The FBI Used to Recommend Encryption. Now They Want to Ban It

By Trevor Timm, Guardian UK

29 March 15

For years, the agency recommended phone encryption as a defense against criminals. Now, that information has been scrubbed from public view

he FBI wants to make us all less safe. At least that’s the implication from FBI director Jim Comey’s push to ban unbreakable encryption and deliberately weaken everyone’s security. And it’s past time that the White House makes its position clear once and for all.

Comey was back before Congress this week - this time in front of the House Appropriations Committee - imploring Congressmen to pass a law that would force tech companies to create a backdoor in any phone or communications tool that uses encryption.

He also revealed the Obama administration may be crafting such a law right now. “One of the things that the administration is working on right now is what would a legislative response look like that would allow us … with court process to get access to that evidence”, he said.

The whole controversy stems from Apple’s decision to encrypt iPhones by default - so that only the user can unlock a phone with a pin or password and even Apple itself does not have the key. It was a huge step forward for security, and given that the US government considers cybersecurity attacks a more dire threat than terrorism, you’d think they’d be encouraging everyone to use more encryption. But Comey essentially argued to Congress that because encryption sometimes makes FBI investigations harder, it should be outlawed.

The idea that all of a sudden the FBI is “going dark” and won’t be able to investigate criminals anymore thanks to a tiny improvement of cell phone security is patently absurd. Even if the phone itself is protected by a passphrase that encrypts the device, the FBI can still go to telecom companies to get all the phone metadata they want. They can also still track anyone they choose by getting a cell phone’s location information 24 hours a day, and of course they can still wiretap the calls themselves. Let’s not forget that with a four digit passcode - like iPhones come with by default - can easily broken into by the FBI without anyone’s help anyways. So a vast majority of this debate is already moot.

Beyond a few vague hypotheticals, Comey wouldn’t give any specific examples at the hearing about where this has tripped up the FBI before, but the last time the FBI did, what they said was immediately debunked as nonsense.

If you want to understand why encryption is important for protecting your data, look no further than the FBI’s own website. Well, at least you could until last week. For years, the FBI recommended people enable encryption on their phone to protect themselves against criminals, but at some point prior to Comey’s testimony, the FBI scrubbed that information from public view. (On 27 March the FBI told the National Journal that the security tips were not intentionally deleted, but “were because of the agency’s ongoing website redesign.”)

In other words, as security expert Jonathan Zdziarski remarked, the FBI “has weakened their recommended standards [and] best practices to intentionally leave you vulnerable to security breaches.” Computer science professor Matt Blaze put it another way: “Basically, the FBI is saying that they think you’re more likely to commit a crime than need to protect yourself against crime.”

The only thing worse than Comey’s position was the know-nothing members of the Appropriations Committee, who at various times were fawning all over Comey’s proposal and displaying zero knowledge about basic technological precepts. The video of the back-and-forth is cringe worthy.

When I say “know-nothing,” I’m not being facetious or hyperbolic. Take Representative John Carter for example, who the other members of the Appropriations Committee affectionately call “Judge” and kept deferring to in the hearing for his supposed wisdom. He also happens to be chairman of the subcommittee on Homeland Security in charge of funding cybersecurity. Carter prefaced his comments about cybersecurity and encryption by literally saying “I don’t know anything about this stuff.”

Yes, you read that right. The man in charge of billions of dollars of cybersecurity funding openly admits he has no idea what he’s doing. You can imagine how much “wisdom” his three minute soliloquy on the dangers of encryption contained.

The White House, for its part, was allegedly supposed to release their official position on the issue already, given the controversy. A White House official recently said: “[Obama] actually said there is no scenario in which the US government does not support strong encryption”. But now Comey is saying they may be drafting a law that states the opposite.

So which is it, do they want to encourage people to protect their security and privacy with technology, or do they want to pass a law to make that illegal?