Encryption is a threat to public safety, the FBI director argued before testifying at a Senate hearing. Crypto experts and the tech industry oppose demands by US officials for “back door” keys to encrypted software as both harmful and impractical. In a guest post on the Lawfare blog, FBI Director James Comey argued that “to protect the public, the government sometimes needs to be able to see an individual’s stuff,” though only “under appropriate circumstances and with appropriate oversight.”
Encryption denies the government that ability, which “will affect public safety,” Comey wrote, citing the example of Islamic State “operators in Syria” using encrypted chats to recruit “dozens of troubled Americans to kill people.” “I really am not a maniac (or at least my family says so). But my job is to try to keep people safe,” he wrote, calling for a “robust debate” to resolve the conflict between privacy and security.
Comey is scheduled to appear before the Senate Intelligence and Judiciary Committees on Wednesday, and where he is expected to argue that commercial encryption is interfering with the bureau’s investigations of criminals and terrorists.
Critics have blasted the government’s anti-encryption campaign as dangerous and misguided, arguing that the FBI’s own records – when actually kept and shown to the public – show that the bureau has had little trouble cracking the communications of terror suspects.
“Given the large number of investigative tools available to the FBI… the notion that encryption imperils all law enforcement operations is ludicrous,” Patrick Eddington of the Cato Institute wrote in The Hill newspaper.
Following NSA whistleblower Edward Snowden’s revelations of US spying in 2013, American companies lost billions of dollars as overseas clients fled from cloud services and software they saw as compromised. A 2013 estimate by Forrester Research projected the possible losses at $180 billion by 2016, just in the field of cloud computing. In response, companies like Apple, Google and Yahoo embraced encryption as a way to assure their clients that nobody – not even the government – could access their data.
Federal officials like Comey, Homeland Security Secretary Jeh Johnson and NSA Director Admiral Michael Rogers have called on the tech industry to give the government keys to their ciphers. Tech executives say that this would open them up to similar demands from other governments, and undermine both the public perception and actual safety of their software.
“If we are going to make a technological system that will let Comey catch the bad guy that he wants to catch … we have to let everybody who is a state actor clamp down and be able to get what they want,” Jon Callas, chief technologist of the encrypted communications company Silent Circle, told the Christian Science Monitor’s Passcode.
“There’s no VIP room; it doesn’t exist,” Scott Montgomery, vice president and chief technology strategist for Intel Security, said. “If there’s a back door, there’s a back door for everybody.”
“It’s clear that other countries would just not accept American products that have a back door built into them for the US government,” Alex Stamos, former chief information security officer at Yahoo and now chief security officer at Facebook, said. “There’s no way they’re going to be OK with that.”
Some of the world’s foremost cryptographers, security specialists and computer scientists from the US and the UK also oppose the government’s proposal.
In a paper to be published Wednesday, 13 of them argue that there is no viable technical solution that would grant governments “exceptional access” to encrypted data without putting it all at risk.
In light of recent massive security breaches at the Office of Personnel Management, the State Department and the White House, the government simply cannot be trusted to keep the keys safe from hackers, the experts told the New York Times.
“The government’s proposals for exceptional access are wrong in principle and unworkable in practice,” said Ross Anderson, a professor of security engineering at Cambridge and one of the paper’s authors.
In 1997, the group successfully opposed the Clinton administration’s initiative to install “Clipper chips” into all devices as a means of giving the government backdoor access.
“The problems now are much worse than they were in 1997,” said Peter Neumann of SRI International, another co-author of the paper. “There are more vulnerabilities than ever, more ways to exploit them than ever, and now the government wants to dumb everything down further.”