FBI director warns against cellphone encryption
Washington — FBI Director James Comey warned in stark terms Thursday against the push by technology companies to encrypt smartphone data and operating systems, arguing that murder cases could be stalled, suspects could walk free and justice could be thwarted by a locked phone or an encrypted hard drive.
Privacy advocates and technology experts called the concerns exaggerated and little more than recycled arguments the government has raised against encryption since the early 1990s.
Likening encrypted data to a safe that cannot be cracked or a closet door that won’t open, Comey said the move by tech companies to protect user communications in the name of privacy is certain to impede a wide range of criminal investigations. New legislation to allow law enforcement to intercept communications is needed at a time of advancing technology and new forms of communication, he said.
“We have the legal authority to intercept and access communications from information pursuant to court order, but we often lack the technical ability to do so,” Comey said in a Brookings Institution speech.
Comey cited particular cases in which he said access to cell phone data aided in a criminal investigation. But in a question-and-answer session after the speech, he said he could not cite particular instances in which someone was rescued from danger who wouldn’t have been had law enforcement been blocked from that information.
“Logic tells me there are going to be cases like that,” Comey said.
The speech, which echoes concerns he and others in law enforcement have previously made, comes soon after announcements by Apple and Google that their new operating systems will be encrypted, or protected with coding by default. Law enforcement officials could still intercept conversations but might not be able to access call data, contacts, photos and email stored on the phone.
While the companies’ actions are understandable, Comey said, “the place they are leading us is one we shouldn’t go to without careful thought and debate.”
“Encryption isn’t just a technical feature. It’s a marketing pitch. But it will have very serious consequences for law enforcement and national security agencies at every level,” Comey said.
The government’s concerns may also center in part on the use of Apple’s iMessage platform, which offers end-to-end encrypted text messages that supersede traditional SMS messages. That kind of encryption likely provides access to those messages on users’ iPhones, of which Apple has sold more than 240 million since 2013.
He acknowledged a rise in public mistrust of government in the year since former National Security Agency systems analyst revealed NSA secret intelligence collection programs. But he said the public was wrong to believe that law enforcement can access any and all communications with the flip of a switch.
“It may be true in the movies or on TV. It is simply not the case in real life,” he said.
Comey also said the FBI was committed to a “front-door” approach, through court orders and under strict oversight, to intercepting communications. Privacy advocates have long been concerned that that intercept would create an opening for hackers to exploit.
The American Civil Liberties Union said federal law protects the right of companies to add encryption with no backdoors and that the companies should be credited for being “unwilling to weaken security for everyone.”
“Whether you call it a ‘front door’ or a ‘back door,’ weakening the security of a system to enable law enforcement access also opens that door to foreign governments and criminals,” said Christopher Soghoian, principal technologist with the ACLU’s Speech, Privacy and Technology Project.
Matthew Green, a cryptology professor at Johns Hopkins University, said the debate over personal encryption isn’t new: Back in the 1990s, when personal computers were a novelty, he said most consumers weren’t even aware of encryption. When a form of email encryption called PGP was released, he said, there was a fear that criminals would use it.
“These technologies exist” for consumers to protect their privacy, he said, “and it’s very hard to do anything about it.”