IT APPEARS THAT THE FBI IS ANGRY AT APPLE AND GOOGLE FOR ENCRYPTING DATA ON YOUR SMARTPHONE
The Director of the FBI, James Comey, is upset that innovations in technology involving cryptology will render data stored on electronic devices beyond the reach of law enforcement – even with a court order. Specifically calling out Apple and Google for encrypting data on their smartphones and not providing law enforcement with immediate and unsupervised access to the encryption keys.
Excerpts from Director Comey’s speech at the Brookings Institute …
James B. Comey, Director, Federal Bureau of Investigation Excerpted – and [my comments in bracketed blue italics] I wanted to meet with you to talk in a serious way about the impact of emerging technology on public safety. And within that context, I think it’s important to talk about the work we do in the FBI, and what we need to do the job you have entrusted us to do. Technology has forever changed the world we live in. We’re online, in one way or another, all day long. Our phones and computers have become reflections of our personalities, our interests, and our identities. They hold much that is important to us. [Fourth Amendment to the Constitution of the United States – “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Searches are not and should not be open-ended fishing expeditions. And, while there are national security issues involved with real-time data, there are few real-time searches that cannot be handled by a post-facto court disclosure within 72-hours.] And with that comes a desire to protect our privacy and our data—you want to share your lives with the people you choose. I sure do. But the FBI has a sworn duty to keep every American safe from crime and terrorism, and technology has become the tool of choice for some very dangerous people. [The FBI is a law enforcement agency that has a duty to protect the continuity of government and the general order by investigating illegal activities. There must be a reasonable suspicion that illegal activities are occurring and a court mandate to conduct surreptitious electronic surveillance. There is no FBI duty to protect individual Americans from crime or terrorism.] Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem. We call it “Going Dark,” and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority. We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so. [There is a significant difference between preventing terrorism (a national security issue) and prosecuting ordinary crime – which is the duty of the Department of Justice. Extending extra-judicial abilities to combat terrorism to routine law enforcement matters should be considered very carefully, lest we find ourselves in a hyperpartisan politicalized police state.] We face two overlapping challenges. The first concerns real-time court-ordered interception of what we call “data in motion,” such as phone calls, e-mail, and live chat sessions. The second challenge concerns court-ordered access to data stored on our devices, such as e-mail, text messages, photos, and videos—or what we call “data at rest.” And both real-time communication and stored data are increasingly encrypted. [Is there any procedural difference between information contained in a locked safe or that contained in a locked chip? I think not. And, whereas the accused does not have to give up the combination of a locked safe, why should any party be required to give up a password. Of course, if there is a deal for partial or full transactional immunity, that is another issue. Constitution’s Fifth Amendment: “No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”] Let’s talk about court-ordered interception first, and then we’ll talk about challenges posed by different means of encryption. In the past, conducting electronic surveillance was more straightforward. We identified a target phone being used by a bad guy, with a single carrier. We obtained a court order for a wiretap, and, under the supervision of a judge, we collected the evidence we needed for prosecution. Today, there are countless providers, countless networks, and countless means of communicating. We have laptops, smartphones, and tablets. We take them to work and to school, from the soccer field to Starbucks, over many networks, using any number of apps. And so do those conspiring to harm us. They use the same devices, the same networks, and the same apps to make plans, to target victims, and to cover up what they’re doing. And that makes it tough for us to keep up. If a suspected criminal is in his car, and he switches from cellular coverage to Wi-Fi, we may be out of luck. If he switches from one app to another, or from cellular voice service to a voice or messaging app, we may lose him. We may not have the capability to quickly switch lawful surveillance between devices, methods, and networks. The bad guys know this; they’re taking advantage of it every day. In the wake of the Snowden disclosures, the prevailing view is that the government is sweeping up all of our communications. That is not true. And unfortunately, the idea that the government has access to all communications at all times has extended—unfairly—to the investigations of law enforcement agencies that obtain individual warrants, approved by judges, to intercept the communications of suspected criminals. [If the government is not sweeping up all of our communications, can you please explain the purpose of the NSA’s mega-datacenter in Utah. And, the disclosures that the NSA has directly tapped fiber-optic telephone and data lines for the purposes of intercepting any and all data without specificity and/or court order?] Some believe that the FBI has these phenomenal capabilities to access any information at any time—that we can get what we want, when we want it, by flipping some sort of switch. It may be true in the movies or on TV. It is simply not the case in real life. [Perhaps this is a semantic game – whereby the classified NSA scoops up all electronic data and the FBI simply accesses this treasure trove if necessary. Perhaps, they need to appear to allegedly get the data off a person’s private electronic devices as a cover for parallel reconstruction. That is, they know the data from the NSA intercept, and now have to sanitize it for the court without involving the NSA. Impossible or a conspiracy theory – not after what Edward Snowden has revealed.] It frustrates me, because I want people to understand that law enforcement needs to be able to access communications and information to bring people to justice. We do so pursuant to the rule of law, with clear guidance and strict oversight. But even with lawful authority, we may not be able to access the evidence and the information we need. [If this were literally true, the only example that Director Comey would need is the one involving the hijacker’s computer and the fact that the FBI was forbidden from accessing it. Something that may have saved approximately 3,000 lives and billions of dollars in damage. Read the story for yourself. Here the pre-9/11 law prohibited access and the FBI was denied access. Whether or not the FBI used national security criteria with the FISA court is unknown. Following this line of reasoning, perhaps access permission should be given and limited ONLY to national security issues and not for ordinary criminal prosecutions.] Current law governing the interception of communications requires telecommunication carriers and broadband providers to build interception capabilities into their networks for court-ordered surveillance. But that law, the Communications Assistance for Law Enforcement Act, or CALEA, was enacted 20 years ago—a lifetime in the Internet age. And it doesn’t cover new means of communication. Thousands of companies provide some form of communication service, and most are not required by statute to provide lawful intercept capabilities to law enforcement. [This may not be literally true as both wireline and wireless intercepts are covered; as are all public carriers of data. What may not be covered is access to individual electronic devices that are not under the direct control of the communications carriers.] What this means is that an order from a judge to monitor a suspect’s communication may amount to nothing more than a piece of paper. Some companies fail to comply with the court order. Some can’t comply, because they have not developed interception capabilities. Other providers want to provide assistance, but they have to build interception capabilities, and that takes time and money. [Boo hoo! Has anyone noticed the federal money pouring into the communications carriers like AT&T and the general exemptions these carriers appear to have been given special immunity from the consequences of wiretapping domestic citizens?] The issue is whether companies not currently subject to the Communications Assistance for Law Enforcement Act should be required to build lawful intercept capabilities for law enforcement. We aren’t seeking to expand our authority to intercept communications. We are struggling to keep up with changing technology and to maintain our ability to actually collect the communications we are authorized to intercept. [Are they asking for the ability to download all of the content of a user’s electronic device surreptitiously? Or, does this mean they want to build spying capabilities into smart television sets located in our homes à la George Orwell’s Big Brother monitoring system?] And if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place. Encryption is nothing new. But the challenge to law enforcement and national security officials is markedly worse, with recent default encryption settings and encrypted devices and networks—all designed to increase security and privacy. With Apple’s new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default. Shortly after Apple’s announcement, Google announced plans to follow suit with its Android operating system. This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within. Both companies are run by good people, responding to what they perceive is a market demand. But the place they are leading us is one we shouldn’t go to without careful thought and debate as a country. At the outset, Apple says something that is reasonable—that it’s not that big a deal. Apple argues, for example, that its users can back-up and store much of their data in “the cloud” and that the FBI can still access that data with lawful authority. But uploading to the cloud doesn’t include all of the stored data on a bad guy’s phone, which has the potential to create a black hole for law enforcement. And if the bad guys don’t back up their phones routinely, or if they opt out of uploading to the cloud, the data will only be found on the encrypted devices themselves. And it is people most worried about what’s on the phone who will be most likely to avoid the cloud and to make sure that law enforcement cannot access incriminating data. Correcting Misconceptions Some argue that we will still have access to metadata, which includes telephone records and location information from telecommunications carriers. That is true. But metadata doesn’t provide the content of any communication. It’s incomplete information, and even this is difficult to access when time is of the essence. I wish we had time in our work, especially when lives are on the line. We usually don’t. There is a misconception that building a lawful intercept solution into a system requires a so-called “back door,” one that foreign adversaries and hackers may try to exploit. But that isn’t true. We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process—front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks. [It appears that federal agencies have violated their “front door” privileges and that clarity and transparency in the Clinton, Bush and Obama Administrations was a joke.] Cyber adversaries will exploit any vulnerability they find. But it makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact. And with sophisticated encryption, there might be no solution, leaving the government at a dead end—all in the name of privacy and network security. [The FBI did not detect nor deter the JPMorgan Chase data breach and their investigations of foreign state-sponsored hackers may never be fruitful. But, what they never say is that the very people with the keys to the kingdom can comprise your data with impunity. Whether or not these keys are held by private corporations or federal agencies matters little. A compromise is a compromise.] Another misperception is that we can somehow guess the password or break into the phone with a so-called “brute force” attack. Even a supercomputer would have difficulty with today’s high-level encryption, and some devices have a setting whereby the encryption key is erased if someone makes too many attempts to break the password, meaning no one can access that data. [Except that Edward Snowden has given us a reason to believe that the encryption algorithms in public use, developed with the knowledge of the CIA and NSA, might already reduce the computing power needed to unencrypt the data,] Finally, a reasonable person might also ask, “Can’t you just compel the owner of the phone to produce the password?” Likely, no. And even if we could compel them as a legal matter, if we had a child predator in custody, and he could choose to sit quietly through a 30-day contempt sentence for refusing to comply with a court order to produce his password, or he could risk a 30-year sentence for production and distribution of child pornography, which do you think he would choose? [How the hell did we get from terrorism and national security to child pornography and child predators? This is the type of shifting sand, law enforcement requests are based upon; whereby the public is given an admirable example and then cedes far broader powers to be used for other – possibly political – purposes.] I’m deeply concerned about this, as both a law enforcement officer and a citizen. I understand some of this thinking in a post-Snowden world, but I believe it is mostly based on a failure to understand why we in law enforcement do what we do and how we do it. [Comey speaks about lofty and admirable goals – but says not one word about safeguarding the individual from abuse; or recompense for such abuse in the absence of actual dollar damages. Your reputation and future earnings are incalculable, so no harm, no foul, no compensation.] I hope you know that I’m a huge believer in the rule of law. But I also believe that no one in this country should be above or beyond the law. There should be no law-free zone in this country. I like and believe very much that we need to follow the letter of the law to examine the contents of someone’s closet or someone’s cell phone. But the notion that the marketplace could create something that would prevent that closet from ever being opened, even with a properly obtained court order, makes no sense to me. [First, if Comey really believed what he is saying, he would be investigating his boss and the President of the United States. Second, as for the closet, that is not the correct analogy – the correct analogy is a locked safe with a self-destruct mechanism like those used by federal agencies.] I think it’s time to ask: Where are we, as a society? Are we no longer a country governed by the rule of law, where no one is above or beyond that law? Are we so mistrustful of government—and of law enforcement—that we are willing to let bad guys walk away...willing to leave victims in search of justice? [Yes, some people are so mistrustful of government – especially a President and Administration that lies with impunity, that we have to let some bad guys walk away while protecting individual constitutional rights. And, if you want to be picky – consider that the FBI’s actions at Waco and Ruby Ridge were sketchy and provoked a civilian to blow up the Murrah Federal Building – with a great loss of life as a protest against a particular FBI sharpshooter and the FBI in general. That is not to excuse the miscreants wanton killing of innocent civilians, but to illustrate that there is deep distrust of a government that would use trumped-up charges against civilians for the purposes of little more than a publicity stunt.] There will come a day—and it comes every day in this business—where it will matter a great deal to innocent people that we in law enforcement can’t access certain types of data or information, even with legal authorization. We have to have these discussions now. I believe people should be skeptical of government power. I am. This country was founded by people who were worried about government power—who knew that you cannot trust people in power. So they divided government power among three branches, with checks and balances for each. And they wrote a Bill of Rights to ensure that the “papers and effects” of the people are secure from unreasonable searches. But the way I see it, the means by which we conduct surveillance through telecommunication carriers and those Internet service providers who have developed lawful intercept solutions is an example of government operating in the way the founders intended—that is, the executive, the legislative, and the judicial branches proposing, enacting, executing, and overseeing legislation, pursuant to the rule of law. Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust. It is time to have open and honest debates about liberty and security. Some have suggested there is a conflict between liberty and security. I disagree. At our best, we in law enforcement, national security, and public safety are looking for security that enhances liberty. When a city posts police officers at a dangerous playground, security has promoted liberty—the freedom to let a child play without fear. [Not everybody appears to be concerned with the rule of law and the Constitution of the United States. One need only cast their eyes on Comey’s boss, Attorney General Eric Holder who is under contempt of Congress for not providing legally subpoenaed documents. In essence, keeping all of the papers in a locked closet – or possibly a hard-drive destined for a future crash.] To read Comey’ remarks in context, they can be found at: <Source: FBI> |
Excuse me, before using the “terrorism” card to justify access to constitutionally-protected information, let us examine the use of the “organized crime” card that led to the RICO Act …
Whereas the RICO (Racketeering Influenced Corrupt Organizations) Act was designed as a federal law enforcement tool to be used against organized crime, we now find RICO routinely being used by states against corporations and individuals that have nothing to do with organized crime. Mostly to enhance penalties that coerce an accused party to knuckle-under to the prosecutor’s demands, namely accept a plea bargain that will remove a RICO charge from the table.
Law as a Weapon: How RICO Subverts Liberty and the True Purpose of Law
Much of the growth of federal criminal procedures has been tied to the expanded use of RICO—the Racketeer Influenced and Corrupt Organizations Act of 1970. RICO has succeeded in blurring the lines between state and federal law enforcement and in overturning the protections inherent in the due-process guarantees of the U.S. Constitution. <Read more …>
Prosecutor Misuse of RICO Laws Should End
There's a festering problem in Florida's criminal justice system: some state prosecutors are misusing our state's racketeering laws to wring guilty pleas out of innocent people and petty criminals afraid of spending decades in prison for crimes they didn't commit.
Abuse is rampant of Florida's version of the federal government's Racketeer Influenced and Corrupt Organizations Act; known more commonly by its acronym, RICO.
The federal version was created 40 years ago to fight the Mafia and the businesses and labor unions it controlled. Today in Jacksonville and elsewhere in Florida, prosecutors are attempting to use RICO laws to crush gangs. While gang-eradication is a worthwhile goal, the methods used to achieve it aren't so admirable.
People who are guilty of no more than knowing a gang member are being charged with racketeering - being part of a criminal organization - in order to get them to testify against friends or loved ones who might genuinely be guilty of criminal activities. These friends and family members face decades in prison if convicted under RICO laws. Rather than take their chances on justice, many come to plea agreements in which they take a few painful years in prison in exchange for their testimony. <Source>
Just as we see military-grade weaponry, clothes, and tactics being used in everyday law enforcement for the serving of warrants, are we to believe that federal access to constitutionally protected information will not be shared, bartered, or provided to local law enforcement agencies?
Where are the safeguards to protect American citizens from the man with the “keys to the kingdom?”
One, the number of former FBI and law enforcement officials employed in the government and the private sector comprises an “old boys club” where off-the-books favors are routinely exchanged. There is no departmental record and no court sanctions involved. Only by accident could some aggrieved party discover this inappropriate and illegal behavior.
Two, law enforcement agencies tend to cover-up instances of wrongdoing, often substituting a letter of censure in the employee’s confidential file rather than investigating and prosecuting the matter through the courts. One may recall Earl Southers, nominated by President Barack Obama to head the TSA (Transportation Security Administration) whose nomination was withdrawn when it was discovered he used law enforcement computers to access confidential criminal records about his then-estranged wife’s new boyfriend. But that’s not the problem – it appears that Southers was a former FBI agent and claimed that he had be “censured by his superiors at the FBI.” Instead of firing Southers or prosecuting what was clearly a criminal act, he received a slap on the wrist by the FBI. <Source> Of course, the FBI refused to comment further, citing the security of personnel issues.
Three, law enforcement agencies who employ unconstitutional or illegal means to secure confidential information are now using the very same information to create a method of “parallel reconstruction.” Re-engineering a method on how to obtain the same information using a method that would be acceptable in a court of competent jurisdiction. Or possibly by blackmailing or coercing a third-party to “flip” on the accused by using illegally-obtained information on the third-party, but not using the banned information on the accused.
Four, then there is the issue of data warehousing. Where data is collected in an anonymous manner – without specific warrant -- and stored in a database. When there is probable cause, a warrant is issued – and the law enforcement officials comb the database -- where data that wouldn’t exist except for the collection effort – and access data that can be used to demonstrate intent, a pattern of illegal practice, or reveal further information about the accused’s alleged illegal activities.
Five, then there are the leakers. Some are politicians or bureaucrats seeking to damage the political career of the opposition or kill a project. Some are criminals seeking to manipulate commercial projects or the stock market. Some are financially challenged and seek to sell information to news outlets and others. And, some are simply curiosity seekers who may disclose prohibited information to others to enhance their personal stature.
But, it all comes down to having trust in your government, its agencies, and its personnel. Something that is in short supply as Comey’s boss, Attorney General Eric Holder, might be questioned by Congress about using his office to obstruct justice.
Yes, we have laws that appear to punish those who access and release restricted information, but they are rarely applied …
It is amazing to me that the two subjects that politicians and law enforcement officials avoid when describing their urgent need to be able to wiretap any electronic device is the Constitution of the United States and the necessity of a law protecting citizens and providing compensation when reputations are damaged – but there are no real monetary injuries.
A law that provides for a mandatory jail term for any public official, employee, agent, or party employed or compensated by the government if they illegally access any electronically stored data for personal, political, or commercial reasons. And, once charged, the accused cannot plea bargain the charge downward to a lesser charge or plead guilty to another criminal act.
Furthermore, should there be multiple parties or a conspiracy between parties, all parties shall be charged equally.
And, should the government claim “national security,” the matter shall be reviewed by a court-appointed rotating three panel judge and their findings be presented in open court session – that is yea or nay on the national security exemption. If there is a national security claim and the material was used for personal, political, or commercial actions, the claim of national security shall give rise to the presumption of guilt.
Bottom line …
Director Comey is right. We should have a national conversation. Realizing that “We the People” are being asked to cede our Constitutional rights to a government that is arguably corrupt, inefficient, and self-serving. And, that once those rights are ceded, they are never coming back.
Personally, I like what Comey is saying about the Constitution and the rule of law. And, it appears that he has backed it up with action on at least two occasions by putting his job on the line for truth and justice. But, the question is can we believe Comey’s boss and others in the administration, now and in the future, to exhibit the same type of high ethical standards and loyalty to our Constitution?
But, let us not forget that the FBI couldn't even track the Tsarnaev brothers before they blew up the Boston Marathon -- even though they had received information directly from Russian authorities who uncharacteristically gave us a heads up.
At the time, the FBI's excuse was that "someone" had apparently misspelled “Tsarnaev” on a terrorist list. Given the liklihood that foreign names do not fit neatly into standard American data formats and that terrorists are likely to speak in coded phrases known only to them, the need to access the electronic devices of Americans for the purposes of combatting terrorism seems unlikely. That is, unless you are paranoid -- as is the Obama Administration -- and believe we are likely to face domestic terrorism from disaffected American soldiers with extensive training and combat skills. And, let us not forget that the FBI has been highly politicized to the point where they no longer use the term Islamic terrorist or Muslim Jihadi.
And, it was James Comey who told Congress that he knew the names of most of the Americans fighting overseas with ISIL and that they would be "closely tracked" when they return to the United States. Nothing about pulling their passports and leaving them abroad -- or arresting them upon return for providing material aid and comfort to the enemy or bearing arms against American and its allies. But, then again, let us not forget that Comey is a lawyer and may want to take the Eric Holder route and create a show trial for political purposes.
While I may personally regard those who leak classified documents for political purposes to be evildoers, we do owe a debt of gratitude to Edward Snowden who exposed the government’s lies about spying on American citizens on American soil. We should also be grateful to those whistleblowers who have demonstrated that our government is not above petty prosecutions, cover-ups, and other egregious behaviors.
The true test of whether or not the government is being honest is if Congress is going to seek sanctions against those Administration officials who lied while delivering testimony under oath. Egregious because all they had to do at the time was say that the matter was classified and could only be discussed in a classified closed door session. The fact that they led both Congress AND the American people should be of grave concern to those who see our civil liberties being eroded by corrupt, self-serving politicians and the bureaucracy that actually runs the government.
I suggest that you may wish to donate to the Electronic Frontier Foundation (www.eff.org) that is attempting to reconcile digital right in an analog world and is attempting to protect your Constitutional rights from being violated simply for the convenience of government.
-- steve
“Nullius in verba”-- take nobody's word for it!
"Acta non verba" -- actions not words
“Beware of false knowledge; it is more dangerous than ignorance.”-- George Bernard Shaw
“Progressive, liberal, Socialist, Marxist, Democratic Socialist -- they are all COMMUNISTS.”
“The key to fighting the craziness of the progressives is to hold them responsible for their actions, not their intentions.” – OCS "The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius “A people that elect corrupt politicians, imposters, thieves, and traitors are not victims... but accomplices” -- George Orwell “Fere libenter homines id quod volunt credunt." (The people gladly believe what they wish to.) ~Julius Caesar “Describing the problem is quite different from knowing the solution. Except in politics." ~ OCS