Two key members of Congress wrote FBI Director James Comey on Monday to express their opposition to a proposal for companies to allow an encryption back door for law enforcement in their services.
While acknowledging the role of law enforcement, “we strongly, but respectfully, disagree with the FBI’s proposal to force private sector companies to weaken the security of their products and services by creating a “backdoor” that allows law enforcement to circumvent encryption technology,” Reps. Will Hurd (R-Texas), Chairman of the Subcommittee on Information Technology of the House Oversight and Government Reform Committee, and Ted Lieu (D-Calif.), a member of the panel, wrote.
The FBI and other federal agencies have recently become concerned with increased security in mobile phones hindering their investigations. In September 2014 Apple [AAPL] and Google [GOOG] announced they would start to implement increased security measures to strengthen privacy and data security, including building encryption into the devices.
The FBI calls the inability to legally access information from mobile devices due to encryption, even with a court order, “Going Dark.”
Hurd and Lieu’s subcommittee recently discussed encryption issues in an April 29 hearing.
“[Going Dark] means that those charged with protecting the American people aren’t always able to access the information necessary to prosecute criminals and prevent terrorism even though we have the lawful authority to do so,” Amy Hess, Executive Assistant Director of the FBI, said in a written opening statement for the hearing.
The encryption of mobile devices involves two contexts: legally authorized real-time interception of data in motion like phone calls, emails, text messages, and chat session and data stored on devices such as email, text messages, photos, and videos, Hess said.
Hess also explained that unlike in the past when companies could decrypt a device with a search warrant and court order, “today, companies have developed encryption technology which makes it impossible for them to decrypt data on devices they manufacture and sell, even when lawfully ordered to do so.”
Therefore, government officials have been raising the idea of backdoors or technological fixes that allow law enforcement access to a device through the encryption with proper court orders. IT experts have at times countered that any backdoors or keys given to law enforcement would inevitably be used by criminals, terrorists, or foreign governments, making such encryption useless to the device user.
In a back and forth with Rep. Jason Chaffetz (R-Utah), chairman of the full committee, Hurd said “We want encryption…however all we’re asking for is a way for us to be able to, with a lawful order, be able to get information from the company so that the provider would be able to provide, in readable form, the potential evidence that we would need in an investigation.”
“So you want encryption but a key. And doesn’t that crypt key, by its very definition, create a vulnerability?” Chaffetz said.
Hess responded, “I think in today’s world, sir, there is no such thing as absolute security in either the physical or digital world. What we’re asking for is not to lower those standards…but rather to come up with a way that we may be able to implement perhaps multiple keys or some other way to be able to securely access the information or rather to be provided with the information.”
The June 1 letter provided three reasons why federal agencies should not pursue this proposal.
First, it would change the relationship between government, citizens, and the private sector. “There is a difference between private companies assisting law enforcement and the government compelling companies to weaken their products to make investigations easier,” they said.
Second, encryption weaknesses that can be accessed by law enforcement can be exploited by bad actors. “It is important to remember that computer code and encryption algorithms are neutral and have no idea if they are being accessed by an FBI Agent, a terrorist or a hacker.”
The lawmakers noted that demanding special access for the U.S. government “also opens the door for other governments with fewer civil liberties protections to demand similar backdoors.”
The final reason was that they believe backdoors can be easily bypassed by criminals and terrorists who purchase outside encryption applications or communications devices from foreign manufacturers not following U.S. law. “While we certainly understand the FBI’s concerns about this encryption technology, we do not believe that the American private sector should simply stifle its innovation,” Hurd and Lieu said.
The lawmakers urged the FBI to find an alternative way of addressing the challenges of these new technologies.