In the fall of last year, FBI Director James Comey described what he saw as an imminent collision of values: law enforcement's ability to investigate crime and defend national security; and the public's expectation of privacy, free of government intrusion. Encrypted communication, Comey said, was at the center of this brewing storm. Following the decisions of tech companies like Apple and Google to offer encryption on their consumer devices by default, Comey saw his law enforcement capabilities diminish.
"We call it 'Going Dark,' and what it means is this: Those charged with protecting our people aren't always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority," Comey said during a speech at the Brookings Institution in Washington, D.C.
For Comey, encryption isn't just a benevolent technology that prevents malicious hackers and foreign spies from seeing what they shouldn't, it also keeps law enforcement out — even with a warrant. With end-to-end encryption, sometimes not even the internet companies running messaging services can unscramble encrypted correspondence. "We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so," he said. "Sophisticated criminals will come to count on these means of evading detection."
While technologists and privacy activists insist that so-called government "backdoors" and other special access into encrypted devices would necessarily introduce security vulnerabilities, as well as economic and political dilemmas, Comey asked Silicon Valley to "take a step back" and "consider changing course."
"We also need a regulatory or legislative fix," he said, igniting a debate in Washington that has settled, resettled and raged again throughout 2015, as terrorist attacks renew fears of "going dark."
The following statements from President Barack Obama, federal law enforcement, and intelligence officials illustrate how this debate has shifted in the course of the year, advancing and recontextualizing an argument that will continue into 2016.
1. Feb. 13
"The first time that an attack takes place in which it turns out that we had a lead and we couldn't follow up on it, the public's going to demand answers."
I lean probably further in the direction of strong encryption than some do inside of law enforcement. But I am sympathetic to law enforcement because I know the kind of pressure they're under to keep us safe."
You've got to own the fact that it may be we want to value privacy and civil liberties far more than we do the safety issues. But we can't pretend that there's no tradeoffs whatsoever."
—President Barack Obama
2. April 21
"The current course we are on, toward deeper and deeper encryption in response to the demands of the marketplace, is one that presents real challenges for those in law enforcement and national security."
Let me be clear: I understand the importance of what encryption brings to privacy. But imagine the problems if, well after the advent of the telephone, the warrant authority of the government to investigate crime had extended only to the U.S. mail."
Our inability to access encrypted information poses public safety challenges. In fact, encryption is making it harder for your government to find criminal activity and potential terrorist activity."
—Jeh Johnson, secretary of Homeland Security
3. April 29
"What we are asking for is not to lower [encryption] standards by developing some type of lawful intercept or lawful access capability, but rather to come up with a way that we may be able to implement — perhaps multiple keys or some other way — to be able to securely access the information or be provided with the information."
We do believe that it's important now, rather than seeking a legislative fix across the board, that we try to work with the individual companies."
—Amy Hess, the FBI's executive assistant director for science and technology
"When corporate interests place crucial evidence beyond the legitimate reach of our courts, they are in fact granting those who rape, defraud, assault, or even kill a profound legal advantage over victims in society."
Geez, I hate to hear talk like 'That cannot be done.' Think about if Jack Kennedy said, 'We can't go to the moon, that cannot be done.' He said something else: 'We are going to get there in the next decade.' So I would say to the computer science community, 'Let's get the best minds in the United States together on this.'"
—Daniel Conley, district attorney of Boston
4. July 6
"Democracies resolve such tensions through robust debate. I really am not a maniac (or at least my family says so). But my job is to try to keep people safe. In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job. It may be that, as a people, we decide the benefits here outweigh the costs and that there is no sensible, technically feasible way to optimize privacy and safety in this particular context, or that public safety folks will be able to do their job well enough in the world of universal strong encryption. Those are decisions Americans should make, but I think part of my job is make sure the debate is informed by a reasonable understanding of the costs."
—James Comey, director of the FBI
5. July 8
"Increasingly we're finding that even when we have the authority to search certain types of digital communications, we can't get the information that we need."
Critical information becomes, in effect, warrant-proof."
We know pedophiles — those who are exploiting children — maintain their information, the photographs and records of children they're abusing on their phones. ... We can't get that information. We can't identify other victims."
—Sally Yates, deputy attorney general
"The legislative environment is very hostile today ... it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement."
—Robert S. Litt, general counsel of the Office of the Director of National Intelligence, in an email obtained by the Washington Post
Litt was commenting on a draft paper prepared by National Security Council staff members in July, which also was obtained by the Post, that analyzed several options. They included explicitly rejecting a legislative mandate, deferring legislation, and remaining undecided while discussions continue.
7. September 10
"I would imagine there might be many, many solutions depending upon whether you're an enormous company in this business, or a tiny company in that business. I just think we haven't given it the shot it deserves."
—James Comey, director of the FBI
8. Sept. 24
"The United States government firmly supports the development and robust adoption of strong encryption, while acknowledging that use of encryption by terrorists and criminals to conceal and enable crimes and other malicious activity can pose serious challenges to public safety. The administration continues to welcome public discussion of this issue as we consider policy options."
—Mark Stroh, National Security Council spokesman
"The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry."—James Comey, director of the FBIFor the first time all year, the Obama administration ruled out a plan to alter encryption standards through Congress. Comey's remarks, made during a Senate Homeland Security hearing, marked a pivotal shift in the debate. Comey and other officials from the FBI and Justice Department continued to meet with tech executives to discuss alternatives to encryption backdoors. These conversations, Comey said, were "increasingly productive."
10. Nov. 11
"Apple and Google are not responsible for keeping the public safe. That is the job of law enforcement. But the consequences of these companies' actions on the public safety are severe."
The companies benefit immeasurably from the laws protecting intellectual property,
as well as from extensive federal regulation. They should not be able to thumb their noses at law enforcement when, with warrant in hand, it comes to seek their help. The safety of the citizenry calls for a legislative solution, and a solution is easily at hand."
—Cryus Vance, district attorney of Manhattan
11. Dec. 6
"And that's why I will urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice."
—President Barack Obama, in his Oval Office address after the San Bernardino terrorist attack
12. Dec. 8
"This conversation about encryption is also part of a broader conversation about what we, as a nation, can do to fight terrorism as it evolves online. That is why, in his address to the nation on Sunday, the president reiterated the administration's call for America's technology community and law enforcement and counterterrorism officials to work together to fight terrorism."
—Ed Felten, deputy U.S. chief technology officer
—Michael Daniel, special assistant to the president and cybersecurity coordinator
13. December 9
"We've had good conversations with the folks in the tech sector. Lots of good people have designed their systems and their devices so that judges' orders cannot be complied with for reasons that I understand — I'm not questioning their motivations. The question we have to ask is: Should they change their business model?"
There is no doubt that the use of encryption is part of terrorist tradecraft. The government shouldn't be telling people how to operate their systems."
—James Comey, director of the FBI