Washington, D.C., that recent changes to Apple’s iOS and Google’s Android mobile operating systems that enable device encryption by default threatened to make mobile devices safe havens for criminals.
“We are not seeking to expand our ability to intercept communications. We are struggling to keep up,” he said. “Encryption threatens to lead us all to a very, very dark place. The place that this is leading us is one that I would suggest we shouldn’t go without careful thought and public debate.”
Comey’s comments are reminiscent of ones made by previous FBI officials and other law enforcement officials who have warned for decades that the broad deployment of strong encryption by consumers would prevent investigators from being able to conduct the kind of surveillance they need to do their jobs. Various schemes have arisen over the years from law enforcement agencies looking to get access to cryptosystems, through mechanisms such as key escrow and deliberate backdoors. EFF officials said that any such scheme would weaken the security of a targeted system and endanger consumers’ privacy.
“The FBI should not be in the business of trying to convince companies to offer less security to their customers. It should be doing just the opposite. But that’s what Comey is proposing—undoing a clear legal protection we fought hard for in the 1990s. The law specifically ensures that a company is not required to essentially become an agent of the FBI rather than serving your security and privacy interests. Congress rightly decided that companies (and free and open source projects and anyone else building our tools) should be allowed to provide us with the tools to lock our digital information up just as strongly as we can lock up our physical goods. That’s what Comey wants to undo,” Cindy Cohn of the EFF said in a blog post.
“Now just as then, the FBI is trying to convince the world that some fantasy version of security is possible—where “good guys” can have a back door or extra key to your home but bad guys could never use it. Anyone with even a rudimentary understanding of security can tell you that’s just not true.”
Also on Monday, Edward Snowden said during a conversation with Lawrence Lessig of the Harvard Law School that backdoors in any system invite use by anyone who can find them, not just law enforcement.
“Once you bake a backdoor into something, you can’t control who walks through it,” Snowden said. “The NSA has done this for ages. This isn’t theoretical. These things are out there. By enabling this sort of surveillance, you’re actually weakening security, compromising the security of society for the benefit of an agency.
“The real question is, how many phones has the FBI or NSA seized that they couldn’t break the crypto on? The last count is only three or four. They’ve seized many more that they can break. So really, is this the problem that it’s claimed, compared to the good that good encryption practices provide society?”