FBI director’s fear-mongering view of data encryption is off the mark

By Johnny McCabe

(J.B. Forbes/St. Louis Post-Dispatch/MCT)
(J.B. Forbes/St. Louis Post-Dispatch/MCT)

In a speech at the Brookings Institute in Washington, D.C. last Thursday, James Comey, the director of the Federal Bureau of Investigation, painted a picture of a “very dark” future of unchecked crime and cyber villainy. Built-in data encryption, he warns, will lead to a disastrous and perilous dystopia in which United States government organizations and law enforcement agencies will be powerless to act in a digital Wild West, where the transgressions of outlaws and criminals will be safeguarded behind impenetrable walls of “privacy.”

In the wake of Edward Snowden’s momentous revelations about the National Security Agency’s widespread illegal surveillance of both American citizens and of other countries, this binary good-versus-evil rhetoric is laughable, shortsighted and ignorant. Characterizing user data encryption as an obstacle to law enforcement is both counterproductive and violates the spirit of the First Amendment.

The developments in data encryption that Comey so fervently demonizes take the form of announcements by both Apple and Google that each company’s new suite of devices and software will feature user data encryption “baked in” upon release. Data encryption is in high demand, especially following the “Celebgate” and “Snappening” scandals, in both of which user data, most commonly taking the form of explicit photos and videos, was forcibly accessed from supposedly secure servers. Now is as good a time as any to be fighting for better encryption. Why then, does the possibility of protecting the privacy of the average consumer intimidate Comey so much?

Comey argues that encrypting user data means that the FBI would be “going dark,” allowing cybercriminals and terrorists to act with abandon on the internet, stripping law enforcement of its ability to protect American citizens. He goes so far as to imply that Apple and Google’s actions drive the U.S. to become “a country no longer governed by the rule of law,” and that the only way to prevent the impending cyber-Armageddon is for tech companies to create “front door access” in all of their products and software, allowing the FBI unmitigated access to private user data at any point. All of this comes from an agency whose companion security agencies have such sterling track records with the responsible and ethical use of metadata and digital surveillance.

Comey cites an “obligation” for companies in the American private sector to build such means of government access into their devices, undercutting both an ignorance about the way such technology works and of the global market for American technology. The whole point of such encryption is to ensure that the only people with access to user data are the users themselves. Apple and Google’s forthcoming encryption software both are designed such that the “encryption keys” needed to parse and disseminate user data are stored locally on said user’s device—not even Apple or Google has the means to decrypt user information on its own servers.

From a software security standpoint, this is objectively a more effective means of protecting private data than any preinstalled or built-in access door, back or front; the FBI won’t need to access cybercriminal’s private information if cybercriminals cannot access the private information of their would-be victims. In short, Comey’s proposition is completely counterintuitive, since a backdoor would merely serve as prospective entry point for the dreaded and insidious “hacker.”

Furthermore, Comey fails to grasp the notion that American tech manufacturers have a consumer base outside of their own country. Apple’s iPhone 6, after breaking sales records in the U.S., was just released at the end of last week in China, one of the largest growing tech markets in the world and also one of the strictest countries in the world concerning the protection of its own data. It seems unlikely, after the Snowden leaks implicated the NSA in surveilling not only U.S. citizens but also chief officials in several European governments, that European and Asian consumers would readily adopt products with built-in access for the United States government.

The idea that stronger and stricter data encryption could do anything other than protect the rights and privacy of U.S. citizens is completely ridiculous. Comey’s castigation of data encryption is utterly unfounded, and stems more from Cold War-style paranoia than any actual understanding of technology or data encryption. Comey wonders if “we are no longer a country … where no one is above or beyond the law.” There is ample evidence to prove that we are such a country – but protecting private data from our own government is defined in the First Amendment to the Constitution. The question remains, then: who is really breaking the law?

Johnny McCabe is a Collegian columnist and can be reached at [email protected]