Comey renews encryption plea on Capitol Hill

Featured eBooks
Space Tech
Read Now

CDM

Read Now

Digital Transformation

Read Now
Adam Mazmanian By Adam Mazmanian,
Executive Editor, Nextgov/FCW

By Adam Mazmanian

|

The FBI director's arguments for law enforcement access to encrypted communications met a friendlier reception in the Senate than in the House.

FBI Director James Comey, testifying March 25 before a House Appropriations subcommittee.

FBI Director James Comey told senators he did not have a specific legislative proposal in mind to address law enforcement's access to encrypted data.

FBI Director James Comey, in two Senate committee appearances, raised the specter of the Islamic State and other terror groups as he renewed his bid to get law enforcement access to encrypted communications.                                

The problem, as Comey sees it, is that criminals, terrorists and other malefactors are "going dark," by using end-to-end encryption built into mobile device operating systems offered by Apple and Google, and available in some communications software, like WhatsApp.

Comey and Deputy Attorney General Sally Yates, in a hearing of the Senate Judiciary Committee on July 8, said they didn't want direct access via encryption keys to communications. But they did say that they wanted companies that provided encryption services to retain access to customer accounts, and to decrypt communications upon the receipt of a search warrant or other legal instrument from law enforcement.

"We want to have each provider think about and work out a way where they will find a way to respond to these requests," Yates told the committee.

Comey said he was "not trying to scare folks," but told lawmakers that he thought that the ability of law enforcement to disrupt incipient terror plots would be diminished without access to encrypted communications.

"The terrorism threat is very different and has changed just in my two years as director," Comey said during an afternoon appearance at the Senate Select Committee on Intelligence. He warned that the Islamic State terror group had 21,000 English-language followers on Twitter, and was looking to task recruits to murder U.S. law enforcement and military personnel, and to launch lone-wolf terror plots.

"We cannot break strong encryption," Comey said.

Comey and other officials have covered this ground before. In an April hearing of the House Oversight and Government Reform Committee, members reacted skeptically to the idea that encryption could be maintained on a secure basis with third party access, either by providers or direct backdoor access by law enforcement.

In a letter to Comey dated June 1, two lawmakers with degrees in computer science, Rep. Will Hurd (R-Texas) and Rep. Ted Lieu (D-Calif.) cautioned the director against requiring companies to build in access to encrypted data for law enforcement purposes.

"Any vulnerability to encryption or security technology that can be accessed by law enforcement is one that can be exploited by bad actors such as criminals, spies and those engaged in economic espionage," they wrote.

Working computer scientists tend to agree. In a paper published a day ahead of Comey's testimony, a group of leading security experts warned that there was no known secure method of permitting third-party access to encrypted communications, and that current proposals are " unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm."

Comey's arguments met a friendlier reception in the Senate than in the House.

"This is not a theoretical issue," Sen. Dianne Feinstein (D-Calif.) said in a rare open hearing of the Intelligence Committee, where Comey gave testimony. "The FBI has briefed this committee on cases where it knows of communications involving ongoing terrorists by ISIL inside the United States, but it has no way to obtain the content of those communications, even with a court order based on probable cause," she said. She wants legislation to require communications companies to design their systems to support some form of law enforcement access.

"I believe United States companies, including many founded and headquartered in my home state, have an obligation to do everything they can to insure that their products and services are not allowed to be used to foment the evil that ISIL embodies," Feinstein said.

Comey said he did not have a legislative proposal in mind, and that his focus was on working with technology companies and raising the issue in public settings.

So far, law enforcement hasn't collected data on the scope of the problem.

"Being able to give you hard numbers on the number of cases that have been impacted is impossible,” Yates told the Senate Judiciary Committee. Comey noted in his Intel Committee testimony that FBI agents typically didn't collect data on instances when they encountered encrypted data.

The technology industry maintains objections to any incursion into their ability to offer end-to-end encryption.

"We ... caution the administration against pursuing policies that encourage or require companies to weaken encryption technologies, including requiring so-called 'back-doors,'" said Dean Garfield, president and CEO of the Information Technology Industry Council said in a statement.

NEXT STORY: Senator Wants Watchdog to Poke Around for More Flaws in OPM’s Security Clearance Systems

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.