Everybody Knows FBI Director James Comey Is Wrong About Encryption, Even The FBI

from the this-is-your-best-shot? dept

FBI Director James Comey is apparently a likable guy, but if he’s going to attack encryption, it might help if he actually understood it better than, say, the editorial board of the Washington Post, who recently argued against “backdoors” in technology, and for a magical “golden key” — as if the two were somehow different. We wrote a quick take on Comey’s Brooking’s talk last week, but the deeper you dive into his talk the more and more evident it is that he not only doesn’t quite understand the issues he’s talking about, but that he doesn’t even seem to understand when his own statements conflict with each other.

Just two days earlier, in a 60 Minutes interview, Comey had insisted, incorrectly, that the FBI can never read your email without a court order. This was simply false, and Comey had to ‘fess up to that at the Brookings event when called on it. But if he needed to “clarify” that, it seems like he needs to do much more clarifying as well. Because much of his speech presented scenarios for why the phone encryption now being put in place by Apple and Google would have harmed investigations — and after digging into those examples, it appears that his explanations were, once again, incorrect. Here are his examples:

In Louisiana, a known sex offender posed as a teenage girl to entice a 12-year-old boy to sneak out of his house to meet the supposed young girl. This predator, posing as a taxi driver, murdered the young boy and tried to alter and delete evidence on both his and the victim?s cell phones to cover up his crime. Both phones were instrumental in showing that the suspect enticed this child into his taxi. He was sentenced to death in April of this year.

In Los Angeles, police investigated the death of a 2-year-old girl from blunt force trauma to her head. There were no witnesses. Text messages stored on her parents? cell phones to one another and to their family members proved the mother caused this young girl?s death and that the father knew what was happening and failed to stop it. Text messages stored on these devices also proved that the defendants failed to seek medical attention for hours while their daughter convulsed in her crib. They even went so far as to paint her tiny body with blue paint?to cover her bruises?before calling 911. Confronted with this evidence, both parents pled guilty.

In Kansas City, the DEA investigated a drug trafficking organization tied to heroin distribution, homicides, and robberies. The DEA obtained search warrants for several phones used by the group. Text messages found on the phones outlined the group?s distribution chain and tied the group to a supply of lethal heroin that had caused 12 overdoses?and five deaths?including several high school students.

In Sacramento, a young couple and their four dogs were walking down the street at night when a car ran a red light and struck them?killing their four dogs, severing the young man?s leg, and leaving the young woman in critical condition. The driver left the scene, and the young man died days later. Using ?red light cameras? near the scene of the accident, the California Highway Patrol identified and arrested a suspect and seized his smartphone. GPS data on his phone placed the suspect at the scene of the accident and revealed that he had fled California shortly thereafter. He was convicted of second-degree murder and is serving a sentence of 25 years to life.

The evidence we find also helps exonerate innocent people. In Kansas, data from a cell phone was used to prove the innocence of several teens accused of rape. Without access to this phone, or the ability to recover a deleted video, several innocent young men could have been wrongly convicted.

Powerful stories, right? Just imagine if the data on those phones were locked up and unavailable to law enforcement? Well, imagine-no-more, because people have been looking into these stories, and Comey’s fear mongering doesn’t check out. First up, The Intercept looked into these cases and their results can be summed up in the URL slug which includes “FBI Dude Dumb Dumb.”

In the three cases The Intercept was able to examine, cell-phone evidence had nothing to do with the identification or capture of the culprits, and encryption would not remotely have been a factor.

In the most dramatic case that Comey invoked ? the death of a 2-year-old Los Angeles girl ? not only was cellphone data a non-issue, but records show the girl?s death could actually have been avoided had government agencies involved in overseeing her and her parents acted on the extensive record they already had before them.

In another case, of a Lousiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas.

And in the case of a Sacramento hit-and-run that killed a man and his girlfriend?s four dogs, the driver was arrested a few hours later in a traffic stop because his car was smashed up, and immediately confessed to involvement in the incident.

The link provides a lot more details about each of those cases, suggesting phones had little to nothing to do with any of those stories, and if there were encryption on those phones it wouldn’t have made the slightest difference. And it’s not just the folks over at The Intercept recognizing this. The Associated Press called bullshit on most of the examples as well.

And, remember, these were the hand-picked examples the FBI came up with after weeks of time to prepare its case for not allowing such encryption. And they don’t hold up under scrutiny.

During the Q&A, Comey was again challenged on these and asked for “real live examples” where encryption would be an issue and his answer did not inspire confidence that Comey has any idea what he’s talking about:

Rescuing someone before they?re harmed? Someone in the trunk of a car or something? I don?t think I know ? yet? I?ve asked my folks just to canvas ? I?ve asked our state and local partners are there some examples where this ? I think I see enough, but I don?t think I?ve found that one yet. I?m not looking. Here?s the thing. When I was preparing the speech, one of the things I was inclined to talk about was ? to avoid those kids of sort of ?edge? cases because I?m not looking to frighten people. Logic tells me there?re going to be cases just like that, but the theory of the case is the main bulk of law enforcement activity. But that said I don?t know the answer. I haven?t found one yet.

In the talk, Comey also disputed the notion of a “back door,” but rather claimed he wanted a “front door.”

We aren?t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process?front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks.

Right. So, just like the question of what’s the difference between a back door and a magic golden key, Comey was asked about the difference between a front door and a back door, and his answer was… he doesn’t know.

When asked technical questions about the solution he was suggesting, Comey didn?t have the answers. At one point, the host, Benjamin Wittes, a senior fellow at the Brooking Institution, asked Comey to explain his ?front door? distinction, to which he responded, ?I don?t think I am smart enough to tell you what ‘front door’ means.?

Yup. You’re the director of the FBI and you just gave a key speech — pushing for legislation — which focuses on the idea of wanting a “front door” into technology, and when questioned on what the hell that means your answer is “I don’t think I’m smart enough to tell you what ‘front door’ means”? This isn’t making me feel any safer.

You know what would make me feel safer? A hell of a lot more encryption. And you know who agrees? the FBI. This is from the FBI’s own website for “safety tips to protect your mobile device”

In case you can’t read it, it says:

Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user?s personal data in the case of loss or theft.

It also recommends passcode protecting your phone (which is how these default encryption systems now work). So, um, here we have the FBI telling people to encrypt their phones… and complaining that such things will lead to the end of the world, though it’s unable to actually give an example, or even explain what its new proposal is really about. As Marcy Wheeler pointed out before the speech, this sort of clueless dichotomy seems to follow Comey around. In that 60 Minutes interview, he both talked about how dangerous the internet is, and why people need to protect themselves… and then attacked one of the most important tools for people to protect themselves.

It’s almost as if Comey has absolutely no idea what he’s talking about.

And that’s because he almost certainly does not. He may understand other issues related to crime and law enforcement, but when it comes to encryption, it appears he’s reading the hastily prepared script of someone else. The simple fact is that he’s wrong. Strong encryption is in the public interest and not only protects people from questionable surveillance, but from bad actors as well. It’s the best way to make us all safer — much better than relying on FBI agents running around trying to snoop on phones.

Thankfully, so far, the folks in Congress don’t sound particularly impressed by Comey’s demand for “front doors” that he’s not smart enough to understand. Hopefully it stays that way.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Everybody Knows FBI Director James Comey Is Wrong About Encryption, Even The FBI”

Subscribe: RSS Leave a comment
tqk (profile) says:

Re: Re:

> For the FBI to have a way in by the front door would mean they have my password and/or private key.

… Which perhaps they they got from the NSA. I think a properly constitued warrant signed by a suspicious judge is the front door he’s forgotten he already has access to.

I’m beginning to smell a happy ending to this ridiculous story. Hopefully, the snickers of incredulity he hears going on behind his back as he walks the halls of the Hoover building can help to reinforce his understanding.

I’m a little surprised Congress isn’t falling for his Chicken Little routine. Sudden outbreak of common sense in 21st Century USA?

Anonymous Coward says:

Re: Re: Re:

I’m a little surprised Congress isn’t falling for his Chicken Little routine. Sudden outbreak of common sense in 21st Century USA?

Not an outbreak, nor sudden. When someone starts spying on committees and destroying elected people’s privacy, and then when a lack of privacy is demonstrably shown to derail what they’ve spent the last few years working on, it’s purely a defensive measure to make sure that doesn’t happen to you too. In other words, Congress is looking at what the CIA did to the Senate, and is becoming careful to ensure the FBI doesn’t do the same thing to Congress.

Anonymous Coward says:

What is it that compels three letter agency directors to constantly lie to the American public? James Clapper lied to Congress under oath, committing an alleged felony. Now James Comey is lying about the key details in criminal cases, totally fabricating the leads which lead to the suspect’s apprehension. It’s almost like James Comey was stuck on parallel construct mode when he stepped in front of the cameras.

If this was meant to rebuild public trust after the Snowden revelations, it’s having the opposite effect on me. Don’t even get me started about the ‘frontdoor’ bullshit. Yeah let’s build ‘frontdoors’ with ‘magic keys’ so China can hack the crap out of us even more!

John Fenderson (profile) says:

Re: Re:

“If this was meant to rebuild public trust after the Snowden revelations, it’s having the opposite effect on me.”

This is the real irony. As damaging as the proof of intelligence agencies wrongdoing was, the most damaging thing of all was how they reacted to it: by lying their asses off at every opportunity.

If they had just come out and honestly talked with people, they would still have (rightfully) taken a big hit to their credibility. But that damage would have been much less than what they caused by being liars.

Anonymous Coward says:

Push those buttons. Go on, push them. And again.

It’s funny how the FBI director had to throw in one of the rarest of crimes — child predation — a crime that never fails to draw huge emotional outrage. And then to play this card not once, but twice.

But interestingly, he forgot to throw in an example (real or imagined) of the even rarer crime of international terrorism, since it’s the other trump card the authorities like to play whenever people complain about losing their rights and freedoms to the ever-expanding police state.

Anonymous Coward says:

MEMO to all employees

Remember the skeleton key password for all phones is “FBIAdmin1”. When this is leaked we will change it to “FBIAdmin2” and so on.
We know that this is very confusing to almost all employees due to it’s complexity, but we must uphold certain security standards.
With regards
Your overlords.

TasMot (profile) says:

Only AFTER the fact

One other point Comey seems to keep skipping is that a phone, encrypted or not, will NEVER help catch the alleged criminal. The FBI doesn’t have the phone until after the criminal is caught. The lack of encryption just provides easier access to proof “after the fact” once the alleged criminal and said phone are in the possession of law enforcement personnel.

Now, if we could get the phone companies to stop allowing them to spy on us, and/or somebody implements an effective method of encrypting the call while the conversation is on the wire, then they would start having a real problem to complain about.

Can you imagine the outcry that is going to happen when the equivalent of HTTPS is available on phones. Each phone will have its own certificate for encrypting the conversation and the entire conversation will be transmitted in an encrypted form to be decrypted by the phone on the other end. They will still be able to track who called whom, but will not be able to listen in on the conversation unless they manage to acquire the decryption keys. Won’t that be a hoot.

BlueLightMemory says:

Comey is a joke

That’s it in a nutshell, Comey is a joke.

What the FBI basically has going for it, is they have a huge budget which allows them to continuously stick around whoever they are investigating. They figure that sticking around allows them to stumble onto something meaningful if the person they are investigating slips up. Just don’t slip up.

The FBI are parasitic leaches and Comey has the intelligence of a disabled leach.

dismembered3po says:


No. No you don’t, Jim. Neither the word ‘crime’ nor the word ‘terrorism’ appear, even once, in the oath that members of your organization swear.

You and your minions swear…..TO PROTECT THE CONSTITUTION.


Anonymous Coward says:


“I think a properly constitued warrant signed by a suspicious judge is the front door he’s forgotten he already
has access to.”

No, not if the individual pleads the Fifth Amendment, and even Professor Kerr concedes that there may be a viable Fifth Amendment claim.

Only if the government can prove from an independent source that there is encrypted data, and the individual to whom the subpoena is directed knows the password can the Fifth Amendment be overcome.

If the existence of encrypted data apart from random data can’t be proven like in the 11th circuit grand jury subpoena case, the individual can’t be compelled.

tqk (profile) says:

Re: Warrants

> “I think a properly constituted warrant signed by a suspicious judge is the front door he’s forgotten he already
has access to.”
> No, not if the individual pleads the Fifth Amendment, and even Professor Kerr concedes that there may be a viable Fifth Amendment claim.

I’m not talking USA legal minutia or Fifth Amendment or rights of the accused (I’m not even there, and I think your legal system is nuts/perverted).

I’m just saying, GET A WARRANT, ffs,. It’s not that difficult, and won’t much slow down / constrain your investigation!

Comey ought to understand this!!! Or, he should bow out before making even more of a fool of himself.

David says:

Re: Re: Warrants

I’m just saying, GET A WARRANT, ffs,. It’s not that difficult, and won’t much slow down / constrain your investigation!

We are talking about vastly automated dragnet surveillance. You’d need judges having mastered shorthand just for putting down their signature, and they would still cause the searches to screech down to a crawl while getting writing cramps. And not getting anything else done.

Warrants are not an option at the surveillance scale we are talking about. Which is pretty much the reason that the Constitution demands them.

Anonymous Coward says:


So you think the Fifth Amendment and the legal system granting the individual the right not to be a witness against himself is perverted?

Got it, but the recognition of the privilege against self incrimination is universal, and any system compelling the individual to divulge the contents of his mind thereby incriminating himself is evil.

If you aren’t American and even don’t like the Fifth Amendment Comey’s remarks don’t concern you.

What makes the American system unique is the exclusionary rule — allowing even criminals to walk free if the police has violated the Fourth or Fifth Amendment.

Warrants without an exclusionary rule are useless.

Jeremy Lyman (profile) says:


I’m not looking to frighten people. Logic tells me there’re going to be cases just like that, but… I haven’t found one yet.

He’s absolutely trying to frighten people into giving up freedoms in exchange for some ill-conceived version of security. He hasn’t found a specific example to use yet, but that doesn’t stop him from conjuring one from imagination-land.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...