FBI Director James Comey has called for a national conversation about the use of encryption by criminals and terrorists, and the government’s desire to access those communications. His call was answered and then some Wednesday.
A rigorous debate over encryption unfolded at The Crypto Summit, a daylong seminar held by Internet advocacy group Access Now. Technologists and privacy experts faced off against lawyers and former government officials over whether the U.S. government should have the right to force technology companies to unlock encrypted communications if compelled to do so by court order.
The two sides butted heads over the same points that have been brought up since Comey allayed his fears last October: Technologists and privacy experts point out the technical infeasibility of building a secure back door into encryption systems while law enforcement representatives warn of dire consequences if a solution is not quickly found or created.
During a panel dedicated to encryption law, two former Justice Department officials acknowledged that the government has not done a good job of relaying their fears and need to a better job of finding the right data to support their argument.
“The government needs to do a far better job of making the case that this is an issue that needs to be fixed,” said Carrie Cordero, who has previously been a lawyer at the Department of Justice and the Office of the Director of National Intelligence. “I think what the law enforcement community is not hearing is from the technology community is an acknowledgement that this is a legitimate public policy issue.”
Nate Cardozo, a staff attorney with the Electronic Frontier Foundation, disagreed with the notion that encryption is an impediment for law enforcement. He cited a recent report from the U.S. Administrative Office of the U.S. Courts showing that less than 1 percent of all wiretap cases in 2014 were thwarted due to encryption.
“Legislative insecurity for the bad guys will only succeed ensuring insecurity for us all,” Cardozo said.
Cardozo also scoffed at calls from the government to have a national conversation about encryption due to the fact that when he presses officials for their own solutions, he hears nothing in return. Cardozo believes that, instead of figuring something out, the Justice Department wants companies like Apple or Moxie, which runs secure communication platform TextSecure, to “silently capitulate” to the calls for back doors.
“I think there is a reason [the government] keeps saying, ‘We should have this conversation,’ and the answer is they want Moxie, they want [Apple CEO] Tim Cook to silently compromise their product without actually having the conversation,” Cardozo said. “Because when I say ‘What should they do?’ I don’t hear an answer. I don’t hear that answer from Comey either. I haven’t heard that answer from anyone.”
Jamil Jaffer, a former Justice Department lawyer, declared that tech companies do have the ability to serve law enforcement’s need through key encapsulation or key splitting. Both of those practices would call for companies to keep master keys on hand if the court decides they need to get their hands on encrypted data.
“There are systems that allow privacy to be protected, the only thing that’s disclosed is the session key,” Jaffer said. “It’s court approved and you protect the private keys.”
Sarah McKune, a senior legal researcher with the University of Toronto’s Citizen Lab, said those practices aren’t going to keep terrorists or other nefarious actors from trying to hide their communications.
“Law enforcement has long recognized that those they determine who are terrorists or criminals already use encryption tools,” McKune said. “If they are properly motivated, they are going to find a way to secure their communications.
Even though the hourlong panel grew contentious at times, Jaffer said he was glad to have it because he believes that a medium can be struck that appeases privacy advocates and law enforcement. He hopes that this debate leads to a solution that doesn’t involve legislation, because privacy experts will be on the losing end.
“The challenge I see for the privacy community is this: If we don’t resolve this issue, and there is another Megan Kanka and a young child is kidnapped, and the reason the government couldn’t find that child was high-level encryption, or there’s a terrorist attack, the outcome for privacy community is going to be disastrous,” Jaffer, who is currently an adjunct law professor at George Mason University, warned. “At the end of the day, the government will succeed. They will get their access and privacy will suffer.”