by Kenneth Corbin

FBI Chief Urges Tech Firms to Rethink Encryption

News Analysis
Oct 17, 20144 mins
EncryptionGovernmentGovernment IT

FBI Director James Comey warns that default encryption settings on Apple and Google devices could impede law enforcement investigations, calling for an update of 20-year-old wiretapping law.

FBI Director James Comey on Thursday called on Apple and Google to abandon plans to set encryption as the default setting for mobile devices and operating systems, warning that such a move would prevent law enforcement officials from accessing electronic communications that are critical to investigations and prosecutions.

[ NSA Director Denies Knowledge of Google, Yahoo Hack ]

FBI Director Seeks Overhaul of 1994 Communications Assistance for Law Enforcement Act (CALEA)

In a speech at the Brookings Institution, Comey appealed to lawmakers to update a 20-year-old wiretapping statute to require digital communication providers “to build lawful intercept capabilities for law enforcement” authorities.

“In the past, doing electronic surveillance was straightforward,” Comey says.

But the proliferation of new methods of communication has complicated the task considerably, he argues. Police tracking a suspect might lose their intercept if the individual switches from a cellular network to Wi-Fi, for instance.

“The bad guys know this. They’re taking advantage of this every day,” he says.

Comey is asking lawmakers to overhaul the 1994 Communications Assistance for Law Enforcement Act (CALEA) so that authorities can better keep tabs on digital transmissions, retooling the statute to cover tech companies outside of the telecom industry and require them to provide an intercept capability for law enforcement.

“To be clear, we are not seeking to expand our authority to intercept communications,” Comey says. “We are struggling to keep up with changing technology and to maintain our ability to actually collect the communications we are authorized to collect. And if the challenges of real-time data interception threaten to leave us in the dark, encryption threatens to lead us all to a very, very dark place.”

Snowden Revelations Have Hampered Efforts to Update CALEA

Comey notes that any momentum for updating CALEA that had been building in Congress quickly dissipated following the revelations of sweeping government surveillance programs from former NSA contractor Edward Snowden.

[ Snowden Reveals Automated NSA Cyberwarfare Program ]

Taken together, those disclosures painted a picture of a sprawling government intelligence apparatus engaged in dragnet surveillance, compelling companies to turn over customer records and operating with minimal legal oversight. Administration officials of course have disputed that characterization, and argued that the courts established under the Foreign Intelligence Surveillance Act are a meaningful check on the intelligence community.

Nevertheless, Comey acknowledges that the Snowden disclosures were bruising to the government’s reputation, and that tech companies understandably have sought to combat the perception that the NSA and FBI have a direct pipeline into their data centers.

But in his appeal for broadening the wiretapping law, Comey insists that the feds aren’t seeking any special access to companies’ data or to circumvent the regular process of obtaining court orders.

“We are not seeking a back-door approach. We want to use the front door with clarity and transparency,” Comey says.

At least one member of Congress was quick to signal skepticism about any proposal to broaden access to electronic records.

“I oppose requiring companies to build back doors into their products,” Sen. Ron Wyden (D-Ore.) tweeted during Comey’s speech.

Earlier this year, Apple and Google both announced that the next versions of their mobile operating systems would be encrypted by default, which Comey says will make it far more difficult for law-enforcement officials to access user information.

And he says that he is sympathetic that the firms have come under fire from the perception that the government has ready access to their data, though he insists that default encryption is a dangerous overreaction that will impede law enforcement, suggesting that “the post- Snowden pendulum has swung too far.”

“Both companies are run by good people who care deeply about public safety and national security. I know that,” he says. “And they’re responding to a market demand that they perceive, but the place that this is leading us is one that I suggest we should not go without careful thought and debate as a country.”