FBI's Proposals for Mandatory Tech Security 'Back Doors' Are Slammed by Bipartisan Committee
An FBI proposal to force companies to provide law enforcement with so-called back doors into consumer phones and computers would be like “drilling a hole in a windshield,” said Rep. Jason Chaffetz, R-Utah, chairman of the U.S. Committee on Oversight and Government Reform. Rep. Ted Lieu, D-Calif., called the proposal “stupid” and said law enforcement should “just follow the damn Constitution.”
The committee on Wednesday considered whether Congress should pass laws requiring companies to add back doors to their products. In other words, the FBI wants a way to get into consumer data that theoretically only law enforcement—and not hackers—can exploit.
Companies like Apple and Google are increasingly securing their products in response to consumer demands. But law enforcement representatives are pushing Congress to pass laws around this, because they say that protecting people’s human and constitutional right to privacy makes it harder to “catch the bad guys.”
On Wednesday a district attorney from Massachusetts, Daniel Conley, claimed that encryption makes data “warrant-proof.” And the FBI’s representative, Amy Hess, claimed that encryption helps “every violent, sexual or financial crime in which handheld technology is used,” despite later saying that encryption makes people safer.
But what the FBI is asking for is basically impossible, testified technologist and respected cryptography expert Matt Blaze. The “stark reality” is that a system cannot have a back door that “only works for the good guys,” Blaze argued.
“I don’t see a practical way to implement this. I’m appointing you the head of the NSA, anybody have an idea?” followed the committee’s vice chairman, Rep. Blake Farenthold, R-Texas. The only hand that went up was from the district attorney, Conley, who has no technical background: “I’m no expert, I’m probably the least tech-savvy person in this room … but if we can send someone to the moon, we can design a secure back door.”
Later, Hess, the FBI representative, went even further and lied to the committee: When Chaffetz pushed her on whether the FBI is collecting location data (“Are you tracking my wife right now?” he asked), Hess said the FBI obtains warrants to gather location data only, except in exigent circumstances.
This is false. The FBI regularly uses technologies like “Stingrays” that vacuum up all location data, and it does not feel it needs warrants for them. Hess represents the FBI’s science and technology branch.
What the FBI also left out from its testimony is the arsenal of ways it can get to people’s data without using back doors. The FBI can often subpoena individuals to testify about what encrypted communications say (some courts hold that forcing a person to give up an encryption key is not incriminating oneself). Or the FBI can skip the content and simply convict people using metadata. For instance, back doors would not have made any difference at all in the case of former CIA officer Jeffrey Sterling, who was recently convicted on nine counts of giving classified materials to a reporter—based on his simply speaking with a reporter but no evidence of the content of their conversations.
The FBI also left out that it engages in hacking to get around encryption. Law enforcement can remotely access and infect computers with malware. The FBI calls this method “network investigative techniques,” which is a euphemism for hacking. If it wants, the FBI can make your computer upload files, activate your microphone or completely take over your computer. This was very recently done in “Operation Torpedo” to track and shut down websites on the dark Web such as Silk Road.
The consequences are potentially devastating for our fundamental human and constitutional rights. Imagine if law enforcement were able to run a way-back machine of your whole digital life. Or if the government could make any connection it wanted and access every email you have written, to anyone, ever. That makes searching houses and cars—the traditional zones of search warrants—look like nothing. It threatens to undermine the whole point of the Fourth Amendment and guarantees under human rights treaties binding on the United States.
These problems are part of the reason why the committee rebuked the FBI on Wednesday, and also why free speech and privacy organizations around the world, including United Nations experts, adamantly say no to back doors. The very same proposals failed back in the 1990s in what were called the “Crypto Wars” when law enforcement wanted to introduce “Clipper chips” into the emerging cellphone market.
By undermining cybersecurity, back doors will make us less safe. In every way they are very unnecessary, and very harmful.
Carey Shenkman is a First Amendment and human rights lawyer with two degrees in mathematics. He works for Michael Ratner, president emeritus of the Center for Constitutional Rights, in New York City. Follow him on Twitter @CareyShenkman.