FBI director James Comey on Wednesday called on tech companies providing smartphone encryption tools to voluntarily find ways to turn over to a judge those messages suspected of being terrorist-related.
"The government doesn't want a back door," Comey told the U.S. Senate Judiciary Committee. (See video, below.) "The government hopes to get to a place where if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own what would be the best way to do that. The government shouldn't be telling people how to operate their systems."
Comey said that some companies have designed their smartphones to provide terrorists' and crime-related communications to law enforcement, but others have not.
"It's actually not a technical issue; it's a business model question," Comey said. "A lot of people have designed systems so that judges' orders can't be complied with...The question we have to ask is: Should they change their business model?"
Comey's encryption comments were made as part of a long review of the FBI's activities by the Senate committee; they start at minute 41 and last for about three minutes on the Senate hearing's video link. Comey's written testimony to the committee also confirms that the Obama Administration is not currently seeking a legislative remedy to deal with encrypted communications that could be used by criminals and terrorists.
Comey didn't directly tie the use of encrypted messages to the recent terrorist attacks in Paris or San Bernardino, although those attacks have renewed discussions about how to gain access to encrypted terrorist communications. However, he did say that 109 encrypted messages were detected by one of two terrorists in the attack on the Curtis Culwell Center on May 3 in Garland, Texas. A security officer was injured in that attack at an exhibit of cartoon images of Muhammad, but a local police officer shot and killed both attackers.
"In May, two terrorists attempted to kill a lot of people," Comey said. One of the terrorists "exchanged 109 messages with an overseas terrorist. We have no idea what he said because it was encrypted...That is a big problem. We have to grapple with it."
Comey didn't name specific tech companies in his remarks, but said he has met with many tech leaders in recent weeks about the need to free up encrypted data. Some law enforcement experts are especially concerned that recent Apple iPhones and many Android phones can provide end-to-end encryption. By contrast, BlackBerry devices offer high-level encrypted security, but encrypted data can still be accessed for law enforcement.
In addition, hundreds of smartphone apps offer encryption for various kinds of text, email and voice messages. The U.S. government has even financed some encryption smartphone apps -- including Signal, RedPhone and TextSecure -- through the federal Open Technology Fund.
When the encryption debate was reopened just after the Paris attacks, privacy advocates and industry groups issued concerns about weakening encryption. The Information Technology Industry Council, which represents large companies like Google, Apple and Microsoft, issued a statement on Nov. 19 that said "weakening security with the aim of advancing security simply does not make sense."
The practical problems with working around encrypted communications are manifold, privacy advocates have argued. In the case of recent Apple iPhones and some other smartphones, it would require a re-working of the operating system to gain access to decryption keys, which reside on an iPhone itself. Another difficulty is that tech companies could be forced to turn over data to law enforcement without knowing if the correct communications and smartphone users have been targeted, and not an innocent party.
Comey's testimony brought a variety of reactions from lawmakers on Wednesday. Many of the comments showed the ambiguity involved in creating legislation that can help the FBI and law enforcement agencies combat terrorism without infringing on privacy of individuals who want and already widely use encryption software.
"I think banning encryption is a little bit like banning guns," said presidential candidate and U.S. Sen. Rand Paul (R-Kentucky) in an interview on CNN. "If you ban encryption, the law-abiding people won't use it and the terrorists will still continue to use it," he said. Technical attempts to somehow open encrypted code to share data with law enforcement would actually weaken the code, making it vulnerable to terrorists and others, he argued.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.