Sergey Nivens - Fotolia

FBI director reiterates call for action on encryption

The world is wasting time in resolving the conflict between privacy and public safety, and should consider an international framework on encrypted data access, says FBI director James Comey

FBI director James Comey has reiterated his call for technology firms to find a way to balance privacy with public safety concerns.

He believes surveillance is necessary for effective law enforcement, and since 2014 has been calling for co-operation from tech producers to enable law enforcement to access digital content when necessary.

There needs to be a public conversation about balancing privacy with public safety before it is too late, Comey told a symposium on intelligence in national defence at the University of Texas in Austin.

“We can’t have this conversation after something really bad happens,” he said, adding that the world is “wasting time to try to figure out how thoughtful people would resolve this conflict”.

Comey said that while concerns about allowing backdoors could create opportunities for bad actors and make US products unpopular overseas are “reasonable”, he said that in the wake of a serious event, the American people are “going to go on fire”, and it will be difficult to have a “thoughtful, nuanced balancing of interests”.

In the US, he suggested there should be a requirement for all makers of computing devices and apps sold in the local market to be able to comply with the US judicial process if necessary.

“I get it, the makers of devices and apps really don’t have an incentive to internalise the public safety harm,” he said. “My job is to worry about public safety. Their job is about innovating and selling more units, but somehow we need to bring these together and see how we can optimise those two things.

“I should not be the one to say this is what the tech should look like, nor should they say I don’t care about the public safety aspect.”

Read more about the IP Act

  • Labour’s shadow home secretary, Diane Abbott, says wider society must now debate the controversial Investigatory Powers Bill, despite parliamentary approval.
  • As the Investigatory Powers Bill goes through its final stages in parliament, a former GCHQ intelligence officer puts forward the case for the bulk surveillance powers contained in the legislation.
  • Former NSA technical director Bill Binney talks about the Investigatory Powers Bill and the UK government’s independent review of bulk surveillance powers.

However, Comey said an international approach would make more sense. “I don’t want to be any part of chasing the innovation from this great country to other places.

“I could imagine a community of nations committed to the rule of law developing a set of norms – a framework for when government access is appropriate; what judicial standards are at work; what the obligations are,” he said.

Without international collaboration in this regard, Comey said there is a danger that the world will end up with an inconsistent set of standards.

Implications on sales outside the US

US tech firms are concerned that enabling law enforcement to access content on devices will harm sales outside the US, but Comey said a lack of international standards around encryption could lead to a balkanisation of data, which could be something that will “hurt US enterprise”.

Solving the encryption dilemma is not “too hard”, he said, but requires a change in business model, according to experts inside the US government and private sector partners.

“For instance, the FBI business model is to equip our agents with what I think are great mobile devices and we have worked hard to make them secure, but we have designed it so that we have the ability to access the content,” he said.

Cyber now integral to the FBI’s work

In his opening remarks, Comey said cyber is an increasingly important component of the work done by the FBI.

“Every threat the FBI faces today comes at us through the internet,” he said, adding that all crime, counter intelligence, fraud and harm to children has a digital component.

Logic tells us, he said, that it’s only a matter of time before terror groups move from using the internet for things for recruitment and communications to using it as an “instrument of destruction”.

Similar concerns led to the UK government’s recent adoption in December 2016 of the controversial Investigatory Powers Act, which was strongly opposed by tech firms and rights organisations.

Challenging state surveillance powers

In March 2017, civil rights organisation Liberty issued a legal challenge to the indiscriminate state surveillance powers in the legislation, which opponents commonly refer to as the Snoopers’ Charter.

Liberty is challenging the unprecedented “bulk” surveillance powers that allow the state to monitor everyone’s web history and email, text and phone records, as well as hack computers, phones and tablets.

The plans argue that several powers created by the legislation breach the British people’s rights, including the power that lets police and agencies access, control and alter electronic devices such as computers, phones and tablets, regardless of whether their owners are suspected of involvement in crime, leaving them vulnerable to further attacks by hackers.

The Home Office claims the legislation is necessary to protect the UK’s national security, and that it has sufficient oversight for the surveillance powers it gives. But civil rights groups have said the powers are draconian and too intrusive.

Read more on Privacy and data protection