The main problem facing Internet security researchers and tech companies seeking to protect people and businesses from hackers is that, when you get right down to it, certain powerful people with the U.S. government backing don't really want them to.
FBI director James Comey is particularly opposed to data encryption, to the point that when Apple boasted of the secure encrypted communications featured in its new iPhone 6 last month, Comey said he was “very concerned” about what he considers “companies marketing something expressly to allow people to place themselves beyond the law.”
And Comey expanded upon this theme in a speech he gave to the Brookings Institution, the text of which the FBI posted online today.
Let’s talk about court-ordered interception first, and then we’ll talk about challenges posed by different means of encryption.
In the past, conducting electronic surveillance was more straightforward. We identified a target phone being used by a bad guy, with a single carrier. We obtained a court order for a wiretap, and, under the supervision of a judge, we collected the evidence we needed for prosecution.
[Whereas today, in post-9/11 Patriot Act America, we get to skip all that “get a warrant” and “work under judicial supervision” constitutional stuff, right? Whoops: that's not where Comey's going with this.]
Today, there are countless providers, countless networks, and countless means of communicating. We have laptops, smartphones, and tablets. We take them to work and to school, from the soccer field to Starbucks, over many networks, using any number of apps. And so do those conspiring to harm us. They use the same devices, the same networks, and the same apps to make plans, to target victims, and to cover up what they’re doing. And that makes it tough for us to keep up.
Rewrite the law
Comey wants Congress to rewrite the 20-year-old Communications Assistance in Law Enforcement Act to cover apps and other technologies which plain didn't exist in 1994.
Specifically, since CALEA requires telecom companies to give police access to communications, Comey thinks CALEA should also apply to, for example, the new iPhone 6 – except that, since the iPhone 6 is encrypted, Apple itself can't get the data on it—and therefore can't make it accessible to law enforcement. And Comey has a problem with that.
Encryption is nothing new. But the challenge to law enforcement and national security officials is markedly worse, with recent default encryption settings and encrypted devices and networks—all designed to increase security and privacy.
With Apple’s new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default. Shortly after Apple’s announcement, Google announced plans to follow suit with its Android operating system. This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within.