FBI's James Comey: I Know All The Experts Insist Backdooring Encryption Is A Bad Idea, But Maybe It's Because They Haven't Really Tried
from the that's-the-spirit dept
As was widely expected, FBI Director James Comey appeared before two separate Senate Committees yesterday — the Judiciary and the Intelligence Committees — to talk about the “risks” of “going dark” if the government is not allowed to backdoor encryption. You can watch the Judiciary Committee hearing and the Intelligence Committee hearing at those two links. I’d embed the videos here on Techdirt as well, but I can’t because (guess what?) neither offers an encrypted HTTPS version, so they wouldn’t appear on our site, since we force HTTPS connections.
Most of Comey’s comments were pretty much what you’d expect him to say, with a few clear themes repeated over and over again:
- American ingenuity is great, so I don’t really believe all these computer science experts who say that it’s “too hard” to give the government access. I think they haven’t really tried.
- I don’t have a proposal myself (which experts would ridicule for the problems it would create), but rather I’m just trying to “start a conversation” on this.
- We have no data to actually support the fact that encrypted communication has become a real problem, but I can tell you scary stories about (boo!) ISIS.
That was about the crux of it. There were a few times where he would kind of admit that maybe, just maybe the computer scientists were right, but he still thinks they could try harder. The most ridiculous was where he literally said:
“Maybe the scientists are right. But, I?m not willing to give up on that yet.”
Earlier in that same hearing, he said:
“A whole lot of good people have said it?s too hard ? maybe that’s so…. But my reaction to that is: I?m not sure they?ve really tried.”
There are a few problems with all of this. First, he keeps claiming that people are saying it’s “too hard.” But they’re not. They’re saying it’s impossible to give him what he wants without seriously undermining the basic foundations of private communications online. And that’s not just private communications in the form of messaging, but also financial transactions, medical records, business dealings and the like. In short, the “solution” the FBI wants puts everyone at risk.
The second big problem is that it’s fairly stunning that Comey keeps insisting that those bright minds in Silicon Valley can sprinkle some magic pixie dust and give him what he wants, but at the same time claims it’s too difficult for the FBI to actually quantify how big a problem encryption is for its investigations. Furthermore, he can’t even provide a single real world example for where encryption has been a real problem. Even when pushed on this, he noted that when the FBI comes across encrypted communications, they move on to other avenues to investigate those individuals. Which sounds a lot like encryption really isn’t that big of a problem.
The lack of an actual proposal, and the idea that he’s just “starting a conversation” is equally ridiculous, since this conversation was conducted twenty years ago and it was shown what a bad idea it was to backdoor encryption. The idea that we need to do this all over again is just stupid.
Two other quick comments: A few times Comey noted that some big companies are able to encrypt data, but still get access to the underlying content. He used this to argue that it’s “possible.” But he leaves out the fact that those are not end-to-end encryption, but something different entirely which is much less secure than end-to-end encryption. He’s comparing two very different things without recognizing the massive trade off in security associated with what he’s talking about. His technical ignorance — which he underlined multiple times, is kind of bizarre. If he admits he’s so ignorant, why does he brush off the arguments from people who have been in this field working on these issues for decades.
The other comment: multiple times he and some of the Senators hinted that the FBI actually stopped some sort of nefarious plot that was supposed to happen on July 4th weekend. As we noted, despite lots of hype on cable news, the FBI has been making these kinds of failed predictions ever since 9/11 without a single one turning out to be accurate. So it seemed curious that he and others kept hinting at the idea that the FBI had to work overtime last week to actually stop an attack. If true, then you’d think there would be an arrest somewhere, but nothing appears to have been announced. It seems likely that this was just more FUD, but we’ll be curious to see if the FBI ever explains something that it actually did to prevent a real attack.
We’ll likely have a few more posts about some of what was discussed at the hearing a little later. But it’s not just troubling that Director Comey is pushing for efforts to backdoor encryption, he’s wasting the time of lots and lots of smart people who should be focusing on making our communications more secure, rather than proving to Comey and elected officials how ridiculously short-sighted it is to make communications less secure.