"Folks will go to jail if there's general warrants," FBI Director Jim Comey claimed in a Senate Judiciary Committee (SJC) hearing on Wednesday, in which he claimed that his agency is increasingly unable to pursue targets because they use encryption.
Comey apparently made the statement in order to minimize concerns that the FBI would abuse the "back doors" that he wants built into technology employing encryption protocols. Comey emphatically insisted that such back doors are necessary for law enforcement in order to carry out targeted criminal investigations, but experts contend that they are impossible to build in ways that couldn't be exploited by hackers; and, in any case, such access would intuitively seem susceptible to abuse by government officials eager to exploit such access more broadly.
Nonetheless, Comey belabored the point: “If law enforcement is reading everybody’s Snapchats or everybody’s Instagram posts, you can’t do that."
There's a very obvious problem with these assurances, however, as a brief history lesson will reveal: When Comey was Deputy Attorney General in 2004, he once had to race to Attorney General John Ashcroft's hospital bed to prevent White House Counsel Alberto Gonzales from exploiting Ashcroft's illness to get him to approve a surveillance dragnet that multiple DOJ lawyers had found legal problems with. Not only had the executive branch decided it could ignore FISA, a law requiring warrants for wiretapping in the United States, but they had also decided to collect Internet metadata in bulk, which for legal reasons also amounted to wiretapping content in the U.S.
In other words, Comey once fought executive branch efforts to do something even worse than a general warrant.
In the weeks afterwards, Comey and other DOJ lawyers secretly convinced the FISA Court to authorize a warrant to collect that Internet content in bulk. A general warrant. Yet no one went to jail, not for the general warrant, not for the wiretapping and bulk metadata collection conducted without warrants.
In his current role, Comey has avoided opening the Senate Intelligence Committee torture report for months, possibly to avoid Freedom of Information laws, possibly to avoid reviewing the crimes committed by the CIA and its contractors. Yet he claims, in apparent seriousness, that executive branch employees might one day go to jail for abuses of powers they conduct in secret.
And Comey's comment ignored one other key bit of history, one unmentioned until the second panel and then again at a later hearing on the same subject. The reason Apple and Google -- the unstated targets of the hearing -- are implementing better encryption for their phones, former President's NSA Review Group member Peter Swire explained to SJC, is because of some of the things the NSA had been doing, which have been revealed by Edward Snowden's leaks. Most notably, the NSA knowingly let its British partner GCHQ steal Google data from the fiber between its data centers. (The NSA also asks GCHQ to hack Google targets if it had no other way of hacking them.) Ordinarily, the FBI investigates when foreign governments break into private American company hardware to steal their data. But when GCHQ did it, the FBI -- both under Comey and his predecessor -- simply continued to partner with the offending spy agency, potentially even indirectly benefitting from the theft.
At a second hearing before the Senate Intelligence Committee on the same subject, Sen. Ron Wyden focused on Comey's role more personally. Wyden attributed the tech companies' rush to implement encryption to the public's dismay upon discovering the government had been collecting their communication records in bulk. "Senior officials, including you, Mr. Comey, chose to create secret law and support dragnet surveillance of law-abiding Americans."
So when FBI Director Jim Comey promised people would go to jail if they abuse surveillance, he didn't speak with a lot of credibility.
On the more central issue of whether providers could be forced to install back doors into their products (Comey insisted on calling such back doors "front doors," even though technically either designation amounts to the same thing), the FBI Director adopted an even odder stance. He suggested the overwhelming majority of encryption experts who have said installing back doors cannot be done securely simply haven't tried hard enough. He did so even while he repeatedly admitted he's not a technical expert, nor someone who can drive innovation.
On the issue on which Comey -- and his co-witness at the SJC hearing, Deputy Attorney General Sally Yates -- should have been experts, they were not. Over an hour and a quarter into the SJC hearing, Al Franken asked for actual data demonstrating how big of a problem encryption really is. Yates replied that the government doesn't track this data because once an agency discovers they're targeting a device with unbreakable encryption, they use other means of targeting. (Which seems to suggest the agencies have other means to pursue the targets, but Yates didn't acknowledge that.) So the agencies simply don't count how many times they run into encryption problems. "I don't have good enough numbers yet," Comey admitted when asked again at the later hearing about why FBI can't demonstrate this need with real data.
In point of fact, a recent wiretap report shows that in the criminal context, at least, federal agencies do count such incidences, sometimes. But they don't report the numbers in a timely fashion (5 of the 8 encrypted federal wiretaps reported in 2014 were from earlier years that were only then being reported), and agencies were eventually able to break most of the encrypted lines (also 5 of 8). Moreover, those 8 encrypted lines represented only 0.6 percent of all their wiretaps (8 of 1279). Reporting for encrypted state wiretaps were similarly tiny. Those numbers don't reflect FISA wiretaps. But there, FBI often partners with NSA, which has even greater ability to crack encryption.
In any case, rather than documenting the instances where encryption thwarted the FBI, Comey instead asks us to just trust him.
In a blog post earlier this week, Comey said he'd like to have a debate weighing the costs and benefits of encryption. But thus far, the FBI isn't prepared to have that debate with actual documentation (which they should have for proper oversight in any case) of how often it is a problem. Instead, Comey just promises that unlike past practice, even with Comey himself, the next time the Executive Branch abuses surveillance -- at least with general warrants -- someone will go to jail.