"We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet, or a laptop -- evidence that may be the difference between an offender being convicted or acquitted," said Comey and Sally Quillian Yates, US Deputy Attorney General, in joint prepared remarks. "If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders."
The concerns of Comey and Yates were echoed by Cyrus Vance Jr., District Attorney for New York County, who, last fall, complained about the device encryption deployed by Apple and Google.
"Before September 2014, investigators could access a locked iPhone with a warrant," said Vance at the hearing. "Today, unless we have a passcode, we cannot ... Criminals are literally and figuratively laughing in the faces of law enforcement."
FBI officials have been using the term "going dark" at least since 2008. And worries about technologies that may inhibit surveillance go back further still. In 1994, the Communications for Law Enforcement Act was passed to address FBI concerns that the shift toward fiber optic cable would render traditional phone tapping obsolete.
Yet legal and technical experts at the Senate Judiciary hearing Thursday, as well as those weighing in through open letters, argued against any requirement that companies provide a way to bypass encryption.
Peter Swire, professor of law and ethics at Georgia Institute of Technology, challenged the premise of Comey's argument. "It is more accurate to say that we are in a 'Golden Age of Surveillance' than for law enforcement to assert that it is 'Going Dark,'" said Swire in a prepared statement.
Conceding that strong encryption on devices can render some data inaccessible to investigators, Swire stressed that any loss of access is more than made up for by the availability of location data, social network connections, and databases full of details about suspects' digital lives.
As Swire and co-author Kenesa Ahmad put it in a 2011 paper, "We live in a new age where most people carry a tracking device, a mobile phone."
In May, dozens of prominent technologists, civic organizations, and companies signed an open letter to President Obama urging him to preserve strong encryption in order to protect national security and US business interests. "Whether you call them 'front doors' or 'back doors,' introducing intentional vulnerabilities into secure products for the government's use will make those products less secure against other attackers," the letter argued, adding that any such requirement would harm the market for such products abroad.
Earlier this week, a group of cryptography experts published a similar letter warning that demands for exceptional access to encrypted data by law enforcement are fraught with problems. "We find that [granting law enforcement exceptional access] would pose far more grave security risks, imperil innovation, and raise thorny issues for human rights and international relations," the letter said.
In the 1990s, the technology and business community pushed back against export controls on encryption and a government effort to encourage mobile handset makers to use the Clipper Chip, a mobile phone chipset developed by the NSA that provided authorities with a backdoor.
The technology community prevailed in this so-called Crypto War, or so it seemed until 2013. Documents made available by Edward Snowden revealed that the NSA has developed a variety of tools and techniques to access electronic information. These techniques demonstrate that strong encryption cannot compensate for weak security practices elsewhere, and that some strong encryption may not be as strong as supposed.
More recently, the hacking of Italian surveillance software vendor Hacking Team offered a reminder that the NSA is not alone in practicing such techniques. Ironically, the incident also demonstrated the problem with exceptional access -- the Motherboard website reported that the company's surveillance software contains a previously undisclosed backdoor.
Law enforcement's war against math (cryptography) and speech (computer code) never ended. And it isn't likely to end soon. But it isn't a war that can be won by fiat. Mandating compromised encryption to protect society will only ensure universal vulnerability.
Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.