FBI director James Comey, in a speech last week at the Brookings Institute, reiterated his concerns about encryption built into iOS 8 and Android stymieing law enforcement.
“I’m a huge believer in the rule of law, but I also believe that no one in this country should be beyond the law,” he said.
However, the law has not kept pace with technology, and “we have the legal authority to intercept and access communications information pursuant to a court order — but we often lack the technical ability to do that,” Comey explained.
Both data in motion, consisting of phone calls, emails, live texts and chat sessions, and data stored on devices, are increasingly encrypted, Comey complained.
“Have we become so mistrustful of government — and law enforcement, in particular — that we are willing to let bad guys walk away, willing to leave victims in search of justice?” he asked.
Surveillance through telecommunications carriers or ISPs “who have developed lawful intercept solutions is an example of a government operating the way the founders designed it, with the executive, the legislative and the judicial branches proposing and acting and overseeing legislation pursuant to the rule of law,” Comey said.
Privacy and the FBI
The Bill of Rights ensures “that the papers and effects of the people are secure from unreasonable search and seizure,” Comey said.
Our phones and computers “hold much of what is important to us in life, and with that comes the desire to protect privacy and our data,” he continued. “We want to be able to share our lives with the people we choose to share our lives with. I very much feel that way.”
However, the FBI “has a sworn duty to try to keep every American safe from crime and from terrorism, and technology has become a tool of choice for some very dangerous people,” Comey observed.
In essence, he is calling for backdoors to be built into devices and mobile OSes.
“The FBI should not be in the business of trying to convince companies to offer less security to their customers,” Cindy Cohn, legal director of the Electronic Frontier Foundation, told TechNewsWorld, “but that’s what Mr. Comey is proposing — undoing a clear congressional decision in the 1990s that, rightly, ensured that we have the right to lock our digital information up just as strongly as we can lock up our physical goods.”
She was referring to the Telecommunications Act of 1996.
Friending the Crooks and the Thieves
“It’s impossible for government to create a backdoor into our phones and electronic devices without also leaving it open for improper access by criminals,” said Jake LaPerruque, fellow on privacy, surveillance and security at the Center for Democracy and Technology.
While Comey said it’s not likely that government can compel people to decrypt their phones, “this doesn’t square with government actions in court,” he told TechNewsWorld..
Upholding the Law
Comey referred repeatedly to lawful searches, but the FBI has used National Security Letters, which pretty much give it carte blanche, to the point that it’s considered to have abused them. That sparked a lawsuit challenging the practice and led some lawmakers to file an amicus curiae, or friend of the court, brief in support of the plaintiffs in April.
NSLs, which are issued directly by the bureau without any prior judicial review, are almost always accompanied by a nondisclosure order barring the recipient from revealing anything about the demand, the brief points out.
“We have seen time and time again government agencies attempt to justify their behavior under thinly veiled excuses such as the national security letters,” Yasha Heidari of the Heidari Power Law Group told TechNewsWorld.
Tempest in a Teapot?
Perhaps all the hue and cry over building encryption into devices and mobile OSes is not warranted. The USA Patriot Act lets the government or law enforcement go directly to telecommunications carriers or ISPs and subpoena and download people’s data stored in the cloud without their knowledge.
The debate over encryption “seems to be more of a publicity stunt than anything else,” Heidari said. “I will note, however, that encrypting your phone while also encrypting the data, such as through a [virtual private network], could be a viable method of maintaining privacy.”