There’s a privacy battle brewing between the FBI and other federal government groups on one side, and tech companies, cryptologists, privacy advocates (and some elected American lawmakers) on the other.
Basically, the FBI (circa-2015 edition) opposes the use of encryption to keep data secure from hackers, on the grounds that the government couldn’t get at it either.
So this week, a wide variety of organizations ranging from civil-liberty groups and privacy advocates to tech companies and trade associations to security and policy experts sent President Obama an open letter urging him to reject any legislation that would outlaw secure encryption:
Change of heart
The FBI used to take the same view: encryption is a good way for innocent people to protect themselves and their personal data from criminals, so if encryption is available to you, you should use it.
In October 2012, the FBI’s “New E-Scams and Warnings” website even published an article warning that “Smartphone Users Should be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise.” That article included a bullet-pointed list of “Safety tips to protect your mobile device.”
And the second tip on the list says this: “Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.”
But in September 2013, when current FBI director James Comey took over the bureau, he also took a very different view of encryption: he thinks it only benefits criminals.
“Very dark place”
For example, when Apple launched its iPhone 6 last September, it bragged about the phone’s strong security features, including automatic data encryption. Comey then predicted that encrypted communications could lead to a “very dark place,” and criticized “companies marketing something expressly to allow people to place themselves beyond the law” (as opposed to, say, “Marketing something expressly so people know hackers can’t steal photographs, financial information and other personal data off their phones”).
Comey went so far as to suggest that Congress make data encryption illegal via rewriting the 20-year-old Communications Assistance in Law Enforcement Act to make it cover apps and other technologies which didn’t exist back in 1994.
And this week, in response to the tech companies’ and privacy advocates’ open letter to President Obama, Comey said he found the letter depressing: “I frankly found it depressing because their letter contains no [acknowledgment] that there are societal costs to universal encryption …. All of our lives, including the lives of criminals and terrorist and spies, will be in a place that is utterly unavailable to the court-ordered process. That, I think, to a democracy should be very concerning.”
Get a warrant
Yet despite Comey’s concerns, the idea that encryption would make it utterly impossible for police and courts to stop angerous criminals is not true. Even with encryption, police or the FBI can still get data off your phone; they just can’t do it without your knowledge. As Jose Pagliary pointed out:
That’s what FBI Director James Comey finds “depressing,” or likely to lead to a “very dark place”: the idea that if the government wants access to your personal data, it still has to get a warrant first.