FBI: Encryption backdoor laws are unnecessary, if companies comply

FBI Director James Comey is sticking to the message that the FBI doesn't want encryption backdoor legislation, but one senator doesn't expect companies to comply without the legal impetus.

FBI Director James Comey testified on Wednesday at a Senate Judiciary Committee hearing that encryption backdoors...

are not a legal or technical issue, but rather are a "business model question."

His approach may have more to do with semantics than the issues at hand, because this isn't new thinking for the FBI, which has long been a proponent of breaking encryption under the argument that it would help law enforcement more than it would hurt the public's right to privacy. Comey's latest statements continued that argument, but aimed to leave the onus on companies, rather than legislators.

Comey said he has had conversations with technology companies over the issue of encryption backdoors and has concluded that it's not a technical issue.

"There are a lot of folks who have said over the last year or so that we are going to break the Internet or have unacceptable insecurity if we try to get to a place where court orders are complied with," Comey said. "We want to get to a place where if a judge issues an order, the company figures out how to supply that information to a judge and figures out on its own how to do that."

Comey was clear to reiterate that the FBI is not asking for encryption backdoors to be mandated by law.

"The government shouldn't be telling people how to operate their systems," Comey said. "We are in a place where we understand it's not a technical issue; it's a business model question."

Andrew Crocker, staff attorney for the Electronic Frontier Foundation (EFF), based in San Francisco, said this argument "misses the sizable portion of encryption applications that are open source and/or based outside of the U.S."

"Rather than seeking legislation mandating backdoors, which would allow involvement, technical review, and criticism by encryption experts and the public, the FBI will rely on backroom pressure to make companies compromise encryption, or even eliminate business models it doesn't like," Crocker wrote in a blog post. "Cryptographers are unanimous -- designing their tools in the way that Comey wants will have potentially disastrous effects on user security."

Senator Dianne Feinstein (D-Calif.) testified that she didn't agree that the decision should be left to companies, and that she would put forth a bill to give law enforcement, with a warrant, probable cause "to look into an encrypted Web."

"I have concern about a PlayStation that my grandchildren might use," Feinstein said, "and a predator getting on the other end and talking to them, and it's all encrypted. I think there really is reason to have the ability, with a court order, to be able to get into that."

Feinstein may be fixing a problem that doesn't exist, however. While there was speculation that the PlayStation Network (PSN) was used for communication by the terrorists behind the Paris attacks, Sony's software usage terms do not make communication on any of its platforms private:

"We reserve the right in our sole discretion to monitor and record any or all of your PSN activity, and to remove any of your UGM [user-generated media] at our sole discretion, without further notice to you."

Sony further asserted that by accepting the usage terms, users consented to allow this gathered information to be handed over to law enforcement without notice.

Next Steps

Learn about China and the U.S. crossing swords over software backdoors.

Learn more about the FBI's "going-dark" efforts to bypass encryption.

Dig Deeper on Government IT Security Management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Related Discussions

Michael Heller asks:

What are your organization's policies on encryption backdoors?

0  Responses So Far

Join the Discussion

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close