• United States



FBI again claims it’s Going Dark thanks to encryption

Oct 20, 20146 mins
Data and Information SecurityEncryptionMicrosoft

Unless we find the right "balance" of security and liberty (privacy), and stop being so "mistrustful of the government and law enforcement," then FBI Director James Comey said widespread adoption of encryption will mean the U.S. is no longer "a country governed by the rule of law."

Think back to a childhood story about a boy who cried wolf one time too many; when a wolf was a real threat, people rolled their eyes and no one believed him. The moral of the story is what the boy was told, “Nobody believes a liar…even when he is telling the truth!” While I’m not calling FBI Director James Comey a liar, the FBI has cried it is “going dark” so often since 2007 that it reminds me of the boy who cried “Wolf!”

Last week at the Brookings Institution, during his “Going Dark” speech, Comey hammered on the evils of encryption again and how we must find the right “balance” of security and liberty. When feds start talking about striking a “balance” between security and liberty (or security and privacy) it tends to strike dread in my heart. That’s because liberty and privacy lose out to security, but security loses too as “balance” solutions mean weakening security. If your mind jumped to “back door” access, “one that foreign adversaries and hackers may try to exploit,” Comey called that a “misconception” that “isn’t true.”

We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process—front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks.

Cyber adversaries will exploit any vulnerability they find. But it makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact. And with sophisticated encryption, there might be no solution, leaving the government at a dead end—all in the name of privacy and network security.

After Comey’s speech, Laura W. Murphy, the ACLU director of the Washington Legislative Office, stated:

“Director Comey is wrong in asserting that law enforcement cannot do its job while respecting Americans’ privacy rights. In fact, federal law explicitly protects the right of companies to add encryption with no backdoors. Whether the FBI calls it a front door or a backdoor, any effort by the FBI to weaken encryption leaves our highly personal information and our business information vulnerable to hacking by foreign governments and criminals.”

After pointing out how Comey’s words seemed like an echo of a 1995 speech by the FBI director, the EFF said:

Now just as then, the FBI is trying to convince the world that some fantasy version of security is possible—where “good guys” can have a back door or extra key to your home but bad guys could never use it. Anyone with even a rudimentary understanding of security can tell you that’s just not true. So the “debate” Comey calls for is phony, and we suspect he knows it. Instead, Comey wants everybody to have weak security, so that when the FBI decides somebody is a “bad guy,” it has no problem collecting personal data.

That’s bad science, it’s bad law, it’s bad for companies serving a global marketplace that may not think the FBI is always a “good guy,” and it’s bad for every person who wants to be sure that their data is as protected as possible—whether from ordinary criminals hacking into their email provider, rogue governments tracking them for politically organizing, or competing companies looking for their trade secrets.

Yes, Comey admitted that the FBI still can access the cloud with lawful authority. Yet that’s not good enough, as he maintained, “But uploading to the cloud doesn’t include all of the stored data on a bad guy’s phone, which has the potential to create a black hole for law enforcement.” Yes, the FBI still has access to metadata that includes phone records and location information, but it “doesn’t provide the content of any communication.”

“No one in this country should be above or beyond the law. There should be no law-free zone in this country,” Comey claimed. “I think it’s time to ask: Where are we, as a society? Are we no longer a country governed by the rule of law, where no one is above or beyond that law? Are we so mistrustful of government—and of law enforcement—that we are willing to let bad guys walk away…willing to leave victims in search of justice?”

Ken Gude, a Senior Fellow with the National Security Team at the Center for American Progress, pointed out, “The only actions that have undermined the rule of law are the government’s deceptive and secret mass surveillance programs.”

The FBI’s Going Dark wolf

In 2009, when the 2010 budget request was released, we learned the FBI was pouring $233.9 million into developing an “Advanced Electronic Surveillance” program better known as “Going Dark.”

When wanting changes to CALEA, or the Communications Assistance for Law Enforcement Act, FBI General Counsel Valerie Caproni testified about the “Going Dark” problem in 2011; “Addressing the Going Dark problem does not require fundamental changes in encryption technology. We understand that there are situations in which encryption will require law enforcement to develop individualized solutions.”

But instead of developing “solutions,” Comey now wants to take the encryption “problem” to Congress in order “to find the right answer—to find the balance we need.” He added, “Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust. It is time to have open and honest debates about liberty and security.”

Cindy Cohn, Jeremy Gillula, and Seth Schoen of the EFF took to Vice to say:

The next time a law enforcement official demands that Apple and Google put backdoors back into their products, remember what they’re really demanding: that everyone’s security be sacrificed in order to make their job marginally easier.

Greg Nojeim, senior counsel at the Center for Democracy and Technology, suggested calling it “the FBI’s ‘Cyber Insecurity Initiative.’

“Comey has called for less secure cell phones, and less secure networks,” Nojeim added. “If he gets his way, the bad guys will exploit both.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.