Amid a barrage of high-profile hacks and mounting reports of state surveillance, top U.S. law enforcement officials are making an urgent plea to Congress: Give us more access to people's phones.
For FBI Director James Comey and Deputy Attorney General Sally Yates, this is no golden age of surveillance — despite the sprawling government spy programs exposed by Edward Snowden and curtailed by Congress. On the contrary, the rise of encryption technology has diminished the abilities of U.S. law enforcement. Testifying before the Senate Judiciary Committee on Wednesday, Comey and Yates made their case: The powers of the FBI and Department of Justice are waning; they're "going dark."
The chair of the Senate panel, Chuck Grassley, convened the hearing to examine what he sees as a tension between public safety and privacy. This tension, Grassley said, has been complicated by the widespread use of encryption on mobile devices offered by the likes of Apple, Samsung, and many others. While those companies and the customers who use their smartphones view encryption as a crucial method of ensuring privacy and data security, law enforcement officials complain it's a hurdle that makes their job even more difficult. They say they lack the technological means by which to access encrypted data, even when they have a court's permission to do so.
Comey, Yates, and their allies see this as a national security dilemma. They say it impedes their efforts to investigate criminals who knowingly use encryption to communicate, and escape the reach of the law.
"Increasingly we're finding that even when we have the authority to search certain types of digital communications, we can't get the information that we need," Yates told the Senate Judiciary Committee Wednesday, noting that since strong encryption allows only the owner of a device to view information, technology providers are often unable to comply with court orders. "Critical information becomes, in effect, warrant-proof," she said.
To illustrate the pervasive threat widespread encryption poses to the American people, Yates and Comey repeatedly mentioned ISIS and pedophiles, painting them as key users of the technology. "They are pushing this through Twitter," Comey said, referring to ISIS recruitment efforts that begin on open channels and then disappear into encrypted messaging apps. "So its no longer the case that someone who is troubled needs to go find this propaganda and this motivation. It buzzes in their pocket. There is a device — almost a devil on their shoulder — all day long, saying: 'Kill. Kill. Kill. Kill.'"
"We know pedophiles — those who are exploiting children, maintain their information, the photographs and records of children they're abusing on their phones," Yates added. "We can't get that information. We can't identify other victims."
Yates said the DOJ is not asking Congress for encryption "backdoors" or some other government-mandated solution to "cram down the throats" of the technology industry. Instead, she said the agency wants Congress to encourage companies to retain encrypted data, which could then be decrypted, and shared with police and intelligence agencies under court supervision.
Yates and Comey said that some companies are already doing this, with success, and without jeopardizing people's sensitive data. However, leading cryptologists, policy experts, and major industry players strongly disagree.
In a report released Tuesday to coincide with the Senate hearing, a who's who of elite security technologists analyzed recent government recommendations on encryption and found them to be reckless and ill-conceived. "These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm," states the paper.
The report, coauthored by cryptology and computer science pioneers including Peter Neumann, Whitfield Diffie, and Ronald Rivest, reads: "Law enforcement demands for exceptional access to private communications and data shows that such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict."
In May, a broad coalition of Silicon Valley giants, Google, Apple, and Facebook among them, sent a letter to President Obama urging him to reject any proposal that would undermine strong encryption. The coalition argued that if companies maintain the capability to decrypt their customers' data, they necessarily introduce security weaknesses into their products. On Wednesday, Comey rebutted that argument conjuring up the Jobsian mythology of the California-genius creator. "I think Silicon Valley is full of folks who when they stood in their garage years ago were told your dreams are too hard to achieve. Thank goodness they didn't listen."
Despite the Justice Department's characterization that widespread encryption presents an extreme challenge to law enforcement, Yates and Comey were unable to offer any insight into the number of DOJ investigations that have been undermined or thwarted by individuals using encryption. Yates explained that when agents know that data is encrypted, they do not even attempt to seek a warrant to obtain the information. "Being able to give you the number of cases that have been impacted is really impossible," she told Sen. Al Franken.
Comey implored the Senate committee that his agency's tools are currently inadequate. "I don't want to scare people by saying, 'I'm certain people will die.' What I'm certain of is this: On the current course and speed, my ability to discharge my number one responsibility will be materially diminished in the not too distant future," Comey said. "It's being diminished today."
Ranking member Patrick Leahy called for additional hearings on the topic, hoping to hear from technology companies that would be directly affected by any government policy on encryption.