FBI's James Comey Returns for Another Assault on Encryption
Last week was quite a week for FBI Director James Comey, who appeared on "60 Minutes" and at the Brookings Institute to reiterate that the government just has to have the ability to crack the encryption on mobile devices. You'll recall that Apple and Google are supporting mobile operating systems with encryption that even they can't break.
Comey's not a fan. But his statements about the nature of privacy make one wonder why he should be trusted. Comey doesn't seem to trust any of us, operating under the assumption that someone who doesn't want the government rifling through their stuff must be up to no good.
The Moral Argument
Comey's statements reflect a profound misunderstanding about the nature of privacy. For example, he told Scott Pelley on "60 Minutes": "The notion that we would market devices that would allow someone to place themselves beyond the law, troubles me a lot. As a country, I don't know why we would want to put people beyond the law."
But it's not illegal to encrypt your phone. It's not illegal for Apple to sell an encrypted phone. It's not illegal for Apple to sell a phone that no one but the owner can decrypt. Does Comey believe it should be illegal for Apple to sell an encrypted phone? That's pretty certain: The FBI has been trying for years to require tech companies to build law enforcement backdoors into their systems.
In a normative sense, that's dangerous. Law enforcement should always have a spare key to your house, your car, and your phone, just in case? And we're expected to trust them when they say they wouldn't abuse that awesome power. (Even though we know they do.)
FBI Directors Just Don't Understand
But Comey's not just mistaken about the moral dangers of the government having a key to your house. He's also mistaken about the security risks. At the Brookings Institute, Comey misunderstood how backdoors work: "[I]t makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact," he said.
It sounds like he's saying that a lack of backdoor is somehow more of a security risk than having a built-in backdoor -- which just doesn't make sense. A backdoor is a vulnerability intentionally placed there. Anyone who's smart enough can exploit a vulnerability.
"We aren't seeking a back-door approach," Comey said at the Brookings Institute. "We want to use the front door, with clarity and transparency, and with clear guidance provided by law." But whether it's a front door or a back door, it's still a door -- and the FBI isn't in charge of who gets to use it.
Related Resources:
- Grooming Students for a Lifetime of Surveillance (Model View Culture)
- iPhone Encryption and the Return of the Crypto Wars (Schneier on Security)
- If Apple Doesn't Let Us Snoop, Children Could Die: FBI Director (FindLaw's Technologist)
- Cops Doled Out Dangerous Child Internet Safety Software: EFF (FindLaw's Technologist)