FBI director renews push for back doors, urging vendors to change business models

How this is done is up to the tech companies, he says

The FBI still wants backdoors into encrypted communications, it just doesn’t want to call them backdoors and it doesn’t want to dictate what they should look like.

FBI Director James Comey told the Senate Judiciary Committee that he’d been in talks with unspecified tech leaders about his need to crack encrypted communications in order to track down terrorists and that these leaders understood the need.

In order to comply, tech companies need to change their business model – by selling only communications gear that enables law enforcement to access communications in unencrypted form, he says, rather than products that only the parties participating in the communication can decrypt.

Businesses that sell phones whose stored messages can’t be decrypted by third parties or apps that encrypt voice and data end-to-end need to switch to selling products that they, with a court order, can unencrypt the communications, Comey says.

“There are plenty of folks who make good phones and are able to unlock them in response to a court order,” Comey says. “In fact the makers of phones that today can’t be unlocked, a year ago they could be unlocked. … The government hopes to get to a place where if a judge issues an order the company figures out how to supply that information to the judge and figures out on its own what would be the best way. And people I think also better understand today the government doesn’t want a backdoor to do that.”

Encryption keys that allow third parties to unlock the communications being sought are commonly known as backdoors. Doing what he describes would require backdoors, whether or not he calls them something else. The concerns of the security industry are that any such backdoors represent built-in weaknesses in encryption schemes that could be exploited by parties who don’t have court orders.

He also says tech companies should just accept that they would be selling less secure products.

“The question we have to ask is, ‘Should they change their business model?’” Comey says. “That is a very, very hard question. Lots of implications to that. We have to wrestle with it because of what’s at stake.”

FBI Director James Comey

The bottom line, though, is that encryption hinders FBI investigations, and that tech leaders recognize it. “We see that encryption is getting in the way of our ability to have court orders effective to gather information we need in our most important work, and we all agree we have to figure out whether we can maximize both of those values - safety and security on the Internet and public safety. That’s good news.”

He cited the case in Garland, Texas, last May in which two men tried to shoot up a contest for drawing cartoons of Muhammed.

“[T]hat morning before one of those terrorists left to try to commit mass murder, he exchanged 109 messages with an overseas terrorist,” Comey says. “We have no idea what he said because those messages were encrypted. And to this day I can’t tell you what he said with that terrorist 109 times the morning of that attack. That is a big problem.”

Comey didn’t address whether the FBI knew about the communication before the attack or whether he thought it could have prevented it.

He says it’s not his place to decide whether new laws are the way to go to get what he wants. That’s up to the Obama administration, which so far has not sought such legislation.

Join the CSO newsletter!

Error: Please check your email address.

More about FBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place