Playing down a narrative of an ongoing “crypto-war” between the government and the private sector, FBI Director James Comey said Thursday that shared security values between the two groups mean they should be working together.
But Comey said the source of the tension between tech companies and federal law enforcement—the proliferation of strong encryption standards that make it difficult or impossible to read intercepted communications—could be addressed if only the business community made a real effort to develop new encryption technologies.
“I’ve heard from a lot of folks that it’s too hard, and my reaction to that is: Really? Have we really tried? Have we really tried?” Comey said at an open meeting of the House Permanent Select Committee on Intelligence.
Technology and security experts have said that building in access to encrypted communications would invite intruders. If a tech company creates a “back door” to allow law enforcement to read decrypted data, malicious hackers will also be able to find and exploit it, they say.
Communication services like Apple’s iMessage are encrypted end to end. That means the data sent across Apple’s servers is scrambled—only the intended recipient of a message is able to decrypt it. Because Apple does not keep its users’ encrypted messages, the company recently rebuffed a Justice Department request to turn over the contents of an iMessage conversation to law enforcement in real time.
At a time when many in government and the private sector are pushing for better integration and cybersecurity information-sharing between the two worlds, the conflict over encryption can be counterproductive to an atmosphere of cooperation, tech advocates say.
So as Comey pushed the tech industry Thursday to keep trying to come up with a solution to encryption that simultaneously upholds privacy and national security, he had conciliatory words for Silicon Valley.
“From a government side, our responsibility is to talk to folks and explain to them: We’re not maniacs. The FBI is not an alien force imposed on the American people,” Comey said.
In addition to calling for U.S. technology companies to adopt encryption standards that allow law enforcement in, Comey said America’s “international partners” should do the same, a lofty request in a world where international cybernorms are difficult to uphold and where many governments use electronic surveillance to spy on and persecute their own citizens.
Comey testified alongside the directors of the CIA, the National Security Agency, the Defense Intelligence Agency, andDirector of National Intelligence James Clapper. The men discussed how their agencies are dealing with cyberthreats and what those threats look like.
Clapper said that despite fears of a single “cyber-armageddon” event, the intelligence community predicts a continuation of “low- to moderate-level cyberattacks” that will wear away at the private sector and the government.
He also said that the next generation of intrusions could be more harmful than the current pattern of cyberthefts, because they will do more than just steal data. In the future, hackers may go into databases to edit data rather than just steal or delete it. “Decision-making by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving,” Clapper wrote in prepared testimony.