Policy —

FBI chief tells Senate committee we’re doomed without crypto backdoors

Challenges from Going Dark problem "are grave, growing, and extremely complex."

FBI chief tells Senate committee we’re doomed without crypto backdoors

James Comey, the director of the FBI, told a Senate committee Wednesday that the government should have the right to lawfully access any device or electronic form of communication with a lawful court order, even if it is encrypted.

FBI Director James Comey
Enlarge / FBI Director James Comey
Comey and another Justice Department official briefed the Senate Judiciary Committee and complained that keys necessary to decrypt communications and electronic devices often reside "solely in the hands of the end user"—which they said is emblematic of the so-called "Going Dark problem." Companies should bake encryption backdoors into their products to allow lawful access, they said.

"We are not asking to expand the government's surveillance authority, but rather we are asking to ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to us to keep America safe," read the joint prepared remarks (PDF) of Comey and Deputy Attorney General Sally Quillian Yates. "Mr. Chairman, the Department of Justice believes that the challenges posed by the Going Dark problem are grave, growing, and extremely complex."

To counter this, the duo said the government is actively developing its own decryption tools. The remarks said:

We should also continue to invest in developing tools, techniques, and capabilities designed to mitigate the increasing technical challenges associated with the Going Dark problem. In limited circumstances, this investment may help mitigate the risks posed in high priority national security or criminal cases, although it will most likely be unable to provide a timely or scalable solution in terms of addressing the full spectrum of public safety needs.

The Senate hearing comes among a growing chorus of government officials calling for these encryption backdoors. Apple has come under attack by some government officials for making its latest iPhone encrypted by default. Such a configuration likely precludes the authorities from accessing data on iPhones directly from a locked device's hardware even with a warrant.

The White House, the two said in their remarks, is formulating a position on whether to seek legislation demanding the backdoors. So far, President Barack Obama has waffled on the topic and has not clearly stated his position publicly.

For now, US-based companies are not required to provide the government with backdoors into their wares. The law surrounding this issue is the Communications Assistance for Law Enforcement Act of 1994, commonly referred to as CALEA. It requires telcos to make their phone networks amenable to wiretaps, but it doesn’t apply to phone hardware or most other communication services.

Encryption has become a household term following the 2013 leaks by National Security Agency whistleblower Edward Snowden. His documents, including some seemingly showing that Skype has a backdoor, highlighted a broad online global surveillance society and set off a cottage industry of encryption companies.

So far, there has been no congressional proposal to back up calls from high-ranking government officials for backdoors. For the moment, the rhetoric appears to be a tactic to guilt the tech sector into complying.

Sen. Chuck Grassley, a Republican of Iowa and the Senate Judiciary Committee chairman, said the Wednesday hearing was the start toward determining whether Congress would be willing to demand backdoors that the tech sector opposes. (PDF)

"Today, I hope the Senate takes a first step at seeing if any consensus is possible on this important and complicated issue," he said. (PDF)

Sen. Patrick Leahy, a Democrat from Vermont, told the committee he wasn't sold on the backdoor idea and said it could create vulnerabilities.

"Strong encryption has revolutionized the online marketplace and protects American businesses and consumers from cybercrime, espionage, identity theft, stalking, and other threats on the Internet. Undermining strong encryption could make our data more vulnerable," he said. (PDF)

Video of today's hearing and testimony have been made available online.

Channel Ars Technica