Previewing a round of testimony before Congress later this week, James Comey warned that too-tough-to-crack encryption allows bad actors to “communicate with impunity.”
FBI Director James Comey on Monday defended his agency's position that too-tough-to-crack encryption poses a threat to national security, arguing that terrorists are increasingly using the technology to lock out law enforcement and coordinate attacks.
Comey, in a brief op-ed appearing on the prominent national security blog Lawfare, said that "there are lots of good things" about universal strong encryption, such as expanded privacy and protection from cybercriminals. But those benefits must be balanced against the potential risks created by making it more difficult for the government to access the digital communications and data of those suspected of wrongdoing, he said.
"When the government's ability—with appropriate predication and court oversight—to see an individual's stuff goes away, it will affect public safety," Comey wrote. "That tension is vividly illustrated by the current ISIL threat, which involves ISIL operators in Syria recruiting and tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment."
Comey said that the same tension could be seen in domestic criminal investigations as well, adding that "there is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption."
Comey's post previews a showdown later this week on Capitol Hill, where he will testify before two powerful Senate committees on Wednesday about the dangers of law enforcement "going dark" in its investigations due to encryption. Comey will appear before the Senate Intelligence Committee—a rare open hearing before the normally closed-doors panel—and the Senate Judiciary Committee.
The Obama administration has grown increasingly wary about encryption on smartphones ever since Apple and Google announced last year efforts to offer tighter security by default on their products. Earlier this year, President Obama warned that "if we get into a situation which the technologies do not allow us at all to track somebody we're confident is a terrorist … that's a problem."
But many cybersecurity experts strongly disagree with Obama and Comey. Many believe there is no such thing as a "golden key" for encryption that could allow law-enforcement or national-security professionals access into an encrypted device without also creating a vulnerability that malicious hackers could exploit.
A secret 2009 U.S. cybersecurity report obtained by Edward Snowden and published by The Guardian seemed to back that up, warning that government and private computers are vulnerable to cyberattacks from Russia, China and criminal actors if stronger encryption was not adopted across the board.
Comey, in his blog post, said that the two sides of the encryption debate are "talking past each other" and that he intends to kickoff a "healthy discussion" about the tension between privacy and security with respect to this issue.
"I really am not a maniac (or at least my family says so)," Comey said. "But my job is to try to keep people safe. In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job."