FBI Director Cautions Against Default Encryption of Communications Devices
Encryption of mobile phones and other electronic devices could exacerbate problems for law enforcement when officials attempt to access data on those devices during court-ordered investigations, said FBI Director James Comey. He urged companies like Apple and Google that are operating in the communications and data space to rethink their approach to building default encryption into their devices. He also backed an update to the Communications Assistance for Law Enforcement Act (CALEA) to require all telecom companies to comply with federal investigations.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Law enforcement needs to be able to access communications in a lawful way to bring cybercriminals to justice, Comey said Thursday at a Brookings Institution event. Widespread use of mobile communications devices warrants strong protection of privacy and data, he said. The more that citizens rely on those devices, “the more important they become to law enforcement and public safety,” he said. In prosecution proceedings, critical evidence has come from data on smartphones and hard drives and from online communications, he said. Law enforcement was able to solve crimes by accessing information stored on cellphones, GPS data and other electronic capabilities, he said.
FBI investigations have faced challenges due to the emerging technology and outdated statutes, Comey said. Law enforcement “hasn't kept pace with this technology,” he said, noting authorities often lack technical ability to access the data needed to prosecute crime and terrorism. Data in motion, like phone calls, or stored “data at rest,” like text messages, have become increasingly encrypted, he said. Comey said designing devices with built-in encryption will have “very serious consequences for law enforcement and national security.” It’s like a safe deposit box or closet “that can't ever be opened,” and the required information can’t always be gathered from the cloud or through metadata, he said.
The increase in the number of service providers, networks and means of communicating has made court-ordered interception more complicated, Comey said. If a criminal switches from cell coverage to using Wi-FI, “we may be out of luck,” he said. “We may not have the capability to switch from lawful surveillance between devices ... and the bad guys know this." He said law enforcement needs cooperation and assistance from companies during investigations. A regulatory fix also is necessary “to create a level playing field to ensure that all service providers are held to the same standard,” he said.
Comey bemoaned that there are difficulties with CALEA. It doesn’t cover new means of communication, he said. Many telecom and broadband providers “aren't required to provide lawful interception to us,” he said. Other companies can't or won't comply, he said. Some companies want to comply, but can’t due to the time and investment it takes to build the capability to do so, he said, saying he’s hoping for dialogue with Congress on updating CALEA. Some of the earlier discussion on it was "blown away in the post-Snowden wind," he said, referring to the U.S. surveillance disclosures by ex-National Security Agency contractor Edward Snowden.