5 January 2016

FBI Tried a New Tactic In Order to Get Access to Encrypted Personal Communications

FBI Seeks to Reframe Encryption Debate
Devlin Barrett, Wall Street Journal, December 29, 2015
WASHINGTON—The Federal Bureau of Investigation is issuing a more direct challenge to technology companies in the wake of terror attacks in Paris and California, urging them in blunter terms to allow investigators to decrypt private communications during terror probes.
Hoping to escape a continuing debate over the technical feasibility of decryption, which they fear plays into Silicon Valley’s hands, FBI Director James Comey and others are pushing executives to move away from a policy they say values customers’ privacy over public safety.
“It is a business-model question,” Mr. Comey said at a recent congressional hearing, adding that executives “have designed their systems and their devices so that judges’ orders cannot be complied with…Should they change their business model? That is a very, very hard question.”
Challenging tech CEOs like Apple Inc. AAPL 1.80 % ’s Tim Cook directly suggests that Mr. Comey could be laying the groundwork for a push in Congress for legislation that would force the companies to change their products.
So far, however, there is no indication the tech industry is retreating from its argument that strong encryption is necessary to protect users’ information, and that providing a technological “key” or “backdoor” for law enforcement would simply make the information more vulnerable to hackers of all kinds.
A Samsung Electronics Co. Galaxy Note Edge smartphone running the Android mobile operating system displays the Google Inc. Hangouts app. Photo: Chris Goodney/Bloomberg News Apple, in response to questions for this article, said this isn’t a new issue, since the company has used encryption for well over a decade as a vital way to protect customers’ personal information.
“As hacking schemes and cybercrimes against individuals, companies and governments have become daily occurrences, we have worked hard to keep pace,” Apple said in a statement. “We know that criminals will seek out encryption techniques or develop their own, so weakening encryption in consumer devices will only hurt law-abiding citizens who rely on it to protect their data.”
Still, not all tech companies are equally firm. John Chen, CEO of cellphone maker BlackBerry Ltd. BBRY -0.74 % , has declared the company will work with the government to be responsive to court orders, saying, “Our privacy commitment does not extend to criminals.”
In the wake of the recent mass killings, advocates on both sides are watching closely for a shift in public sentiment that might put more pressure on tech companies to allow law enforcement access to encrypted information if they have a court order.
Some members of Congress are highlighting the terror attacks and threatening legislation in an attempt to pressure companies to make changes. Others have urged the creation of a blue-ribbon panel to study the issue and offer recommendations.
The FBI’s current reframing of the issue is a shift from past appeals for software designers to find technical solutions. At the same time, law-enforcement officials are citing the menace of terror attacks rather than emphasizing crimes like child abductions, as they’ve done previously.
Cindy Cohn, executive director of the Electronic Frontier Foundation, a privacy group, said the FBI’s shift “means they realize their first strategy wasn’t working.” She added, “By shifting the conversation to a ‘business model,’ they may think they have more leverage against those people.”
When the U.K. recently proposed giving officials more power to monitor communications, Apple fired back with a lengthy response saying the plan would threaten the security of millions of people’s data.
Mr. Comey isn’t the only law enforcement leader seeking to re-energize the effort to allow investigators pierce encryption in the wake of the terror attacks in Paris and San Bernardino, Calif.
In a lengthy report on the issue in November, Manhattan District Attorney Cyrus R. Vance Jr. argued, “Apple and Google are not responsible for keeping the public safe. That is the job of law enforcement. But the consequences of these companies’ actions on the public safety are severe.’’
Officials at Google declined to comment.
A year ago, senior Justice Department officials met with Apple lawyers and laid out concerns about “end-to-end” encryption, which makes it impossible for authorities to scrutinize the content of encrypted exchanges.
The meeting followed a decision by Apple to make end-to-end encryption a default setting for some features on its new iPhones. Google announced a similar move around the same time for its Android cellphone operating system, with both companies saying they were focused on protecting their customers’ privacy.
At the meeting, government officials raised the specter of a child’s murder going unsolved because a suspect’s or victim’s phone couldn’t be accessed. That infuriated the Apple lawyers and widened the gulf between the two sides, according to people familiar with the discussions. Tempers have cooled since then, but the policy differences remain.
Government officials acknowledge it may be hard to find a case where encryption indisputably prevented the thwarting of a deadly attack. Even where terrorists have used encrypted communications, they say, they generally also have engaged in unencrypted exchanges that law enforcement could monitor.
The problem of suspects “going dark” isn’t that investigators see nothing of what an individual does, but that they see far less of it, making it harder to know if an attack may be in the offing and try to prevent it beforehand, officials said.
Terrorism has made encryption a hotter issue, but police have long complained that it can interfere with investigations of an array of crimes. Some officials cite a 2012 federal appeals court ruling related to a child-pornography case as an example of how encryption can enable dangerous criminals to remain free.
In that case, investigators noticed an individual was using Internet connections at California hotels to access and share videos of child molestation. When they cross-checked the hotels’ registries for those dates, a single name came up. Authorities seized the man’s computers and hard drives, but all the data was encrypted. He was ordered to enter the password to the devices but he refused and was jailed for contempt of court.
An appeals court eventually ruled the man couldn’t be forced to provide a password, because to do so would have infringed his Fifth Amendment rights against self-incrimination. That forced prosecutors to drop the case and the man wasn’t charged.

No comments: