FBI: Weaker Encryption Is a Worthwhile Tradeoff for Law Enforcement Access to Data

FBI Director James Comey

FBI Director James Comey Carolyn Kaster/AP

Government officials sparred with privacy advocates over encryption, but acknowledged that “back doors” come with risks of intrusion.

The Justice De­part­ment and the FBI are con­tinu­ing their cam­paign to con­vince the tech com­munity and the pub­lic that weak­en­ing en­cryp­tion to al­low law en­force­ment to ac­cess en­cryp­ted com­mu­nic­a­tions and data has its risks, but that the draw­backs are out­weighed by the se­cur­ity ad­vant­ages.

Amy Hess, the ex­ec­ut­ive as­sist­ant dir­ect­or of FBI’s sci­ence and tech­no­logy branch, said at a Chris­ti­an Sci­ence Mon­it­ordis­cus­sion that al­low­ing ac­cess to en­cryp­ted mes­sages to any­one oth­er than the sender or the re­ceiv­er comes with “some risk” of in­tru­sion. But be­cause law en­force­ment must be able to read en­cryp­ted data and com­mu­nic­a­tion to do its job, the risk of third-party ac­cess is ac­cept­able, Hess said, as long as it is min­im­ized.

The Justice De­part­ment—and es­pe­cially the FBI—has clashed with the tech­no­logy com­munity over the agency’s de­mands that on­line plat­forms stay away from en­cryp­tion prac­tices that keep data private even from the plat­forms them­selves. If the com­mu­nic­a­tions ser­vice can­not ac­cess the data sent across its serv­ers, it can­not turn the data over to law en­force­ment.

Law en­force­ment has called on tech com­pan­ies to take the lead in de­vel­op­ing an en­cryp­tion stand­ard that is both se­cure and ac­cess­ible to au­thor­it­ies upon re­quest. Last week, FBI Dir­ect­or James Comey said tech­no­logy ex­perts just need to “try harder” to find a solu­tion.

But ex­perts main­tain that such a stand­ard is im­possible to achieve, be­cause any third-party key for un­lock­ing en­cryp­ted data—even if re­served for ex­treme cir­cum­stances—will be vul­ner­able to hack­ers.

A com­pany that builds vul­ner­ab­il­it­ies in­to its en­cryp­tion be­comes an at­tract­ive tar­get of at­tack to for­eign gov­ern­ments, crim­in­al hack­ers, and “drool­ing teen­agers in base­ments,” said Matt Blaze, a noted cryp­to­graphy ex­pert and pro­fess­or at the Uni­versity of Pennsylvania.

Be­cause com­pan­ies are in­creas­ingly turn­ing to stronger en­cryp­tion, the FBI is run­ning out of tools to fight crime, Hess said Tues­day. A re­quest for a wiretap—one of the most power­ful sur­veil­lance tools avail­able to the FBI—is a long and com­plic­ated pro­cess that re­quires an agent to sup­ply an ex­tens­ive af­fi­davit stat­ing that every less-in­trus­ive meth­od of sur­veil­lance had already been con­sidered or ap­plied, ac­cord­ing to Kir­an Raj, Seni­or Coun­sel to the Deputy At­tor­ney Gen­er­al.

But Hess said FBI agents will not ap­ply for wireta­ps if they think a sus­pect is us­ing en­cryp­ted com­mu­nic­a­tion, be­cause they are not will­ing to ex­pend the time and cost of craft­ing the re­quest if the odds of its suc­cess are slim.

The FBI’s claim was largely met with a shrug from pri­vacy ad­voc­ates.

“A war­rant is not a right that the gov­ern­ment has to get data,” said Jon Cal­las, CEO of Si­lent Circle, a com­pany that builds en­cryp­ted com­mu­nic­a­tions plat­forms. “It is a right to per­form a search, to at­tempt to get the data, and there may be a lot of reas­ons why it can’t get to it.”

But even as pri­vacy ad­voc­ates clashed with law en­force­ment of­fi­cials on­stage over the form en­cryp­tion should take in the tech com­munity, the groups said they both have the same ob­ject­ive—se­cur­ity—in mind.

“The po­lar­iz­a­tion of this de­bate is really harm­ful,” Blaze said. “I think that in terms of the end goals, there’s a lot more com­mon ground here than maybe the de­bate lets on.”