While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
FBI Director James Comey has openly criticized Apple and Google in recent weeks for enforcing data encryption features he says would block law enforcement from accessing critical smartphone evidence.
Speaking at the Brookings Institute in Washington, D.C., on Thursday, Comey warned that new default security features for smartphone users could lead law enforcement to a “very dark place” — one in which suspects walk free, child exploitation is not discovered and justice is denied because key evidence is locked up on an encrypted device.
“We need our private-sector partners to take a step back, to pause, to consider, I hope, a change of course, but we also need a regulatory and legislative fix here to create a level playing field so that all communications service providers are held to the same standard,” Comey said, referring to the 20-year-old law that requires telecommunications carriers to provide a mechanism for law enforcement officials to conduct lawful electronic surveillance.
The Communications Assistance for Law Enforcement Act, or CALEA, hasn’t kept up with the pace of emerging technologies, Comey said. Some companies fail to comply with court orders to enable surveillance. Other companies can’t comply because they don’t have the capabilities, which require both time and money to add on later. Advances in technology have made it harder for officers to access evidence needed to prosecute crime and terrorism, even with lawful authority.
For example, if a suspected criminal under surveillance switches from a cellular to a Wi-Fi network, “we may be out of luck,” Comey noted. Law enforcement may not be able to quickly switch lawful surveillance between devices and networks.
In the wake of devastating leaks about the National Security Agency’s data collection program by former contractor Edward Snowden, the prevailing view is that law enforcement and the FBI can access any information at any time, Comey added. He argued that the post-Snowden pendulum has swung too far in the direction of fear and mistrust.
But his argument may fall on deaf ears with privacy-conscious consumers, who welcome Apple’s added security feature, and with civil liberties advocates. On its website, Apple wrote that its commitment to privacy doesn’t stop because of a government information request. “Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” the company explained. “So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
Comey wants to see CALEA changed to require communications providers to build lawful intercept capabilities into their products upfront.
He said the government is not seeking a so-called backdoor feature to gain access to digital assets for investigative purposes. “We want to use the front door with transparency and clarity,” he said.
But even that approach comes with risks.
Comey couldn’t explain the technical aspects of how such a feature would work, but Slate explains the security risks that come with designing backdoor features. Apple said it has never worked with the government to create a backdoor in any of its products or services and it never will.
“I think there is risk associated with what I’m suggesting,” Comey said. “I just think, given the other risks involved, that it makes sense.”