Wyden Says Questions Remain Over FBI Encryption Debate
Sen. Ron Wyden, D-Ore., wants more answers from the FBI in a debate about the agency allegedly misleading Congress on encryption back doors (see 1805230027). Though the bureau repeatedly claimed in 2017 it couldn't unlock 7,775 devices, officials recently acknowledged the number is closer to 1,200.
“My guess is they [admitted] it because they knew it was going to come out, and they know that I would keep pushing until we got the facts, so I’ll have additional questions to ask,” Wyden told us. He said there’s a lack of information about who law enforcement consulted on back-door access. Former FBI Director James Comey, Director Christopher Wray and Deputy Attorney General Rod Rosenstein claimed Silicon Valley leadership is capable of finding a way to allow exceptional access without raising significant security risks. “One of the reasons I drilled so deeply to try to figure out how they were pursuing it is I felt that their public statements didn’t add up,” Wyden said.
In line with the FBI’s claims, former Microsoft Chief Technical Officer Ray Ozzie pitched a proposal he said satisfies both consumer privacy and law enforcement needs. A recent report from the National Academies of Sciences, Engineering and Medicine highlights the central issue of the encryption debate: Adding government access to encryption plans weakens security of encrypted products and services, but the absence of access hampers official investigation. Tufts University cybersecurity professor Susan Landau said the FBI failed to offer fact-based solutions, and the National Academies report shows exceptional access creates serious security issues. She said if smartphones are used to provide authentication codes in multifactored authentication, a requirement for exceptional access to unlock the phones adds some degree of risk if the authentication codes can be obtained from a lost or stolen phone. The FBI’s claim that Silicon Valley can come up with solutions is not a fact, but “a thought,” she said.
University of Surrey criminal law lecturer Melissa Hamilton said reports suggest the FBI numbers may have been inflated because software attempted to decode the same phones multiple times. She defended hacking into a small number of phones for potential mass-scale crimes like terrorism or shootings. “If the investigation is also an attempt to prevent a future serious crime, is that not significant as well in the era of mass shootings?” she asked.
New America Open Technology Institute Director-Surveillance and Cybersecurity Policy Sharon Bradford Franklin said a DOJ Inspector General report released in March (see 1803280043) showed the FBI isn't interested in pursuing leads contradicting the agency’s “going dark” argument. The report concluded the bureau failed to explore all in-house options before suing to force Apple to help the agency access a terrorist’s iPhone after a 2015 San Bernardino, California, attack. The lawsuit was eventually dropped. “It really calls into question their credibility as a whole,” she said. Digital rights groups asked that DOJ’s IG open a new investigation. After a report in The Washington Post, ACT|The App Association President Morgan Reed said "willingness to distort the reality around encryption to meet a political agenda not only jeopardizes the agency’s credibility, but also our security.”
Information Technology and Innovation Foundation Vice President Daniel Castro said law enforcement’s unwillingness to compromise left industry in an awkward position: “They find themselves in opposition to law enforcement instead of finding a tenable and willing partner.” Will the FBI continue “trotting out the same argument that these kinds of backdoors are necessary?” Castro said. The agency declined to comment.