The director of the FBI said Wednesday that "encryption is a great thing," then spent the next couple hours trying to explain to a Senate panel why we must break that great thing.
James Comey's very public warnings of what a future with encryption might mean for law enforcement long ago started feeling tired, but Wednesday's performance in front of the Senate Judiciary Committee came with new warnings, new pleas, and a flair for the dramatic unseen in some of his previous speeches on the topic.
As has become par for the course, Comey and his colleagues at the Department of Justice have no real solutions, just a mad-libs book full of rhetoric that might successfully scare the American public into demanding that something be done about the perceived threat of "going dark."
It doesn't really matter what Comey says at any given hearing or speech, it's all some sort of variation of bad guys are using encryption, we don't know how to crack it, and that is bad.
"There is a device, a devil on their shoulder all day long saying kill kill kill kill"
But while Comey was fearless in his criticism of encryption late last year and in early 2015, it seems as though the criticism of some of his previous talking points have caused him to choose his words slightly more carefully.
"Encryption is a great thing. It keeps us all safe, it protects innovation, it protects my children. That is a great thing," he said. "I also care about public safety. There is not a war being fought here—I think most people care about both. This is not a war, this is a conversation. Is there a way we can maximize both?"
Technical feasibility of building backdoors to encryption without breaking the whole thing aside, this sounds like a reasonable point of view. But Comey's views on encryption have not changed one bit since October, when he very publicly started fighting a war on encryption as a result of Google and Apple announcing that their new mobile operating systems would have encryption enabled by default (making it impossible for the FBI or even the manufacturers to access the information on the phone).
- In October, Comey called encryption a "marketing pitch" and said that if Google and Apple didn't build backdoors into its encryption, then "Congress might have to force [backdoors] on companies."
- In early January, an assistant Attorney General at the Justice Department (which oversees the FBI) said that encryption is leading us to a "zone of lawlessness." And in May, Comey said a letter in which Google, Apple, Microsoft, Facebook, and others asked Obama not to weaken encryption was "depressing."
- In March, the FBI quietly removed a recommendation on its website that people encrypt their mobile devices. Wednesday, Comey said that he "hoped [the recommendation] is still there. I think encryption [to protect your data] is a very good thing."
So what does Comey want, then? The answer is the same as always. He wants you to be allowed to encrypt your data, but he wants manufacturers to install security backdoors similar to the one the NSA had on the servers of some of the largest tech companies with its PRISM campaign.
That way, you have the illusion of security, but the FBI and other law enforcement can, with the help of large tech companies, still see what you're doing. Last year, Comey said that he wanted a "front door" into your device. That didn't go over very well with, well, anyone.
Meanwhile, the US has said it doesn't want anyone else, such as China, to have backdoors, because backdoors can break encryption altogether. And that's kind of the point, right? If you start creating ways for encrypted data to be accessed, you've created an access point not just for governments, but for hackers and dictatorial governments and everyone else.
"We're not seeking a front door, a back door, or any other kind of door"
Wednesday, there was no talk of doors, except to say that the FBI absolutely does not want any sort of door. Instead, it wants what I would call, maybe, a mailbox. It wants Facebook, and Google, and Apple to live inside your device and be able to snag information from it whenever law enforcement can cough up a warrant. The manufacturer will then take that information and send it to the FBI. Door or no door, the result is the same.
"The approach of the administration is not to have a legislative solution at this point to cram down the throats of the technology industry," DoJ assistant attorney general Sally Yates said. "We're not seeking a front door, a back door, or any other kind of door. We're seeking to work with industry such that they will be able to respond to [warrants] … we want an individual solution with each individual company."
Originally, the reason for all this hand wringing was, in the words of various FBI, DOJ, and NSA honchos, to keep murderers, kidnappers, and pedophiles who might harm your family from encrypting data and going free. That didn't quite fly with privacy advocates and tech companies, who pointed out that the FBI would not name one single incident in which encryption thwarted an investigation. Information recently published showed that encryption prevented just four out of a possible 3,554 federal wiretaps.
And so Wednesday, Comey turned to ISIS as a danger lurking in the encrypted shadows.
"ISIL is reaching out primarily through twitter to 21,000 english language followers. Their message is two-pronged—come to the caliphate and live a [great] life. If you can't come, kill somebody where you are. Videotape it, do it do it do it," Comey said. "They don't need to find propaganda, it's buzzing in their pocket. There is a device, a devil on their shoulder all day long saying kill kill kill kill."
"They have found many of those someones in the United States," he added. "We can see them give directions [on Twitter sending them] to end-to-end encrypted app and they give them instructions. We have examples of this happening in all 50 states, it's buzzing in their pockets all day long and they're trying to seek meaning in some sick way."
The flawed thinking here is that ISIS or any other criminal is going to stop using encryption simply because it is illegal. Even if Congress or someone else forced American tech companies to build backdoors into their devices, other countries will not (perhaps partially because the United Nations have said that encryption is a basic human right).
"Undermining encryption will not solve the tension between those seeking to enforce the law and those seeking to break it. And making strong encryption illegal will not stop bad actors from using it," Wyden wrote. "Trying to restrict the use of encryption would cast suspicion on those who legitimately seek protected communications, such as journalists, whistleblowers, attorneys, and human rights activists."
Comey has suggested, perhaps based on blind faith in 'Merican ingenuity that Silicon Valley can come up with a solution that transcends mathematics and basic computer science and also manages to placate an American public that has been relentlessly spied on by the institutions that have sworn to protect them.
"I don't come with a solution," Comey said. "This is a really really hard problem. I hear folks say it's too hard, it can't be fixed. I think with Silicon Valley, it can be fixed."
The answer here, is perhaps to admit that the people—yes the murderers and the kidnappers and the terrorists—but also regular ol' people are happy with encryption and don't want to destroy it.