FBI Director James Comey appeared before the Senate Judiciary Committee on Wednesday to argue for legal support to weaken strong encryption, which he claims obstructs criminal investigations.
The title of the hearing, "Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy," borrows Comey's characterization of encryption as a way to conceal evidence of criminal acts.
"We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet, or a laptop -- evidence that may be the difference between an offender being convicted or acquitted," said Comey and Sally Quillian Yates, US Deputy Attorney General, in joint prepared remarks. "If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders."
The concerns of Comey and Yates were echoed by Cyrus Vance Jr., District Attorney for New York County, who, last fall, complained about the device encryption deployed by Apple and Google.
"Before September 2014, investigators could access a locked iPhone with a warrant," said Vance at the hearing. "Today, unless we have a passcode, we cannot ... Criminals are literally and figuratively laughing in the faces of law enforcement."
FBI officials have been using the term "going dark" at least since 2008. And worries about technologies that may inhibit surveillance go back further still. In 1994, the Communications for Law Enforcement Act was passed to address FBI concerns that the shift toward fiber optic cable would render traditional phone tapping obsolete.
Yet legal and technical experts at the Senate Judiciary hearing Thursday, as well as those weighing in through open letters, argued against any requirement that companies provide a way to bypass encryption.
Peter Swire, professor of law and ethics at Georgia Institute of Technology, challenged the premise of Comey's argument. "It is more accurate to say that we are in a 'Golden Age of Surveillance' than for law enforcement to assert that it is 'Going Dark,'" said Swire in a prepared statement.
Conceding that strong encryption on devices can render some data inaccessible to investigators, Swire stressed that any loss of access is more than made up for by the availability of location data, social network connections, and databases full of details about suspects' digital lives.
As Swire and co-author Kenesa Ahmad put it in a 2011 paper, "We live in a new age where most people carry a tracking device, a mobile phone."
In May, dozens of prominent technologists, civic organizations, and companies signed an open letter to President Obama urging him to preserve strong encryption in order to protect national security and US business interests. "Whether you call them 'front doors' or 'back doors,' introducing intentional vulnerabilities into secure products for the government's use will make those products less secure against other attackers," the letter argued, adding that any such requirement would harm the market for such products abroad.
Earlier this week, a group of cryptography experts published a similar letter warning that demands for exceptional access to encrypted data by law enforcement are fraught with problems. "We find that [granting law enforcement exceptional access] would pose far more grave security risks, imperil innovation, and raise thorny issues for human rights and international relations," the letter said.
As examples of the risk of compromised cryptography, the Electronic Frontier Foundation has cited past security flaws in Cisco's wiretapping architecture and the compromise of Google's legal compliance system in China.
In the 1990s, the technology and business community pushed back against export controls on encryption and a government effort to encourage mobile handset makers to use the Clipper Chip, a mobile phone chipset developed by the NSA that provided authorities with a backdoor.
The technology community prevailed in this so-called Crypto War, or so it seemed until 2013. Documents made available by Edward Snowden revealed that the NSA has developed a variety of tools and techniques to access electronic information. These techniques demonstrate that strong encryption cannot compensate for weak security practices elsewhere, and that some strong encryption may not be as strong as supposed.
More recently, the hacking of Italian surveillance software vendor Hacking Team offered a reminder that the NSA is not alone in practicing such techniques. Ironically, the incident also demonstrated the problem with exceptional access -- the Motherboard website reported that the company's surveillance software contains a previously undisclosed backdoor.
Law enforcement's war against math (cryptography) and speech (computer code) never ended. And it isn't likely to end soon. But it isn't a war that can be won by fiat. Mandating compromised encryption to protect society will only ensure universal vulnerability.