FBI Director James Comey again implored tech companies on Tuesday to comply with court orders to reveal encrypted communications that law enforcement considers vital to solving heinous crimes and stopping terrorism.
"We'd like a world where people are able to comply with court orders," Comey said in testimony before the U.S. Senate Intelligence Committee. "It's not about us trying to get a back door, a term that confuses me, frankly. I don't want a door. I don't want a window. I don't want a sliding glass door. I would like people to comply with court orders and that's the conversation we're trying to have."
Major tech firms, especially Apple, have said that decoding encrypted communications is impractical, counterproductive and sometimes impossible -- especially if data is encrypted on a smartphone and can only be decrypted by the phone's user.
In December, Apple CEO Tim Cook said in a CBS interview that Apple complies with court-ordered warrants to produce information required by law enforcement, but said of encrypted data on iPhones, "We don't have it to give." That's because iPhones running versions after iOS 4 keep the decryption keys on a user's iPhone and not on a server or some other place.
Apple reportedly told the FBI last summer that it could not comply with a court order to turn over text messages between drug suspects using iPhones and Apple's iMessage system, according to the New York Times.
Comey didn't specify Apple or any other company in his comments to the Intelligence Committee, but said: "Lots of companies do [comply with court orders]. Both the people who make phones are able to unlock them when judges order it and people who provide communications services are able to comply with judges' orders. Others can't, and therein lies the problem."
Comey said that encrypted data has not been cracked on a phone used by one of the killers in the San Bernardino terrorist attacks or on the phone found by the dead body of a pregnant woman killed last April in Louisiana. "There are no clues to who did it," he said.
The woman he referred to was Brittney Mills, who was carrying an iPhone that still hasn't been unlocked.
Comey told senators that the problems posed by default locks on smartphones are bigger for criminal investors at the local and state levels than for intelligence officials trying to combat terrorism. "Especially with respect to devices, phones, that default lock, that is the overwhelming concern of state and local law enforcement," he said. "It is a big problem for law enforcement armed with a search warrant when they find a device that can't be opened, even if the judge says there is probably cause to open it."
The question of gaining access to encrypted data was especially important to Senate Intelligence Committee Chairman Richard Burr, (R-N.C.), who continues to work with Sen. Dianne Feinstein, (D-Calif.), on a bill addressing U.S. encryption policy. Other lawmakers are expected to introduce a bill to create a commission to look into encryption policies as well as related digital security policies.
Backers of the commission include Sen. Mark Warner, (D-Va.) and Rep. Michael McCaul, (R-Texas).
During Comey's testimony, Burr said: "If companies were to required to honor [a] court order, then the law enforcement and the prosecution element isn't concerned at all how they access that -- that can be proprietary and within each company.... But supplying the information is absolutely crucial to the continuation of that investigation and prosecution."
A few cybersecurity experts have urged Apple, especially, to change the way it provides disk-level encryption, reverting to an older approach that would make decryption keys available to Apple so it could provide needed data to law enforcement when a court orders it to do so. But many experts believe that deep encryption is already an entrenched tradition designed to protect private financial and health data that many Americans and businesses want to preserve untouched.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.