FBI chief Comey says strong encryption diminishes agency's efforts

FBI Director James Comey testified on Capitol Hill that tech companies should find a way for government investigators to access data that is encrypted on consumer devices.

FBI Director James Comey testifies during a Senate Judiciary Committee hearing on encryption in Washington on Wednesday.

Kevin Lamarque/Reuters

July 8, 2015

In two congressional hearings Wednesday, FBI Director James Comey urged tech companies to work with law enforcement agencies so that encryption on consumer devices won’t hinder criminal and terrorist investigations.

Mr. Comey told senators that encryption allows criminal suspects to cloak their communications – which he refers to as “going dark” — in a way that eludes agents and has the potential to harm public safety and national security. Therefore, he said, the government should have some way to access data protected by encryption.

“If we intercept data in motion between two encrypted devices across an encrypted mobile app, we can’t break it,” Comey said. "On the current course and current speed, my ability to discharge my No. 1 responsibility would be materially diminished in the not too distant future. It’s certainly diminished today.”

The battle between Washington and Silicon Valley over encryption

Growing calls by Obama administration officials such as Comey and Adm. Mike Rogers, head of the National Security Agency, for technology companies to allow the government access to private data has set off a fierce debate within the technology community over the use of encryption. Privacy experts and tech executives have repeatedly said that weakening encryption to give government access to data would compromise privacy safeguards for all users.

But Comey said he wants to work with American technology companies so that customers will be able to use encryption and tech companies can still comply with warrants to give investigators access users' information. Current encryption on mobile devices means only the user can access the encrypted data. The tech companies that manufacture the hardware can’t unlock it even if they wanted to.

Still, Comey told the Senate Intelligence Committee in the afternoon, he wants to start a “conversation” on how to create some form of law enforcement access to encryption. “The innovation is here, the energy is here, the infrastructure is here, what we do here will set the tone and the pattern for the rest of the world.”

Deputy US Attorney General Sally Yates, who testified alongside Comey at Wednesday morning’s Senate Judiciary Committee hearing, said the government is not asking for so-called "back doors" into encryption.

“What we are seeking,” she said, “is to be able to work with the industry such that the companies themselves will be able to retain an ability to be able to access the information and to provide that information to us with lawful court orders."

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

Matthew Green, a Johns Hopkins University cryptographer, says allowing companies to implement solutions to give law enforcement data access has problems. Letting companies have a key to encrypted data could create new vulnerabilities in encryption as well as additional security risk for the companies and individual customers.

Even if companies were able to produce such a solution, it may prove too technically challenging to smaller tech firms and app makers, Dr. Green said.

"I trust Apple, I trust Google, but smaller companies with only five people don’t have cryptography experts and won’t be able to get it right,” he said. “My guess is many companies will determine that getting end-to-end encryption to work will increase liability, and say no to encryption," said Green, who was one of several respected cryptographers and security researchers who coauthored a report released Tuesday outlining the security risks in allowing government access to secure data.

Unlike a previous House hearing on the issue of encryption, in which one congressman called the notion of giving law enforcement access to secured data “technologically stupid,” senators largely approached the issue today without vitriol, though Sen. Ron Wyden (D) of Oregon suggested that the government may not be coping with issues of cryptography if it weren't for the National Security Agency revelations about its surveillance program. After those programs were revealed by NSA leaker Edward Snowden, tech companies took steps to strengthen security measures on their devices.

“As we start this debate, I want to emphasize how exactly we got here. Executive branch agencies are now dealing with a problem they largely created,” said Senator Wyden.

Comey didn't offer any evidence regarding FBI investigations thwarted by strong encryption technology. At a separate Judiciary Committee panel Wednesday, Cyrus Vance Jr., a New York district attorney representing Manhattan, provided the only concrete statistics on how many times mobile encryption had prevented law enforcement from accessing data during an investigation. Over the past six months, he said investigators couldn’t access data on 72 out of 92 iPhones running the latest version of Apple's mobile operating system.

Yet, Comey suggested that most “ordinary folks” aren’t interested in having phones with strong encryption. “I don’t exactly know where the great demand for this is coming from,” he said. “I don’t know ordinary folks who say, ‘I want a phone that can’t be opened even if an American judge finds that it ought to be opened because it’s really important.'"

The original version of this story was updated.