Skip to main content

The FBI’s Dangerous Misrepresentation of Encryption Law

The FBI no more deserves a direct line to your data than it deserves to intercept your mail at the post office. But it doesn’t want you to know that.
  • Author:
  • Updated:
(Photo: andrey_l/Shutterstock)

(Photo: andrey_l/Shutterstock)

FBI Director James Comey certainly wants you to think that he’s not going to be able to get inside of your iPhone 6. Lately, Comey has been the source of a slew of off-the-cuff comments about how the FBI is “going dark”: “Those charged with protecting our people aren’t always able to access the evidence we need,” he said in a recent speech at the Brookings Institution. “We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”

Comey’s consternation stems from Apple and Google’s decisions to manufacture their smartphones and operating systems with encryption baked in by default. “In the past, conducting electronic surveillance was more straightforward,” Comey said during the speech. Such encryption would damage the organization’s access to the real-time data of its suspects, or such is the line that Comey is pushing. “Some believe that the FBI has these phenomenal capabilities to access any information at any time.... It is simply not the case in real life,” he said.

Privacy experts agree that Comey’s comments are not only misleading, but outright false. Installing encryption on individual devices is a fundamental political right that the FBI seems to be ignoring, despite the fact that laws banning this encryption have already failed to pass. Comey’s comments are a repetition of an old narrative. His recommendation of mandating the installation of a backdoor into encryption for government access would be damaging to users, businesses, and national security alike, critics argue.

Installing encryption on individual devices is a fundamental political right that the FBI seems to be ignoring, despite the fact that laws banning this encryption have already failed to pass.

“The fundamental misunderstanding is that the Fourth Amendment gives the government an affirmative right to information, which is it doesn’t,” says Liza Goitein, co-director of the Brennan Center for Justice's Liberty and National Security Program. The amendment “provides an affirmative right to people, not the government.” In other words, Comey seems to think that the FBI has a legal right to blank-check access to unencrypted information from our personal devices. But there is “absolutely nothing wrong or illegal about a person encrypting their information or Apple offering encryption as a default,” Goitein adds.

Comey is also misrepresenting the extent to which encryption from Google and Apple changes how information is protected. Privacy, after all, has always been a third-party option for devices. “Strong encryption services and products are already out there,” says Harley Geiger of the Center for Democracy and Technology. “You can buy a black phone, a Silent Circle phone, or use PGP to encrypt your data.” What the FBI is speaking out against is the spread of encryption technology to a wider audience that may have not been aware of it before. “What Apple and Google have done is make strong encryption available to the average user, not just those who are security conscious—that’s hugely valuable,” Geiger adds.

Not only would mandating an encryption backdoor damage personal privacy, it could have much wider consequences. “There’s no way to create a vulnerability that only the U.S. government can exploit,” Goitein says. This means hackers, cyber-criminals, and foreign governments could easily use such a hole. “In the end it creates much less security than if you had strong encryption in place without the backdoor,” Geiger says.

The burden of such a backdoor will also fall squarely on U.S. businesses, which may find themselves unable to compete in foreign markets with the added risk of vulnerability. “Small businesses, large businesses use encryption,” says Mark Jaycox of the Electronic Frontier Foundation. “The notion that FBI likes to push is only terrorists use encryption, but everyone uses encryption.”

Comey is pushing for an update of the Communications Assistance of Law Enforcement Act (CALEA), which was passed in 1994, mandating telecommunications companies to install backdoors so the FBI could continue wiretapping even without the presence of a physical wire. But a renewed CALEA could push for applying the same rules to individual users, when legal tools like subpoenas and warrants already exist for the organization to get the data it needs for evidence. Efforts to pass a new version of the law have failed. “Congress could have extended [CALEA] to Internet communications, but Congress didn’t,” Goitein says.

As we move farther beyond the initial Edward Snowden leaks and into a Republican-controlled Congress, overreaches like CALEA might pass unnoticed. But Comey’s speeches should raise alarms. Not only is the director of the FBI advocating for something that could make America’s Internet infrastructure weaker, he is actively misrepresenting the legal context of encryption for individuals, a much larger infringement on technology users—i.e., everyone. As Goitein states, encryption is perfectly legal, and the FBI no more deserves a direct line to your data than it deserves to intercept your mail at the post office.

The illogic of the situation is gradually coming to light. In fact, not all branches of the government support the FBI’s push.

In a recent speech at Stanford in front of an audience of Silicon Valley insiders, National Security Agency director Michael Rogers noted that “when you find vulnerabilities, we are going to share them; the default mechanism is that we’re going to share the vulnerabilities.” (Presumably they will work to solve these vulnerabilities as well rather than exploiting them.) “A fundamentally strong Internet is in the best interest of the nation,” he said.

We can only hope that both the FBI and NSA have the ultimate safety of Americans in mind when they push for access to more and more consumer data. Unfortunately, as the past several years have proven, this is not the case. It behooves us all to be more aware not just of how we use technology but also of how its mainstream perception is being manipulated.