FBI, DOJ want tech industry to find workaround to 'warrant-proof' encryption
At an event in Washington Tuesday hosted by Passcode, a top FBI official asked the tech sector to develop solutions for law enforcement to access secure data with a warrant – a notion technologists said would weaken security for everyone.
With law enforcement nationwide complaining that encrypted communications are hindering investigations, senior FBI and Department of Justice officials on Tuesday made one of the government’s most detailed arguments yet for why it needs easier access to secure consumer data.
The government wants tech companies to “develop a solution” that both maintain users’ privacy but ensures police and federal agents can obtain data with a warrant or court order, said Amy Hess, executive assistant director for the FBI’s technology division.
“We support strong encryption to be able to protect data, to be able to protect communications, to be able to protect conversations,” she said. “But the challenge for us is what is the American public’s appetite if we go to 100 percent secure systems that nobody can access – ever.”
Due to growing adoption of consumer technology that deploys strong end-to-end encryption, “we’re continuing to see society as a whole go to a place where more and more people are above the law,” Ms. Hess said during a debate in Washington on the encryption issue hosted by Passcode.
Increasingly, said Hess, strong encryption is a road block for terrorism and criminal investigations. “When lives are in the balance, that’s our concern,” she said.
The event, “The Encryption Debate: Balancing privacy and national security,” brought together both law enforcement officials and technologists for a deeper discussion on an increasingly hot topic that has put many Obama administration officials at odds with much of the computer industry, including giants such as Apple and Google, as well as consumer advocacy groups and civil liberties activists.
In fact, many technology experts and leading cryptographers argue the government is asking the tech sector to come up with a solution that would install security flaws into consumer devices, if not weaken overall computer security and put everyone’s digital data at greater risk.
“It’s real easy to frame this as a debate with a trade off between national security and law enforcement on one side and privacy and strong encryption on the other,” said Matt Blaze, a University of Pennsylvania cryptography expert. “But I think it’s completely wrong.”
Instead, he said, building stronger encryption into devices and technologies will improve national security and law enforcement since it’ll serve as a bulwark against attacks or data breaches at time of increasingly devastating hacks. What’s more, according to Mr. Blaze, the government is asking technologists to find new ways to safeguard complex systems, which is inherently risky.
Yet, according to Kiran Raj, the Justice Department’s senior counsel to the deputy attorney general, many technology companies have already come up with their own internal solutions for how to comply with government warrants.
The government is not pushing for a one-size-fits-all solution for it to access all encrypted data, he said, dismissing the notion that the FBI or others want some kind of “golden key” or built-in “backdoor” to tech companies’ encryption systems. Instead, he said, the discussion around the encryption issue is to find a way to ensure that data isn’t “warrant-proof.”
“It’s really about how a company responds to a warrant or a court order,” he said.
But to technologists such as Jon Callas, chief technology officer of the secure communications company Silent Circle, any method for the US government to access secure data puts companies at greater risk to having other governments eavesdrop on customers’ communications or steal their data. What’s more, he said, just because the US government has a warrant, it doesn’t mean federal agents have a right to the data, but they have the right to search for the information.
At one of the more heated points during the debate, Mr. Callas told Mr. Raj of DOJ, “You’re not asking for the golden key – you’re asking for the magic rainbow unicorn key.” Technology companies like his, said Callas, “are putting in the encryption precisely to stop crime, precisely to stop espionage.”
While technologists and law enforcement officials can’t seem to find a middle ground on the encryption debate yet, the matter doesn’t appear to be going away anytime soon. One issue that panelists Tuesday did agree on is that any eventual outcome of the encryption debate will impact not just US government access to data, but also have much broader policy implications, such as whether the US government allows foreign allies access to secure data.
That’s a major concern Callas pointed out: If tech companies build in access for the US government, what about other countries that might want the same kind of access to data, too? “I worry about what happens when a warrant comes from another country,” he said. “We are in a huge, hostile world where there is information warfare going on."
The FBI's Hess acknowledged the dangers involved in what the government is asking from tech companies, but the agency worries that if it doesn't act soon it will be left in the dark as more criminals use encrypted devices.
"We want to work with them to find out how we minimize that risk," she said. "There will always be a risk when someone other than the sender and the receiver can get that information."
Watch the full event: