Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says

FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could “lead us to a very, very dark place.” Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems available today threaten to cripple the ability of intelligence and law enforcement agencies to gather vital information on criminals.

Speaking at an event at the Brookings Institute in Washington, D.C., Comey discussed the challenges that strong encryption present to law enforcement agencies, specifically when it comes to lawful interception of cell phone communications. Recent changes by Apple and Google to their mobile operating systems have introduced the ability for iPhones and Android devices to be encrypted by default. The big issue, however, is that the companies don’t hold the encryption keys, so they can’t decrypt users’ devices, even when presented with a court order or warrant.

Comey said that he understands users’ desire for security and privacy, but that those needs shouldn’t come at the expense of national security or law enforcement.

“We are not seeking to expand our ability to intercept communications. We are struggling to keep up.”

“We are not seeking to expand our ability to intercept communications. We are struggling to keep up,” he said. “Encryption threatens to lead us all to a very, very dark place. The place that this is leading us is one that I would suggest we shouldn’t go without careful thought and public debate.”

Privacy advocates and security experts have lauded the moves by Apple and Google as being good for consumers, many of whom wouldn’t necessarily go out of their way to enable encryption on their own. But Comey said that the presence of strong encryption on mobile devices will hamper criminal investigations.

“Law enforcement needs to be able to access communications in a lawful way in order to bring people to justice,” he said. “Those charged with protecting our people aren’t able to access the evidence we need even with lawful authority.”

Comey also indicated that the revelations of the NSA’s capabilities made by Edward Snowden has had the effect of turning public sentiment against the government on topics of surveillance, privacy and security.

“The prevailing view is that the government is sweeping up all of our communications. That is not true,” he said. “Some believe that the government and the FBI especially has these phenomenal communications capabilities. That’s the product of too much TV.”

The increased use of strong encryption has been an issue for law enforcement and intelligence agencies for decades, since the advent of readily available programs such as PGP. United States officials have sought to control the export of encryption tools, classifying them as munitions, and have forwarded various schemes such as key escrow to make decryption keys available to law enforcement. Security experts always have argued that the existence of such keys would fatally weaken any encryption system. Comey said that the FBI isn’t looking for a built-in vulnerability or trap door in iOS or Android to enable lawful access, but instead wants the same kind of access it has had to telecommunications systems for years through CALEA.

“We are not seeking a backdoor approach. We are completely comfortable with court orders and lawful authority,” he said. “With sophisticated encryption, there may be no solution at all, leaving us at a dead end. Even with a supercomputer, we would have difficulty with today’s high-level encryption.”

Suggested articles

Discussion

  • Eric on

    This is a ridculois argument. It is like saying that door locks are the cause of theft, and if everyone kept their doors unlocked then the police can do their jobs. It is blatant lie so arrogant that it sickens me. The police are not supposed to be able to get access to everything any time they want. And even without access to your data they can get tons of info from your phone metadata and docs on your cloud services. Their claim is completely false - they only need that information to manipulate and control the population. It has been proven that it is not stopping terrorists, so the only real use is so the govnerment can control people.
  • Mike on

    I agree, Eric. Nonsense argumentation. Dangerous criminals have been using encryption long ago. Enabling encryption by default only protects normal users from crackers and thieves, but terrorists and other criminals have been encrypting their machines and communications for decades, so I can't see how having John Doe's smartphone unencrypted may help FBI and NSA fight the bad guys.
  • crackers on

    The Celebgate hackers used a police tool to mimic a iPhone to download it's backup containing everything. The failure of Apple to stop brute force attempts on iCloud even when warned about it 6 months previously goes to show Apple was intentionally allowing security to be lax and allowing iPhone backups to be downloaded without any validation of hardware. So Apple institutes two factor authentication and encrypts the backup with a separate key they control. How does this stop law enforcement any? It only stops the hackers. The genie is out of the bottle, Apple has been selling out it's users wholesale. The police tool came from a Moscow company, meaning the Russians and the Chinese (and anyone else) could have seen that iCloud could be easily brute forced and likely did so on any account they wished. This is undeniably the worst security fail in human existence.
    • Dale on

      Not that I am trying to defend Apple. But again the iCloud issues in CelebGate were a result of power persona security by the users. Doesn't make what happened to them ok by any stretch at the very least I hope that it raises there awareness. The encryption by default move by Apple is amazing. Then obviously as many others have said here the gov't doesn't need your phone to get at a lot of the data anyways because of the laws carriers are burdened with atm. Most of the data they would use texts and call metadata (minus iMessages now) are available through said carriers. So all of the director's comments are just off the wall.
  • Alycia on

    This site was... how do I say it? Relevant!! Finally I have found something which helped me. Kudos!
  • Daniel on

    It is not possible to do "key escrow" encryption without leaving a backdoor. That is precisely what the escrow key is. Once it is possible to provide an escrow key to a particular lawful authority, it must be provided on demand to EVERY lawful authority. He assumes that the U.S. Government is the only authority which can lawfully demand backdoor escrow keys. If I am doing business in China, then China can demand the same escrow key the U.S. is demanding, as can Turkey, Russian Federation, UK, UAE, Saudi Arabia, and Iran. Either the protocol is secure against outside access, or it is open to whichever government official wants it. There isn't a magical in-between place.
  • marcus on

    “The prevailing view is that the government is sweeping up all of our communications. That is not true,” he said. BS! The sheer scale of the data center the government is building in Utah says otherwise.
  • mb on

    The authorities have already demonstrated, time and time again, that they cannot be trusted with individual's privacy. Now it's time to pay the price. This has nothing to do with lawful intercept. That is still mandated at the carrier level. Encryption does not interfere with any lawful intercept. It interferes with UNLAWFUL search and seizure.
  • Richard Flohr on

    Wow as if the Patriot act. Wasn't enough for our so called government. All I know is if I were guilty I wouldn't want them to check my phone either. But if I not guilty then By all means please Let me prove I'm not guilty. There in lies the problem. We've all become use to having to prove our innocence and not the other way around. That is why the normal citizen wants no,demands our privacy. WE THE PEOPLE. Means nothing to us anymore.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.