FBI and DOJ Target New Enemy In Crypto Wars: Apple and Google

Report

The FBI and Department of Justice on Wednesday targeted a new set of threats to national security and law enforcement: not ISIS, or pedophiles, but Apple and Google.

Those companies and others that provide or will soon provide end-to-end encryption make it impossible to read intercepted digital messages — and without naming names, FBI Director James Comey and Deputy Attorney General Sally Quillian Yates said that they will “work with” those companies to ensure access to their customers’ communications.

In a Senate Judiciary hearing Wednesday morning, Yates and Comey said companies that “do not retain access” to consumers’ information can complicate authorized criminal and national security investigations.

Google and Apple, in response to demands from consumers who request higher levels of privacy and security, have been slowly rolling out stronger end-to-end encryption on their devices and services such as Gmail and iPhones.

When messages are encrypted end-to-end, only the sender and the recipient have access to those messages, which are decrypted by means of specific “keys.” Without those keys, the messages look like “gobbledygook,” as Comey put it during the hearing.

“We want to work with the communications providers to find a way with them to get access to the information we need … while protecting privacy.” Yates said. “We want to have each provider think about and work out a way where they will find a way to respond to these requests.”

What Yates really meant was that she wants companies to stop providing end-to-end encryption, or find ways to circumvent it. Comey and Yates insisted that there must be some new technology that Silicon Valley could develop that would give them the access they want without risking strong encryption. But privacy and cryptology experts have insisted for years that this would be impossible without compromising overall security and opening holes for criminals to exploit.

Yates and Comey both insisted that they would prefer not to force compliance through a legislative mandate. “The approach of the administration,” Yates said, “is not to have a one size fits all legislative solution at this point.” However, she noted that a mandate “may ultimately be necessary” to force companies to comply. Several senators, including Sen. Thom Tillis, R-N.C., agreed.

“Maybe no one will be creative enough” to solve the problem, Comey said, “unless you force them to.”

Sen. John Cornyn, R-Texas, wondered aloud whether companies that “intentionally design a product in a way that prevents you from complying with a lawful court order” are the equivalent of a citizen who refuses to answer questions in court, and is subsequently held in contempt.

Despite the FBI and DOJ’s insistence that end-to-end encryption is a danger, Yates refused to provide data on the number of cases in which encryption has posed an insurmountable barrier. She told the committee that she sees the problem “every day,” but does not keep track of cases in which encryption has stopped the department from monitoring communications. Her explanation was that the DOJ, when presented with instances of encryption, no longer even tries to secure a wiretap order. “Being able to give you hard numbers on the number of cases that have been impacted is impossible,” she told Sen. Al Franken, D-Minn., who looked unconvinced.

A Federal Courts report on wiretapping in 2014 released last week disclosed that federal and state law enforcement personnel at all levels encountered only four cases all year in which wiretaps were thwarted because of encryption.

And, as Comey himself reminded the committee, without going into any detail, the FBI and DOJ have other methods of tracking and monitoring criminals and their communications.

Franken pointed to the recent Office of Personnel Management breaches as evidence that government itself couldn’t be trusted to safeguard its own data, and as reason for companies to continue seeking improvement in encryption. “With each new story about a cyberattack,” he noted, “we learn that we should have strong encryption.”

But as they made clear, law enforcement officials are instead ramping up efforts to target the companies who are leading the effort toward safer and more secure communication.

Translation Source: 
فريق ترجمة موقع راقب