Could Anybody Be Worse Than James Comey On Encryption? We're About to Find Out
A look back at former FBI Director James Comey’s years-long battle against privacy.
FBI Director James Comey. Image: Drew Angerer/Getty
President Donald Trump fired FBI Director James Comey on Tuesday evening. While Comey's full legacy remains to be seen, we know one thing for sure: He was the most outspoken enemy of public access to strong encryption in the United States intelligence community.
Comey's stance on encryption was that it allowed bad guys to "go dark"—making it impossible for law enforcement to access their data during investigations. This isn't rare in the intelligence community, and aligns closely with Trump's limited public discussion of the issue (Trump suggested Americans boycott Apple for not helping the FBI break into an iPhone belonging to the terrorist who committed the San Bernardino attack in 2014).
We don't yet know who will replace Comey, and whoever does will likely also want the ability for the FBI and other intelligence agencies to obtain as much information as possible for its investigations.
But Comey spoke often and repeatedly about his disdain for tech companies who protect the privacy of their users by using strong encryption. At Congressional hearings, think tank panels, and in public speeches, he noted his disdain for end-to-end messaging encryption—which cannot be intercepted and decrypted while messages are in transit—and for the default encryption of data on iPhone and Android phones. This is important because it protects phones from being easily hacked and people's information from being stolen.
Comey tried numerous tactics to get tech companies and Congress to make law enforcement access to encrypted data easier. His go-to argument was that tech companies weren't "trying hard enough" to design new types of encryption that could be accessed by law enforcement but not by, say, hackers or foreign governments. He repeatedly said that law enforcement wanted a "front door" or a "golden key" to access data with a warrant, but ignored the many computer scientists and cryptographers who explained that, by definition, any vulnerability built into encryption could potentially be exploited by hackers.
Comey's steady, unrelenting drumbeat against encryption began in earnest in October 2014, soon after Apple and Google announced that their mobile operating systems would be encrypted by default. In a speech at the Brookings think tank, Comey set up his position by explaining that encryption is used by "predators" and "bad guys."
"With Going Dark, those of us in law enforcement and public safety have a major fear of missing out—missing out on predators who exploit the most vulnerable among us … kids call this FOMO," he said. "If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place."
In that speech, he also noted that "Congress might have to force" companies like Apple and Google to undermine their encryption.
In March 2015, the FBI removed a recommendation that consumers encrypt their devices. In May, Facebook, Google, Apple, and Microsoft wrote a letter to to Barack Obama asking him to not seek encryption backdoors that would harm the privacy of their customers. Comey called the letter "depressing" and said that there are "societal costs to universal encryption."
By July, Comey was blaming encryption for the unfettered and untappable exchange of information within ISIS: "They don't need to find propaganda, it's buzzing in their pocket. There is a device, a devil on their shoulder all day long saying kill kill kill kill," he said. "We can see them give directions [on Twitter sending them] to end-to-end encrypted app and they give them instructions."
At a Senate Judiciary Committee hearing in December, Comey said that breaking encryption was "not a technical issue, it's a business model question."
"The question we have to ask is: should they change their business model?," he said.
All of this rhetoric came to a head in early 2016, when Comey had a specific case to point to: The FBI couldn't access the encrypted iPhone of the alleged San Bernardino shooter. The FBI and Comey pushed Apple to build a backdoor into its encryption and then to protect that backdoor from getting into the wild. Apple refused, citing the very real danger this would pose to iPhone customers (potentially allowing hackers or other non-US agencies to access people's phones), and eventually the FBI turned to other means to crack the phone.
With the election taking up most of the second half of 2016, Comey didn't speak about encryption much. But his anti-encryption talk resurfaced just last week, when Comey suggested that a law against encryption might be possible under Trump.
Again, we don't know who will replace Comey. In an interview with Walter Isaacson in October, Deputy FBI Director Andrew McCabe at least sounded pragmatic, noting that many encrypted messaging services operate overseas where the FBI has no jurisdiction. That, at least, is a fact that Comey rarely addressed.