Federal Bureau of Investigation Director James Comey rekindled warnings about the dangers of criminals digitally “going dark” in Congress this week as a result of companies implementing encryption in consumer communications — a reaction intelligence and law enforcement brought on itself, according to Oregon Democratic Sen. Ron Wyden.
“Unfortunately, changing forms of Internet communication are quickly outpacing laws and technology designed to allow for the lawful intercept of communication content,” Comey said during a Senate Intelligence Committee hearing Tuesday afternoon. “This real and growing gap the FBI refers to as ‘going dark’ is the source of continuing focus for the FBI, it must be urgently addressed as the risks associated with ‘going dark’ are grave both in traditional criminal matters as well as in national security matters.”
Comey previously referred to new standards of end-to-end encryption adopted by Google and Apple, which in the latter’s case not even the company can unlock, as “a closet that can’t be opened” and “a safe that can’t be cracked,” affording criminals new ways to evade law enforcement surveillance and capture.
Since the companies’ announcement last fall, the FBI has lobbied Congress to give law enforcement “back doors” into encrypted communications — a request lawmakers and industry experts claim would inherently undermine encryption and damage U.S. economic competitiveness in the global technology marketplace.
The agency has since rephrased its request into an update of the 1994 Communications Assistance for Law Enforcement Act to include communications platforms using encryption, essentially compelling companies to cooperate with law enforcement in facilitating surveillance the same way telephone companies do under the current law.
“This is a most serious problem,” California Sen. Dianne Feinstein, the ranking Democrat on the committee, said in response to Comey’s testimony. “I think we need to provide a court-ordered process for obtaining that data.”
Not everyone on the committee responded as favorably to Comey’s comments, with Wyden in particular alleging the agency only has itself to blame for its current predicament.
“Executive branch agencies are now dealing with a problem that they largely created,” Wyden told Comey. “Senior officials made the choice to secretly twist the law to support an ill-conceived secret program that vacuumed up millions of email and phone records of law abiding Americans,” the senator added in reference to the bulk domestic surveillance programs leaked by former National Security Agency contractor Edward Snowden two years ago.
“Obviously, public confidence was dramatically diminished. That led to a very serious public backlash, and in response to it … our hardware and software companies accelerated their efforts to provide customers stronger protections.”
Comey, who appeared before both the Senate Judiciary and Intelligence Committees Wednesday to testify on the issue, said he wants to work with companies and lawmakers to “find the right balance” between privacy and national security.
“There still isn’t too much ‘balance’ in the so-called balance,” Wyden said, adding that current ideas from administration officials “do not inspire a lot of confidence” — including one offered by Deputy Attorney General Sally Yates in the earlier Judiciary hearing suggesting companies themselves retain encryption keys for the government to access as needed.
“She was suggesting, in my view, that there be a stockpile of these keys. In my view, a mandate like that would be a huge gift to foreign hackers and criminals,” Wyden said before asking Comey if he could “guarantee these keys would never be stolen?”
“Surely not,” Comey replied.
A group of cryptologists released a report out of MIT Tuesday pointing out the retention of any permanent keys to unlock encryption goes against a core tenet of encryption products, which typically delete keys after use.
A report out last week from the Administrative Office of the United States Courts on 2014 wiretaps found lawmakers ran into fewer cases involving encryption last year than the year before.
The hearing occurred on the same day the New York Stock Exchange experienced a near four-hour trading halt resulting from a technical problem. United Airlines halted morning flights for a technical issue of its own Wednesday morning, all of which coincided with a crash of the Wall Street Journal’s homepage.
“We had three so-called coincidences today,” Maryland Democratic Sen. Barbara Mikulski told Comey during the intelligence hearing. “I don’t believe in coincidences.”
“We are not big believers in coincidence either,” Comey replied. “We want to dig into that. So we’ve been in contact with all three companies to understand what’s going on. And we do not see any indication of a cyber breach or cyberattack. I actually think the Wall Street Journal piece is connected to people flooding their website in response to the New York Stock Exchange to find out what’s going on.”
New York Democratic Sen. Chuck Schumer was equally skeptical, despite administration officials’ assurances there was no evidence of a cyberattack.
“I’d like to know some more information,” Schumer said. “To have three outages in three important places on the same day raises a lot of questions. I haven’t gotten answers yet.”