James Comey’s Default-Encryption Bogeyman

Publication Type: 
Other Writing
Publication Date: 
January 15, 2016

FBI Director James Comey recently told the Senate Judiciary Committee that encryption routinely poses a problem for law enforcement. He stated that encryption has “moved from being available [only] to the sophisticated bad guy to being the default. So it’s now affecting every criminal investigation that folks engage in.”

This assertion may reflect a shift in the Director’s approach to trying to convince lawmakers to regulate the commercial availability of strong encryption. To date, the principal argument has been that encryption interferes with counterterrorism efforts. Federal officials asking for legislative intervention, or seeking to shame companies into maintaining security architectures that would not interfere with surveillance, generally invoke the fear of terrorist attacks. Such attacks, or the threat of them, can provoke cooperation or legislative action that would otherwise be difficult to effectuate. In August, for example, the intelligence community’s top lawyer suggested that a terror attack could be exploited to turn legislative opinion against strong encryption. And Comey’s testimonylast month raised the specter of ISIL. He and other members of the intelligence community immediately mounted a full-court press against strong crypto following the tragedies in Paris and San Bernardino, even before investigators could conclude whether encrypted communications or devices played any role in either attack.

Proponents of strong encryption have long been suspicious of the claim that encryption interferes with counterterrorism investigations. Terrorism is quite rare in the US and encryption has never yet been shown to have thwarted investigations into any terrorist attacks that have taken place on US soil. This includes the May 2015 shooting in Garland, Texas that Comey has invoked. Comey points to the fact that one shooter exchanged encrypted text messages with “an overseas terrorist” shortly before the attack, but the FBI had already been monitoring one of the perpetrators for years and warned local authorities about him before the shooting. Plus, the FBI’s powerful ability to collect (unencrypted) metadata is the reason Comey knows the shooter sent those text messages.

Comey may be starting to recognize that his rationale for weakening encryption needs to hit closer to home if he hopes to persuade lawmakers and the American public. To that end, it looks like he, along with Manhattan District Attorney Cyrus Vance, is ready to argue that regular criminals — the kind more likely to predate on the general population — are getting away because of encryption.

What crimes, then, are law enforcement officials invoking in their latest calls for weakening encryption? If encryption affects “every” criminal investigation as Comey claims, you’d think that law enforcement would encounter encryption in investigations of the crimes it spends the most time and money working on. If so, then the majority of cases in which law enforcement encounters encryption should be drug cases. Statistically, the War on Drugs, not the War on Terror, would likely be the principal context in which mandatory encryption access for law enforcement would be used.

However, law enforcement’s anti-crypto advocacy hasn’t been focused on the War on Drugs. Much like Comey’s invocation of ISIL, other law enforcement leaders have asserted that the worst of the worst are the beneficiaries of strong security, focusing on murderers and sex offenders. Vance’s recent whitepaper, which calls for federal legislation mandating law enforcement access to encrypted devices, claims that iPhone device encryption using iOS 8 (which Apple cannot bypass) stymied the execution of around 111 search warrants in the space of a year. According to the report, those cases involved offenses including “homicide, attempted murder, sexual abuse of a child, sex trafficking, assault, and robbery.”

Vance’s list (which may or may not be comprehensive) is surprising. There is little overlap between the types of crimes where Vance claims Manhattan prosecutors encountered encryption, and the crimes which local and state law enforcement probably deal with most frequently. According to a newly-released FBI report, larceny, theft, assault, and drug offenses are the crimes most commonly reported by state and local law enforcement. Of those, only assault is on the Manhattan DA’s list. Drug crimes are not, even though drug arrests alone accounted for nearly a quarter of all arrests in Manhattan last year. By comparison, the other offenses on his list — homicide, robbery, sex crimes, and trafficking offenses — account for only a small fraction of reported crimes, according to the FBI report.

Read the full post at Just Security