FBI Director James Comey on Wednesday called for tech companies currently offering end-to-end encryption to reconsider their business model, and instead adopt encryption techniques that allow them to intercept and turn over communications to law enforcement when necessary.
End-to-end encryption, which is the state of the art in providing secure communications on the internet, has become increasingly common and desirable in the wake of NSA whistleblower Edward Snowden’s revelations about mass surveillance by the government.
Comey had previously argued that tech companies could somehow come up with a “solution” that allowed for government access but didn’t weaken security. Tech experts called this a “magic pony” and mocked him for his naivete.
Now, Comey said at a Senate Judiciary Committee hearing Wednesday morning, extensive conversations with tech companies have persuaded him that “it’s not a technical issue.”
“It is a business model question,” he said. “The question we have to ask is: Should they change their business model?”
Watch the video:
Comey’s clear implication was that companies that think it’s a good business model to offer end-to-end encryption — or, like Apple, allow users to fully encrypt their iPhones — should roll those services back.
Comey and other government representatives have been pressuringcompanies like Apple and Google for many months in public hearings to find a way to provide law enforcement access to decrypted communications whenever there’s a lawful request. Deputy Attorney General Sally Quillian Yates said in a July hearing that some sort of mandate or legislation “may ultimately be necessary” to compel companies to comply, but insisted that wasn’t the DOJ’s desire. Now, there’s little pussyfooting about it.
“There are plenty of companies today that provide secure services to their customers and still comply with court orders,” he said. “There are plenty of folks who make good phones who are able to unlock them in response to a court order. In fact, the makers of phones that today can’t be unlocked, a year ago they could be unlocked.”
Comey indicated that these companies should be satisfied providing customers with encryption that allows for interception by the providers, who can then turn over the information to law enforcement.
Privacy experts say that the same holes in encryption that allow for authorized interception also allow for unauthorized interception — and therefore provide insufficient security.
Comey called on customers, who he said are becoming more aware of the “dangers” of encryption, to “speak to” phone companies and insist they’ll “keep using [their] phones” if they stopped offering the technology.
Comey acknowledged that encrypted apps would still exist. But, he said, encryption “by default” is the real problem. He told Sen. Mike Lee, R-Utah, that “I think there’s no way we solve this entire problem. … The sophisticated user could still find a way.”
That didn’t stop him from calling for an international standard for encryption technologies, however. Many popular encrypted applications are not U.S. based. Any action imposed on American companies would likely handicap them and lead customers to turn to overseas options.
“We have to remember limits of what we can do legislatively,” said Lee. “If we’re going to mandate that legislatively” — force companies to stop offering strong encryption — “it wouldn’t necessarily fix the problem,” he said.
Read the full article here
Credit: The Intercept