Modern field guide to security and privacy

FBI, DOJ want tech industry to find workaround to 'warrant-proof' encryption

At an event in Washington Tuesday hosted by Passcode, a top FBI official asked the tech sector to develop solutions for law enforcement to access secure data with a warrant – a notion technologists said would weaken security for everyone.

Michael Bonfigli/The Christian Science Monitor
Amy Hess, the FBI's executive assistant director for science and technology, speaking at "The Encryption Debate: Balancing privacy and national security," and event hosted by Passcode in Washington on Tuesday.

With law enforcement nationwide complaining that encrypted communications are hindering investigations, senior FBI and Department of Justice officials on Tuesday made one of the government’s most detailed arguments yet for why it needs easier access to secure consumer data.

The government wants tech companies to “develop a solution” that both maintain users’ privacy but ensures police and federal agents can obtain data with a warrant or court order, said Amy Hess, executive assistant director for the FBI’s technology division.

“We support strong encryption to be able to protect data, to be able to protect communications, to be able to protect conversations,” she said. “But the challenge for us is what is the American public’s appetite if we go to 100 percent secure systems that nobody can access – ever.”

Due to growing adoption of consumer technology that deploys strong end-to-end encryption, “we’re continuing to see society as a whole go to a place where more and more people are above the law,” Ms. Hess said during a debate in Washington on the encryption issue hosted by Passcode.

Increasingly, said Hess, strong encryption is a road block for terrorism and criminal investigations. “When lives are in the balance, that’s our concern,” she said.

The event, “The Encryption Debate: Balancing privacy and national security,” brought together both law enforcement officials and technologists for a deeper discussion on an increasingly hot topic that has put many Obama administration officials at odds with much of the computer industry, including giants such as Apple and Google, as well as consumer advocacy groups and civil liberties activists.

In fact, many technology experts and leading cryptographers argue the government is asking the tech sector to come up with a solution that would install security flaws into consumer devices, if not weaken overall computer security and put everyone’s digital data at greater risk.

“It’s real easy to frame this as a debate with a trade off between national security and law enforcement on one side and privacy and strong encryption on the other,” said Matt Blaze, a University of Pennsylvania cryptography expert. “But I think it’s completely wrong.”

Instead, he said, building stronger encryption into devices and technologies will improve national security and law enforcement since it’ll serve as a bulwark against attacks or data breaches at time of increasingly devastating hacks. What’s more, according to Mr. Blaze, the government is asking technologists to find new ways to safeguard complex systems, which is inherently risky.

Yet, according to Kiran Raj, the Justice Department’s senior counsel to the deputy attorney general, many technology companies have already come up with their own internal solutions for how to comply with government warrants.

The government is not pushing for a one-size-fits-all solution for it to access all encrypted data, he said, dismissing the notion that the FBI or others want some kind of “golden key” or built-in “backdoor” to tech companies’ encryption systems. Instead, he said, the discussion around the encryption issue is to find a way to ensure that data isn’t “warrant-proof.”

“It’s really about how a company responds to a warrant or a court order,” he said.

But to technologists such as Jon Callas, chief technology officer of the secure communications company Silent Circle, any method for the US government to access secure data puts companies at greater risk to having other governments eavesdrop on customers’ communications or steal their data. What’s more, he said, just because the US government has a warrant, it doesn’t mean federal agents have a right to the data, but they have the right to search for the information.

At one of the more heated points during the debate, Mr. Callas told Mr. Raj of DOJ, “You’re not asking for the golden key – you’re asking for the magic rainbow unicorn key.” Technology companies like his, said Callas, “are putting in the encryption precisely to stop crime, precisely to stop espionage.”

While technologists and law enforcement officials can’t seem to find a middle ground on the encryption debate yet, the matter doesn’t appear to be going away anytime soon. One issue that panelists Tuesday did agree on is that any eventual outcome of the encryption debate will impact not just US government access to data, but also have much broader policy implications, such as whether the US government allows foreign allies access to secure data.

That’s a major concern Callas pointed out: If tech companies build in access for the US government, what about other countries that might want the same kind of access to data, too? “I worry about what happens when a warrant comes from another country,” he said. “We are in a huge, hostile world where there is information warfare going on."

The FBI's Hess acknowledged the dangers involved in what the government is asking from tech companies, but the agency worries that if it doesn't act soon it will be left in the dark as more criminals use encrypted devices.

"We want to work with them to find out how we minimize that risk," she said. "There will always be a risk when someone other than the sender and the receiver can get that information."

Watch the full event:

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.