The FBI still wants backdoors into encrypted communications, it just doesn’t want to call them backdoors and it doesn’t want to dictate what they should look like.
FBI Director James Comey told the Senate Judiciary Committee that he’d been in talks with unspecified tech leaders about his need to crack encrypted communications in order to track down terrorists and that these leaders understood the need.
In order to comply, tech companies need to change their business model – by selling only communications gear that enables law enforcement to access communications in unencrypted form, he says, rather than products that only the parties participating in the communication can decrypt.
Businesses that sell phones whose stored messages can’t be decrypted by third parties or apps that encrypt voice and data end-to-end need to switch to selling products that they, with a court order, can unencrypt the communications, Comey says.
“There are plenty of folks who make good phones and are able to unlock them in response to a court order,” Comey says. “In fact the makers of phones that today can’t be unlocked, a year ago they could be unlocked. … The government hopes to get to a place where if a judge issues an order the company figures out how to supply that information to the judge and figures out on its own what would be the best way. And people I think also better understand today the government doesn’t want a backdoor to do that.”
Encryption keys that allow third parties to unlock the communications being sought are commonly known as backdoors. Doing what he describes would require backdoors, whether or not he calls them something else. The concerns of the security industry are that any such backdoors represent built-in weaknesses in encryption schemes that could be exploited by parties who don’t have court orders.
He also says tech companies should just accept that they would be selling less secure products.
“The question we have to ask is, ‘Should they change their business model?’” Comey says. “That is a very, very hard question. Lots of implications to that. We have to wrestle with it because of what’s at stake.”
FBI Director James Comey
The bottom line, though, is that encryption hinders FBI investigations, and that tech leaders recognize it. “We see that encryption is getting in the way of our ability to have court orders effective to gather information we need in our most important work, and we all agree we have to figure out whether we can maximize both of those values - safety and security on the Internet and public safety. That’s good news.”
He cited the case in Garland, Texas, last May in which two men tried to shoot up a contest for drawing cartoons of Muhammed.
“[T]hat morning before one of those terrorists left to try to commit mass murder, he exchanged 109 messages with an overseas terrorist,” Comey says. “We have no idea what he said because those messages were encrypted. And to this day I can’t tell you what he said with that terrorist 109 times the morning of that attack. That is a big problem.”
Comey didn’t address whether the FBI knew about the communication before the attack or whether he thought it could have prevented it.
He says it’s not his place to decide whether new laws are the way to go to get what he wants. That’s up to the Obama administration, which so far has not sought such legislation.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.