The FBI Has No Idea How to Solve Its Encryption Problem

A Bureau representative failed to offer solutions in front of a congressional hearing.

|
Apr 29 2015, 9:46pm

Image: Brookings Institution/Flickr

The FBI has been railing against encryption for more than six months, arguing that its widespread use would "lead us all to a very dark place," and that it would help child abusers, terrorists, and other criminals escape the long arm of the law.

On Wednesday, the FBI had a chance to make its case in the first congressional hearing on this issue in years. And yet, Amy Hess, the executive assistant director of the FBI's Science and Technology Branch, failed to clearly say exactly what the FBI wants from Apple, Google, and other companies—once again.

On Wednesday, the House Committee on Oversight and Government Reform held a hearing on encryption technology, with the goal of discussing American law enforcement claims that new security measures by Apple and other companies might hinder investigations, and what can be done to prevent that. The FBI, as well as President Barack Obama and other government officials, are worried that the encryption used to secure data stored on a cellphone, as well as messages sent by cellphone users, could stop investigators from accessing relevant information during investigations.

When asked directly if the FBI wants a backdoor, Hess dodged the question and did not describe in detail what actual solution the FBI is seeking.

"We are simply asking for information that we seek in response to a lawful order in a readable format."

"We are simply asking for information that we seek in response to a lawful order in a readable format," Hess responded, while also repeating that the Bureau supports strong encryption. "But how that actually happens should be the decision of the provider."

When pressed again, Hess said that it would be okay for the FBI not to have a key to decrypt data, if the provider "can get us that information by maintaining the key themselves."

The problem, according to numerous technologist and encryption experts, is that you cannot design a secure encryption system that would allow for something like that. Because if someone has a key, or a backdoor to access supposedly encrypted data, criminals or malicious hackers can get their hands on that too.

During the hearing, Rep. Blake Farenthold (R-Texas) asked whether anyone among the witnesses believed you could build a technically secure backdoor with a "golden key"—a term that's been used by some to describe a potential solution in the past— and encouraged them to raise their hand if they did.

No one, including the FBI's Hess, as well as Daniel Conley, the Suffolk County District Attorney in Massachusetts, who denounced that mobile phones are "the tools of terrorists" and that encryption will help perverts and terrorists, raised their hand.

Technologists and privacy advocates quickly decried the FBI's lack of technical details when requesting a solution to what the bureau calls the "going dark" problem, a scenario where unbreakable encryption is so pervasive that agents don't have access to relevant data during investigations.

Matt Blaze, an associate professor in computer science at Penn and a respected cybersecurity and cryptography expert, repeated that point during the hearing, saying that there's no such thing as "security systems that can be bypassed by the good guys but that also reliably keep the bad guys out."

"As a technologist I can't ignore a stark reality, which is simply that it can't be done safely."

"As a technologist I can't ignore a stark reality, which is simply that it can't be done safely."

But, in a bizarre response, Conley complained about Blaze's and other technologists' attitude, invoking the moon race.

"Jeez I hate to hear talk like 'that cannot be done.'" he said. "Think about if Jack Kennedy said 'we can't go to the moon. That cannot be done.' He said something different, we're gonna get there in the next decade."

Unsurprisingly, technologists mocked Conley's weird metaphor.

Even the members of the committee seemed strongly opposed to the idea of weakening encryption to help law enforcement agents get their hands on certain information.

Rep. Ted Lieu (D- Calif.), who described himself as a recovering computer scientist major, said that "creating a pathway for decryption only for good guys is technologically stupid."