FBI director James Comey thinks FBI’s own online safety tips should be illegal

originally published in ConsumerAffairs

Q: What does FBI director James Comey have in common with your average computer hacker?

A: They both really, really hate the idea of secure encrypted data.

When Apple launched its iPhone 6 in September, it bragged about the phone’s strong security features, including automatic data encryption. Which made Comey, who’s been the FBI director since September 2013, predict that encrypted communications could lead to a “very dark place” and criticize “companies marketing something expressly to allow people to place themselves beyond the law” — as opposed to, say, “Marketing something expressly so people know hackers can’t steal photographs and other personal data off their phones.”

On the contrary. According to Comey, the people most likely to benefit by encrypted phones include kidnappers, terrorists and pedophiles: “The notion that people have devices… that with court orders, based on a showing of probable cause in a case involving kidnapping or child exploitation or terrorism, we could never open that phone? My sense is that we’ve gone too far when we’ve gone there,” Comey said in a televised interview.

Which does indeed sound terrible, except that (as CNN’s Jose Pagliery pointed out) it’s not true. Even with encryption, police and the FBI can still get data off your phone —they just can’t do it without your knowledge:

The FBI can still get your phone data. Now, they can’t do it secretly by going to Apple or Google. Agents must knock on your front door with a warrant in hand — the way it’s always been.

If you don’t give the FBI access to your phone, it can ask a federal judge to force you. If you refuse, the government can throw you in jail and hold you in contempt of court.

Make it illegal

Pagliery also pointed out a rather more obvious problem: if data remains unencrypted, thus granting government the ability to remotely get it without your knowledge, that means hackers also have the ability to get your data without your knowledge.

Despite this, Comey has gone so far as to suggest Congress make data encryption illegal, via rewriting the 20-year-old Communications Assistance in Law Enforcement Act to make it cover apps and other technologies which didn’t exist back in 1994.

Specifically: since CALEA requires telecom companies to give police access to communications, Comey thinks CALEA should also apply to, for example, the new iPhone 6 – except that, if the phone is encrypted, Apple itself can’t get the data on it, and therefore can’t hand it over to law enforcement. Only if the data remains unencrypted can Apple or any other phone provider (or a clever hacker) take data off it and give it to police (or an identity thief) without your knowledge.

Easier for hackers

In light of Comey’s remarks, it seems safe to say “The FBI, at least under James Comey’s aegis, wants all of your private communications and data to stay at risk of being hacked, since that will also make it easier for tech companies and the government to look at that data without your knowing about it.”

But the FBI didn’t always have this attitude. On October 12, 2012 – almost exactly two years before Comey’s ominous grumblings about the “very dark place” encryption will surely lead us – the FBI’s “New E-Scams and Warnings” website published an article warning “Smartphone Users Should be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise,” including a bullet-pointed list of “Safety tips to protect your mobile device.” And the second tip on the list says this: “Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.”

But James Comey doesn’t like it, because it also means that if the police, FBI, NSA or any other government authority wants to read that personal data, they’ll need to visit a judge, get a search warrant and physically take possession of the phone. And so, two years after the FBI shared this anti-hacker safety technique with the American people, the FBI director wants Congress to make it illegal.