WASHINGTON -- FBI Director James Comey called Thursday for "a regulatory or legislative fix" for technology companies' expanding use of encryption to protect user privacy, arguing that without such a fix, "homicide cases could be stalled, suspects could walk free, and child exploitation victims might not be identified or recovered."
Comey said he understood the "justifiable surprise" many Americans felt after former National Security Agency contractor Edward Snowden's disclosures about mass government surveillance, but he contended that recent shifts by companies like Apple and Google to make data stored on cell phones inaccessible to law enforcement went too far.
"Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction -- in a direction of fear and mistrust," said Comey, speaking at the Brookings Institution in Washington in his first major policy speech since taking over the FBI 13 months ago.
"Justice may be denied because of a locked phone or an encrypted hard drive," he said.
The latest versions of smartphone operating systems from Apple and Google provide strong default encryption that cannot be broken even by the companies themselves -- as long as users store data like photos only on their own devices and not in the cloud.
Law enforcement officials like Comey worry that as a result, some kinds of data will "go dark" to investigators who need forensic data to solve crimes. But the companies and tech experts both say strong default encryption is necessary to protect users from unwanted intrusions into their privacy by governments and freelance hackers.
Comey said the FBI was seeing "more and more cases" in which law enforcement officials believed there was significant evidence on a laptop or phone they couldn't access due to encryption. It's not clear, however, that any of the cases he specifically referenced -- from a murder in Louisiana to a hit-and-run homicide in California -- could not have been solved with a traditional warrant to cellular service providers.
"Law enforcement has access to more data than they've ever had access to," Matthew Green, an assistant professor of computer science at Johns Hopkins University, told The Huffington Post. "We're just finally as a society trying to get back to a point where it's a little more in line with what law enforcement would have been able to get back in the '80s."
Snowden's revelations have provoked a crisis abroad for major U.S. tech companies, which could lose billions as foreign customers leery of American software and devices compromised by the NSA turn to other providers. Comey said that he was "not trying to jump on the companies," like Apple and Google, that implement encryption systems closed off to law enforcement and that he believed they were "responding to a marketing imperative."
The FBI director didn't propose any specific legislative solution, saying he simply hoped to begin a dialogue about the issue. He indicated that he wanted some way for manufacturers to provide law enforcement with access to their devices under a court order.
"We aren’t seeking a back-door approach," Comey said. "We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process -- front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks."
Green said that statement indicates Comey would be comfortable with either the government or tech companies themselves holding onto the tools necessary to decrypt messages and data.
But whether law enforcement has access to users' information through a legally mandated front door or a covertly installed back door, others argue that intentionally giving electronic devices privacy vulnerabilities carries great risks.
"Sophisticated adversaries" could use the same holes to siphon off data, said Christopher Soghoian, the principal technologist for the American Civil Liberties Union, in a question posed to Comey during a questions-and-answers period Thursday. Many have warned that those adversaries could include foreign governments like China or freelance hackers.
"I don't think that anybody with complete confidence can build an interception-proof system," Comey acknowledged. But, he added, "when you aggregate various risks and tradeoffs, the alternative doesn't make any sense to me."
The Justice Department and FBI have been raising their increasing concern over criminals or terrorists "going dark" for years. Any push in Congress to provide the government with more tools to access user data, however, will likely face opposition from the tech companies and from privacy advocates.
Sen. Ron Wyden (D-Ore.), a tech industry ally and NSA foe, tweeted in response to Comey's speech that he opposes "requiring companies to build back doors into their products."
"This Apple thing wasn't done on a whim," said Green. "I don't think you're going to see anyone back down right away."
Comey said he understood the "justifiable surprise" many Americans felt after former National Security Agency contractor Edward Snowden's disclosures about mass government surveillance, but he contended that recent shifts by companies like Apple and Google to make data stored on cell phones inaccessible to law enforcement went too far.
"Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction -- in a direction of fear and mistrust," said Comey, speaking at the Brookings Institution in Washington in his first major policy speech since taking over the FBI 13 months ago.
"Justice may be denied because of a locked phone or an encrypted hard drive," he said.
The latest versions of smartphone operating systems from Apple and Google provide strong default encryption that cannot be broken even by the companies themselves -- as long as users store data like photos only on their own devices and not in the cloud.
Law enforcement officials like Comey worry that as a result, some kinds of data will "go dark" to investigators who need forensic data to solve crimes. But the companies and tech experts both say strong default encryption is necessary to protect users from unwanted intrusions into their privacy by governments and freelance hackers.
Comey said the FBI was seeing "more and more cases" in which law enforcement officials believed there was significant evidence on a laptop or phone they couldn't access due to encryption. It's not clear, however, that any of the cases he specifically referenced -- from a murder in Louisiana to a hit-and-run homicide in California -- could not have been solved with a traditional warrant to cellular service providers.
"Law enforcement has access to more data than they've ever had access to," Matthew Green, an assistant professor of computer science at Johns Hopkins University, told The Huffington Post. "We're just finally as a society trying to get back to a point where it's a little more in line with what law enforcement would have been able to get back in the '80s."
Snowden's revelations have provoked a crisis abroad for major U.S. tech companies, which could lose billions as foreign customers leery of American software and devices compromised by the NSA turn to other providers. Comey said that he was "not trying to jump on the companies," like Apple and Google, that implement encryption systems closed off to law enforcement and that he believed they were "responding to a marketing imperative."
The FBI director didn't propose any specific legislative solution, saying he simply hoped to begin a dialogue about the issue. He indicated that he wanted some way for manufacturers to provide law enforcement with access to their devices under a court order.
"We aren’t seeking a back-door approach," Comey said. "We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process -- front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks."
Green said that statement indicates Comey would be comfortable with either the government or tech companies themselves holding onto the tools necessary to decrypt messages and data.
But whether law enforcement has access to users' information through a legally mandated front door or a covertly installed back door, others argue that intentionally giving electronic devices privacy vulnerabilities carries great risks.
"Sophisticated adversaries" could use the same holes to siphon off data, said Christopher Soghoian, the principal technologist for the American Civil Liberties Union, in a question posed to Comey during a questions-and-answers period Thursday. Many have warned that those adversaries could include foreign governments like China or freelance hackers.
"I don't think that anybody with complete confidence can build an interception-proof system," Comey acknowledged. But, he added, "when you aggregate various risks and tradeoffs, the alternative doesn't make any sense to me."
The Justice Department and FBI have been raising their increasing concern over criminals or terrorists "going dark" for years. Any push in Congress to provide the government with more tools to access user data, however, will likely face opposition from the tech companies and from privacy advocates.
Sen. Ron Wyden (D-Ore.), a tech industry ally and NSA foe, tweeted in response to Comey's speech that he opposes "requiring companies to build back doors into their products."
"This Apple thing wasn't done on a whim," said Green. "I don't think you're going to see anyone back down right away."