The FBI’s Charm Offensive on Encryption

Play­ing down a nar­rat­ive of an on­go­ing “crypto-war” between the gov­ern­ment and the private sec­tor, FBI Dir­ect­or James Comey said Thursday that shared se­cur­ity val­ues between the two groups mean they should be work­ing to­geth­er.

But Comey said the source of the ten­sion between tech com­pan­ies and fed­er­al law en­force­ment—the pro­lif­er­a­tion of strong en­cryp­tion stand­ards that make it dif­fi­cult or im­possible to read in­ter­cep­ted com­mu­nic­a­tions—could be ad­dressed if only the busi­ness com­munity made a real ef­fort to de­vel­op new en­cryp­tion tech­no­lo­gies.

“I’ve heard from a lot of folks that it’s too hard, and my re­ac­tion to that is: Really? Have we really tried? Have we really tried?” Comey said at an open meet­ing of the House Per­man­ent Se­lect Com­mit­tee on In­tel­li­gence.

Tech­no­logy and se­cur­ity ex­perts have said that build­ing in ac­cess to en­cryp­ted com­mu­nic­a­tions would in­vite in­truders. If a tech com­pany cre­ates a “back door” to al­low law en­force­ment to read de­cryp­ted data, ma­li­cious hack­ers will also be able to find and ex­ploit it, they say.

Com­mu­nic­a­tion ser­vices like Apple’s iMes­sage are en­cryp­ted end to end. That means the data sent across Apple’s serv­ers is scrambled—only the in­ten­ded re­cip­i­ent of a mes­sage is able to de­crypt it. Be­cause Apple does not keep its users’ en­cryp­ted mes­sages, the com­pany re­cently re­buffed a Justice De­part­ment re­quest to turn over the con­tents of an iMes­sage con­ver­sa­tion to law en­force­ment in real time.

At a time when many in gov­ern­ment and the private sec­tor are push­ing for bet­ter in­teg­ra­tion and cy­ber­se­cur­ity in­form­a­tion-shar­ing between the two worlds, the con­flict over en­cryp­tion can be coun­ter­pro­duct­ive to an at­mo­sphere of co­oper­a­tion, tech ad­voc­ates say.

So as Comey pushed the tech in­dustry Thursday to keep try­ing to come up with a solu­tion to en­cryp­tion that sim­ul­tan­eously up­holds pri­vacy and na­tion­al se­cur­ity, he had con­cili­at­ory words for Sil­ic­on Val­ley.

“From a gov­ern­ment side, our re­spons­ib­il­ity is to talk to folks and ex­plain to them: We’re not ma­ni­acs. The FBI is not an ali­en force im­posed on the Amer­ic­an people,” Comey said.

In ad­di­tion to call­ing for U.S. tech­no­logy com­pan­ies to ad­opt en­cryp­tion stand­ards that al­low law en­force­ment in, Comey said Amer­ica’s “in­ter­na­tion­al part­ners” should do the same, a lofty re­quest in a world where in­ter­na­tion­al cy­bernorms are dif­fi­cult to up­hold and where many gov­ern­ments use elec­tron­ic sur­veil­lance to spy on and per­se­cute their own cit­izens.

Comey test­i­fied along­side the dir­ect­ors of the CIA, the Na­tion­al Se­cur­ity Agency, the De­fense In­tel­li­gence Agency, an­d­Dir­ect­or of Na­tion­al In­tel­li­gence James Clap­per. The men dis­cussed how their agen­cies are deal­ing with cy­ber­threats and what those threats look like.

Clap­per said that des­pite fears of a single “cy­ber-armaged­don” event, the in­tel­li­gence com­munity pre­dicts a con­tinu­ation of “low- to mod­er­ate-level cy­ber­at­tacks” that will wear away at the private sec­tor and the gov­ern­ment.

He also said that the next gen­er­a­tion of in­tru­sions could be more harm­ful than the cur­rent pat­tern of cy­ber­thefts, be­cause they will do more than just steal data. In the fu­ture, hack­ers may go in­to data­bases to edit data rather than just steal or de­lete it. “De­cision-mak­ing by seni­or gov­ern­ment of­fi­cials (ci­vil­ian and mil­it­ary), cor­por­ate ex­ec­ut­ives, in­vestors, or oth­ers will be im­paired if they can­not trust the in­form­a­tion they are re­ceiv­ing,” Clap­per wrote in pre­pared testi­mony.