Much of the debate about encrypted devices and messaging services has been centered on more sophisticated criminal or terrorist activities, where the people involved are actively searching out ways to avoid detection by law enforcement. However, the FBIs top attorney contends that tech companies may be inadvertently giving dimwitted crooks a leg up by making quality encryption so widely available. <\/p>\n
End-to-end encryption, or decryption of devices, is increasingly available by default, said FBI General Counsel James A. Brady yesterday at a Center for Strategic & International Studies panel discussion on privacy and law enforcement. Your average bad guy, whos not particularly sophisticated, can avail himself of high quality encryption, so thats part of our problem. <\/p>\n
Brady seemed to question the logic of making full-disk encryption the default on phones and other devices, when in his view most people arent thinking about this issue. <\/p>\n
The super-sophisticated bad guys are always going to be able to find tools to try to thwart us, he added. They think about it actively and they will endeavor to do that. <\/p>\n
To demonstrate the volume of encryption challenges law enforcement now faces, Brady says that in just three months of 2016, the FBI attempted to access 2,870 different devices; this includes devices brought to the agency by state and local authorities in need of assistance. <\/p>\n
Of those, 1,715 were encrypted and protected by password locks, but the FBI was only able to crack the passwords for 470, leaving the contents of 1,245 devices still locked up tight. <\/p>\n
Lawful hacking the process of getting a court to compel a company to aid in opening a secured device provides some relief, said Brady, but only some. Its slow, its expensive, its fragile; its just not a comprehensive solution to this problem. Well use it when necessary, but its not a panacea. <\/p>\n
Its not as difficult to obtain metadata things like when and who you texted or emailed, but without any content but Brady noted that this is rarely the kind of information that can lead to a criminal prosecution. <\/p>\n
After both Apple and Google moved to encrypt their smartphone operating systems so that even they couldnt access a device without a password, Bradys boss, FBI Director James Comey, called on Congress to come up with some solution to make it less difficult for law enforcement to access suspects locked devices. <\/p>\n
Brady, without suggesting anything specific, also noted that its ultimately up to lawmakers to sort out where to draw the line. <\/p>\n
At the end of the day, the FBI works for the American people and we will use whatever tools you want us to have to deal with the threats that you want us to address, he explained. <\/p>\n
So far, suggestions about what such a law would look like have been limited to make tech companies put in a back door or require that tech companies be able to crack their own encryption upon request. Privacy and cybersecurity advocates say that such practices and policies are effectively like leaving out a welcome mat to hackers. <\/p>\n
No matter how thick the door or tough the lock, the house is now more vulnerable to intrusion in at least three ways: The door can be battered down, wrote Washington Post tech columnist Craig Timberg in 2014. The keys can be stolen. And all the things that make doors work the hinges, the lock, the door jamb become targets for attackers. They need to defeat only one to make the whole system fail. <\/p>\n
Brady, at yesterdays panel, tried to downplay the level of access the FBI seeks, but also provided such an all-encompassing description of the factors in play that its doubtful any policy could address even a majority of them. <\/p>\n
The FBI is not pushing some particular solution, said Brady, who then showed off his predilection for making lists: Were not trying to undermine encryption. Were not trying to create a backdoor. We dont want a golden key. We dont want any of that. We want something that is safe and effective. <\/p>\n
We need some type of solution, he continued, that adequately addresses all of the values that I think we all share with respect to protecting public safety, protecting cybersecurity, maintaining the innovativeness and competitiveness of U.S. companies, protecting privacy, free expression, freedom of association all of that. <\/p>\n
Brady conceded that it may require multiple policies, but Whatever we come up with its gotta really accommodate all of those values otherwise its not really a solution. <\/p>\n
This battle over encryption between the FBI and tech companies was pushed into the spotlight following the Dec. 2015 terrorist attack in San Bernardino, CA. The FBI had sought to compel Apples help in unlocking one of the killers iPhones, but Apple fought back. The company said that not only did it not have the ability to crack the encryption, but that forcing a company to find a vulnerability in its own security put other users at risk and allegedly violated Apples rights. <\/p>\n
That matter was never resolved when an unnamed third party provided the FBI with a solution for bypassing the encryption. <\/p>\n
Victoria A. Espinel, President and CEO of BSA|The Software Alliance, said its important to separate the bigger policy issues from individual tragedies, as the rhetoric from both sides of this debate can make it difficult to find common ground. <\/p>\n
Individual horrible events can create understandably pressure on policymakers, explained Espinel, adding that this discussion needs to happen now, but outside the shadow of a particular event. <\/p>\n
Brady agreed, noting that time is of the essence. We should move forward quickly, smartly, but promptly because we dont want to have this debate driven by some type of catastrophe down the road. <\/p>\n
<\/p>\n