Recently, FBI Director James B. Comey, along with several government officials, have issued many public statements regarding their inability to catch criminals due to Apple and Google offering default encryption to their consumers.
We at EFF have been around long enough to see these nearly identical statements being made in the past, and have simultaneously witnessed law enforcement agencies not rendered obsolete. In fact, we’ve seen the exact opposite. The tools available to the law enforcement today are expansive and are much scarier, and require close scrutiny to ensure that civil liberties of millions of people are not jeopardized in the process of catching a few bad guys.
But we certainly felt a bit of déjà vu when we saw current FBI Director Comey’s statements, since they sound eerily like the sentiments expressed by then FBI Director Louis J. Freeh in front of the Senate Judiciary Committee in July 1997. Specifically:
Founding Fathers Wouldn’t Want Us to Have Encryption
A repeated talking point is that the Founding Fathers of America would side with the law enforcement in finding a ‘balance’, that ensures government access to all communications.
In 1997 former Director Freeh said:
… the framers established a delicate balance between "the right of the people to be secure in their persons, houses, papers, and effects (today we might add personal computers, modems, data streams, discs, etc.) against unreasonable searches and seizures." Those precious rights, however, were balanced against the legitimate right and necessity of the police, acting through strict legal process, to gain access by lawful search and seizure to the conversations and stored evidence of criminals, spies and terrorists.
In 2014 Director Comey said:
But the way I see it, the means by which we conduct surveillance through telecommunication carriers and those Internet service providers who have developed lawful intercept solutions is an example of government operating in the way the founders intended...
This is striking to us because even a minimal glance at history reveals that the opposite is true. Thomas Jefferson invented (and used) a wheel cypher. More importantly, it was reportedly frustration with a 1785 resolution authorizing the Department of Foreign Affairs to open and inspect any mail related to the safety and interests of the United States that led James Madison, Thomas Jefferson and James Monroe to write to each other in code.
In fact, in the 1999 decision throwing out the government’s export regulations on encryption in EFF’s case Bernstein v. Department of Justice, the Ninth Circuit Court of Appeals noted: “The availability and use of secure encryption may…reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights…but also the constitutional rights of each of us as potential recipients of encryption's bounty."
Private Companies Providing Strong Encryption are Ignorant and Dangerous
Private companies and actors, when providing robust privacy and security for their consumers, need to be educated about their responsibilities to help law enforcement, and Congress and other regulatory bodies should step in.
Encryption is certainly a commercial interest of great importance to this great nation. But it's not merely a commercial or business issue. To those of us charged with the protection of public safety and national security, encryption technology and its application in the information age--here at the dawn of the 21st century and thereafter--will become a matter of life and death in many instances which will directly impact on our safety and freedoms. Good and sound public policy decisions about encryption must be made now by the Congress and not be left to private enterprise. Legislation which carefully balances public safety and private enterprise must be established with respect to encryption.
We understand the private sector’s need to remain competitive in the global marketplace. And it isn’t our intent to stifle innovation or undermine U.S. companies. But we have to find a way to help these companies understand what we need, why we need it, and how they can help, while still protecting privacy rights and providing network security and innovation. We need our private sector partners to take a step back, to pause, and to consider changing course.
We also need a regulatory or legislative fix to create a level playing field, so that all communication service providers are held to the same standard and so that those of us in law enforcement, national security, and public safety can continue to do the job you have entrusted us to do, in the way you would want us to.
Similar arguments are also made in conjunction with the FBI’s desire to turn companies into an extension of the agency by pushing for unraveling the protections provided to companies and free and open source projects to make strong tools under CALEA.
FBI Needs Weak Encryption Because of Terrorism
And despite the 17 year time gap, both men gave very similar reasons for trying to discourage companies from offering their customers tools to protect themselves, playing the politics of fear.
We believe that unless a balanced approach to encryption is adopted… the ability of law enforcement to investigate and sometimes prevent the most serious crimes and terrorism will be severely impaired. Our national security will also be jeopardized.
Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority…. And if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place.
Yet instead of giving any actual examples of terrorism cases, both men could only muster edge cases in their pitch for weakening encryption. The Intercept did an analysis of some of the examples given by Comey, and the results were less than convincing; in none of the cases was the absence of encryption the key to solving the crime.
Finally, Comey makes a plea to have an open and honest debate about liberty and security because ‘post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust (of Government).’ But this framing of the debate is somewhat dishonest given that not a single legislation has been passed by Congress to curtail the dragnet surveillance of millions of innocent Americans and the only entities that have taken significant action to curtail mass surveillance on a national level have been private companies.
So the FBI is just running the same old line against encryption. Luckily, the nation didn’t fall for it in the 1990s and we shouldn’t fall for it now.