Encrypted Phones: Where the NSA, Apple and Google Collide
FBI Director James Comey gave a speech recently at the Brookings Institution entitled: "Going Dark: Are Technology, Privacy and Public Safety on a Collision Course?" Though the director tried to sugarcoat his talk with conciliatory language, the answer to this question is clearly "yes." His speech culminated in a call for Congress to intervene in smartphone encryption to defend public safety and national security.
I have written previously about the rapidly developing controversy over Apple and Google's decisions to provide encryption protection in the operating software of their latest smartphones. Comey's talk at Brookings more thoroughly explored and amplified the case against these actions that he advanced in earlier press briefings and before a nationwide audience on CBS's 60 Minutes. The speech covered a lot of ground and has already elicited strong reactions.
This article will be confined to two aspects of the FBI director's presentation and argument: the technical feasibility of countering the new encryption software, and the implications for US companies in the international marketplace.
Before proceeding, I should note that James Comey is an able and savvy public servant; he undoubtedly believes in the case against allowing companies and technologies to "go dark," closing off access to information that, in his opinion, law enforcement agencies vitally need. Still, in the two issues cited above, his presentation (including the Q&A) leaves a host of key questions unanswered.
First, regarding the technological fix, he claimed that there was a "misperception" that the FBI wanted a "back door, one that foreign adversaries or hackers could exploit." "That is untrue," he stated, "We want to use the front door with clarity and transparency…[W]e think it makes more sense to address any security risks by developing intercept solutions at the front end, in the design phase, rather than resorting to patchwork solutions when law enforcement comes knocking after the fact."
But later, when asked to explain how one could decrypt the phones without creating large technical vulnerabilities that hackers or foreign governments could exploit, Comey admitted: "I don't think I'm smart enough to give you a highly reliable answer there." Somewhat confusingly, he was adamant that the FBI would not seek a "universal key" to encryption, but could not explain whether this would result in multiple "keys" for differing phone models or other devices.
One audience member got no answer when he asked whether this would mean "NSA/FBI-ready" phones in the US, with stripped versions in Europe. Not surprisingly, Comey's speech and imprecise technical answers provoked a good deal of scorn in the blogosphere, with some arguing that the director "doesn't quite understand the issues he's talking about."
With regard to the international competitive implications of government-mandated encryption access for US companies, Comey was at once conciliatory, uncertain and, in the end, determined. I understand, he stated, "the private sector's need to remain competitive in the global marketplace…I get it." Apple and Google, he affirmed, are "run by good people who deeply care about public safety and national security."
Still, he effectively punted when queried about how to deal with the international spillovers if the US government demanded and got full access to encrypted phones and other devices. Would this not produce similar demands from other governments, including repressive, authoritarian regimes?
Comey's answer: "That's a good question… it's something I've thought about, but, frankly, not well enough to give you an intelligent answer at this point."
In the end, however, despite a raft of unanswered questions and the potential for unintended consequences,Director Comey was adamant about the need for change and a legislative fix. While admitting that he had "not gamed this out completely in my head," he warned that: "We may get…to a place where the [US], through its Congress, says you know what? We need to force this on American companies and maybe they'll take a hit. Someone in some other country will say, ah, we sell a phone that even with lawful authority people can't get into, but that we as a society are willing to have American companies take that hit."
To be fair, Comey noted that the speech was intended to kick off a national conversation and debate; in that aim, he has succeeded. He will find it more difficult, however, to overcome two other hurdles: first, Congress has shown no sign of wanting to wade into these complicated, divisive issues any time soon; and second, Apple and Google are selling millions of their new model smart phones, all with the built-in encryption that so vexes the FBI and other US law enforcement agencies.
Even if they are feasible, "design in" encryption keys or doors seem a long way off.
Smartphone encryption: The great divide over "going dark" by Claude Barfield is reprinted with permission of the American Enterprise Institute.
