X

FBI director demands access to private cell phone data

To stop terrorists and other criminals, cell phones should have encryption backdoors to enable US government surveillance, argues FBI Director James Comey.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
3 min read

fbi-james-comey.jpg
FBI director James Comey addresses the Intelligence and National Security Summit at the Omni Shoreham Hotel September 19, 2014 in Washington, DC. After one year on the job, Comey outlined his vision for the future of the FBI, including a bigger focus on cyber and the creation of a new intelligence office within the bureau. Chip Somodevilla, Getty Images

Cell phone encryption will prevent the federal government from stopping terrorists and child molesters unless the government is given special access, Federal Bureau of Investigation Director James Comey told a Washington, DC, think tank on Thursday.

Comey, who noted that "both real-time communication and stored data are increasingly encrypted," said that the trend by service providers to encrypt their customer data could prevent the government from lawfully pursuing criminals.

"Justice may be denied, because of a locked phone or an encrypted hard drive," Comey said in his prepared remarks at the Brookings Institute. He explained that while Communications Assistance for Law Enforcement Act (CALEA) from 1994 mandated that telephone companies build wiretapping backdoors into their equipment, no such law forces new communication companies to do the same.

However, he didn't mention that CALEA was expanded from its original mandate to include broadband Internet and Voice over Internet Protocol (VoIP) systems like Skype in 2004.

Comey called out the default encryption in Apple's iOS 8, and the optional Android encryption that will become the default for that operating system when Android 5.0 Lollipop is released next month, as blocking law enforcement from fully gathering evidence against suspects. He said that the solution was for tech firms to build "front-doors" on consumer cell phones and smartphones.

"We aren't seeking a back-door approach," Comey said, referring to a common term for encryption that has been intentionally weakened. "We want to use the front door, with clarity and transparency, and with clear guidance provided by law," including court orders, he said.

The spying scandal that kicked off when former National Security Agency contractor Edward Snowden leaked classified surveillance documents has seen tech titans including Apple, Google, Yahoo, Microsoft and Facebook scramble to build tougher encryption into their products. Google's Eric Schmidt warned that the spying will " break the Internet."

The current fight over how to secure customer data isn't the first time that tech firms and the US government have gone to war over encryption. In the 1990s, the "crypto wars" saw tech companies and industry advocates force the US government to repeal laws that deemed cryptography a weapon.

While evoking imagery of children at play and innocents exonerated of false accusations thanks to FBI investigations unencumbered by encryption, Comey derided concerns by the tech community that weakening encryption made devices more susceptible to cyber-criminal attacks.

He acknowledged that "adversaries will exploit any vulnerability they find," but that those exploits introduced by a backdoor could be mitigated by "developing intercept solutions during the design phase," he said.

Cryptography expert and University of Pennsylvania professor Matt Blaze disagreed with that assumption. Comey's speech, he said on Twitter, "didn't merely dismiss or minimize the technical risks of back doors, it completely ignored them."

Christopher Soghoian, the American Civil Liberties Union's principal technologist on its Speech, Privacy and Technology Project, said that Comey's insistence on weakening encryption opens the data to "foreign governments and criminals," he said, "whether you call it a 'front door' or a 'back door.'"

Soghoian noted in a blog post from 2010 that CALEA explicitly protects the right of a telecommunications company to build encryption to which only the customer possesses the cryptographic keys.

Comey's speech appears to want to change that. The FBI didn't return a request for comment.

Google declined to comment specifically on Comey's statements, but reiterated its support for encryption. "People previously used safes and combination locks to keep their information secure -- now they use encryption. It's why we have worked hard to provide this added security for our users," a Google spokesperson said.

Apple didn't respond to a request for comment.