FBI on Encryption: ‘It’s A Business Model Question’

FBI Director James Comey testified before a Senate committee that technology companies should consider changing their business models around encryption.

Now that encryption has been elevated to a default technology on mobile devices, the government has heightened its “Going Dark” rhetoric, again on Wednesday insisting during a Senate Judicial Committee hearing that Silicon Valley figure out how to deliver plain-text communication between criminal and terror suspects to law enforcement.

FBI Director James Comey and California Sen. Dianne Feinstein testified that encryption continues to be an insurmountable barrier for legal and national security investigators, and as Feinstein put it, “encryption ought to be able to be pierced.”

The nation’s top law enforcement officer has argued for more than a year that mobile devices that are encrypted by default and only by the user put the FBI and police behind the eight-ball, unable to access communications between individuals, even with legal court orders and judge-issued warrants to do so.

The government has long hinted at some kind of exceptional access to encrypted data, which many have interpreted as an intentional backdoor left in by technology companies such as Apple and Google, both of whom have relinquished control over the private encryption keys that previously unlocked users’ devices. Those keys are now on the device and can only be unlocked by the user who knows the four-to-six digit PIN.

Comey said during yesterday’s hearing that government has had exchanges with technology companies and acknowledged that both sides of the argument see the collision between the desire to be safe and private online and the needs of public safety officials.

“All of those conversations have convinced me it’s not a technical issue,” Comey said. “There are a lot of folks who have said over the last year or so that we are going to break the Internet or have unacceptable insecurity if we try to get to a place where court orders are complied with.”

Comey said many technology companies provide secure services or make “good phones” that can be unlocked and still comply with court orders. “In fact, the makers of phones today that can’t be unlocked, a year ago they could be unlocked,” he said, adding that the government doesn’t want a backdoor, nor does it favor legislation mandating such access.

“We want to get to a place where if a judge issues an order, the company figures out how to supply that information to a judge and figures out on its own how to do that,” Comey said. “The government shouldn’t be telling people how to operate their systems. We are in a place where we understand it’s not a technical issue, it’s a business model question.”

The Electronic Frontier Foundation (EFF), however, posted a rebuttal to Comey’s testimony, pointing out that solutions such as key escrow or splitting keys—which experts have said introduces untenable complexity—or companies simply choosing not to offer encrypted services are equally unacceptable.

Staff attorney Andrew Crocker wrote:

“Rather than seeking legislation mandating backdoors, which would allow involvement, technical review, and criticism by encryption experts and the public, the FBI will rely on backroom pressure to make companies compromise encryption, or even eliminate business models it doesn’t like. Some services—like most flavors of webmail—currently don’t use end-to-end encryption, so they won’t have to change. But for other types of tools (chat or encryption of data at rest), cryptographers are unanimous—designing their tools in the way that Comey wants will have potentially disastrous effects on user security.”

Suggested articles

Newsmaker Interview: Scott Helme on Securing the Web

Threatpost sat down with Helme to discuss the state of web security, including certificate transparency, HTTPS deployment, Let’s Encrypt, content security policy and HTTP strict transport security.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.