FBI Director James Comey went out of his way last week to claim support for strong encryption while urging more...
conversation about legal access, but experts said his basic arguments are misleading.
While Comey pushed the idea that there needs to be a discussion about the privacy versus public security arguments involved in the encryption debate, he has made some assertions about the effects of strong encryption on law enforcement. One claim was that there is no such thing as "absolute privacy" in America.
Comey claimed privacy protections only extend until "the people of the United States need to see" the information, at which point someone can be compelled via court order to reveal what they know.
"In appropriate circumstances -- rare, thankfully -- a judge can order that I talk about any of those communications or that any of those partners of communication talk about what I said," Comey said. "There's never been absolute privacy in America, except now ... as those devices become off-limits to judicial authority."
Richard Goldberg, principal and litigator at Goldberg & Clements PLLC in Washington, D.C., told SearchSecurity that Comey was "right that privacy has historical exceptions," but wrong to say that strong encryption is fundamentally changing that compact because of the protections of the Fourth Amendment against unreasonable searches and the Fifth Amendment against self-incrimination.
"The government could typically get a warrant to search a locked box in your home, and therefore it could get a warrant to search a computer hard drive. It could also compel you to testify in a way that might incriminate yourself, but only if it granted you immunity from prosecution. But what happens when, in order to execute a warrant, the government needs information from you, what we call testimonial statements that would tend to incriminate you? That's the case of the encrypted hard drive," Goldberg said. "In order to access the data, the government needs you to produce a password. But by producing the password, you would be showing that you knew it, which would show that you had access to the data, which could be quite incriminating. So that should implicate the Fifth Amendment as well. However, in many cases the government would like to ignore that problem and focus only on the warrant."
Comey said he didn't think the FBI should change the fundamental compact of privacy in America, but Goldberg said that is exactly what the government is trying to do.
"When dealing with encryption, the government essentially asserts that a warrant, which is not authorized by the Fourth Amendment but is a way to comply with Fourth Amendment protections, should trump the protections of the Fifth Amendment. That's a misreading of history and constitutional law," Goldberg said. "This is especially important now because, as the Supreme Court recognized a few years ago in Riley v. California, our cell phones (and other storage devices) may contain the sum of an individual's private life. With one warrant, the government can know everything private about you: what doctors you visit and for what reasons, who you are intimate with, whether you have ever sought mental health counseling, your religious beliefs. At the time the constitution was written, these facts may have been locked in our minds. And to the extent they might have been the subject of Fifth Amendment protections, they were off limits absent sufficient protection from prosecution. Now that these things are written down, many of us choose to protect them with encryption."
Attempts to provide access to strong encryption
Comey's other major claim was that there hasn't been an aggressive attempt to find a way to give law enforcement access to encrypted data. Comey said companies adopted strong encryption as a "business decision" and the choice was not made by the American people.
"I reject the 'it's impossible' response. I don't think it's impossible to optimize in a good way [privacy and public safety]. I don't. I just think we haven't actually tried it," Comey said. "And maybe as a country we'll decide the benefits here are so extraordinary and the dangers and the risks and the complications over here to address the public safety concerns are so hard, it's not worth doing. Or it's just too hard for our adult democracy to grapple with. Maybe. But, I will not let it happen by default, by drift."
Matthew Green, computer science professor at Johns Hopkins University, told SearchSecurity this claim was not true and there has been "a lot of research" into the issue, especially in the 90s and early 2000s.
"There are dozens if not hundreds of different works that explore some aspect of this problem -- either constructively (meaning, by proposing some solution) or destructively (meaning that they find flaws in a previous proposal)," Green said via pastebin post. "The real problem here is that [it] mostly is not a technical, cryptographic one. When it comes to building key escrow systems there are dozens of possible solutions (essentially as many as there are ways to encrypt). The problems are not in the crypto."
Green explained that creating legal access to strong encryption had four fundamental problems:
- Humans will inevitably make mistakes implementing the system.
- Storing master decryption keys securely might be impossible.
- The difference between a legitimate (warranted) decryption request and an invalid/forged one often depends on who signs the paper.
- Law enforcement is unclear on what they want and the design requirements needed.
Diego Aranha, research professor of computer security and cryptography for the Institute of Computing at the University of Campinas in Brazil, said he is working on the strong encryption issue because it is currently coming to a head in Brazil. The Brazilian government blocked WhatsApp after the company said it could not comply with requests to access encrypted messages. Aranha said that case will soon be heard by Brazil's Supreme Court.
Aranha said Comey might be right that there hasn't been enough effort to allowing legal access but only because "the technical community has a finite amount of resources that should be better dedicated into fixing the many security issues we already have, not increasing the already immense attack surface of the internet and making it less secure."
"Governments could try outlawing strong (as in non-backdoored) cryptography, but this has massive implications. Making strong cryptography illegal would severely limit the freedom of research and entrepreneurship, effectively outlawing certain types of mathematics," Aranha told SearchSecurity. "I would bet that criminals would behave rationally and just run away to other solutions, even customized ones, at the first concrete news of a backdoor for lawful interception (if they haven't already)."
Green noted there had been a lot of research into key escrows and how they could be used to allow legal access to strong encryption, but "cryptographers got bored with this problem" after failing to find a workable solution.
"There is plenty of (older) work out there on the basics of key escrow. There is some more recent work on sophisticated accountable key escrow. There are relatively few cryptographers working on implementing key escrow, because we don't know how to do it well and at scale -- and mostly the problems are in hardware [or] software engineering, not cryptography," Green said. "The problem is that if law enforcement can decrypt your past messages, then a bad guy who steals the keys can also do so. There is no real defense against this."
Aranha said the problems with allowing the access Comey wants go beyond technical issues, but into the "protocols and operational procedures to coordinate how such a backdoor could be used in secret."
"Imagine coordinating simultaneous lawful access from tens of different countries with all kinds of governments, from well-established democracies to authoritarian regimes. Complex systems do not exist in a vacuum; providing lawful interception to the FBI of the Brazilian Federal Police increases power of much less accountable governments elsewhere," Aranha said. "The risks are not only remote either, as the investigation efforts surely need strong cryptography to protect their own sensitive communications, such as the prosecutors involved in the recent corruption scandals in Brazil. Interfering with that is a recipe for abuse, from both malicious insiders in government to external agents that may hack their way into the infrastructure."
Learn whether destroying a decryption key is a strong security practice.
Find out why securing big data is a growing infosec responsibility.
Get info on governments weighing strong encryption versus terror threats.