FBI Official Backs ‘Lawful Access’ to Encrypted Phones
Tech companies need to build mobile devices that allow police “lawful access by design” and strike a better balance in the end-to-end encryption debate, FBI Science & Technology Branch Section Chief Katie Noyes said Thursday. The longstanding debate is over law enforcement’s desire to create backdoors into encrypted devices (see 2004060064). Companies should be thinking about statutes that allow lawful access during the design phase, not when products have already been deployed, she said during a Center for Data Innovation livestream.
The access that police seek could turn law enforcers into breach victims and result in death for Noyes’ colleagues, said Cato Institute Senior Fellow Patrick Eddington, a former CIA analyst. Any attempt to force companies like Apple or Google to “deliberately build defective products” is a First Amendment violation, and law enforcement ignores that encryption is a vital tool for protecting their own operations, he said: Injecting deliberate imperfections into product design guarantees access for bad actors.
Law enforcers have demonstrated they can track terrorists without weakening encryption standards, said Eddington. He quoted former NSA Director Michael Hayden saying the government is able to kill foreign adversaries using metadata. National Association of Criminal Defense Lawyers 4th Amendment Center Director Jumana Musa cited Hayden’s remarks about how end-to-end encryption presents challenges to law enforcement but is ultimately better than the alternative, which opens the door to weakened security standards.
There are alternative methods for tracking perpetrators, but those alternatives aren’t always scalable or consistent, said Noyes: They’re also “very expensive.” Finding ways to crack phones isn’t always timely when trying to foil terror plots or child abuse, she said: The FBI wants to collaborate with advocates, but there should be a better balance.
Law enforcement is seeking too much access, said Boston University professor Gabriel Kaptchuk. If law enforcement can access encryption key material, then bad actors in China and Russia can also gain access, he said. The FBI is simply asking for “modernization,” said Noyes, much like the balance it achieved with the 1994 passage of the Communications Assistance to Law Enforcement Act. CALEA required phone companies to redesign their networks to make it easier for police to wiretap digital phone calls. What’s lost in the privacy discussion surrounding encryption is the victims of these crimes, she said.
Law enforcement’s overarching mentality is to “get the bad guy” at all costs and ignore individual rights, said Eddington. Crime will never be fully eradicated, so the question becomes whether law enforcement can maximize use of its existing tools, he said. The FBI misrepresented to Congress in 2018 that it had more than 7,800 encrypted phones it couldn’t access, when the number was closer to 1,200, said Musa: “That’s a pretty big misrepresentation.” It calls into question all of law enforcement’s claims on this front, she said. Building a system in which only the government can access devices when there’s alleged criminal activity is a “form of magical thinking," said Eddington. Technology, including cars and firearms, is routinely misused, but that doesn’t mean it should be banned, he said.