Long before he was in the new for run-ins with the president, former FBI Director James Comey was making headlines in the technology community for his comments around encryption.
In multiple public appearances like this one at the University of Texas at Austin in March Comey defended the need for law enforcement agencies to have access to tech products like mobile phones to aid in FBI investigations. Needless to say, Comeys declarations that he loves encryption have come under fire from numerous tech writers who contrast the former directors love of encryption with his continued calls for some kind of international component to help resolve the international encryption debate.
Comey said: I could imagine a community of nations committed to the rule of law developing a set of norms, a framework for when government access is appropriate – what judicial standards are at work, what the obligations appropriately are – because I don’t want any part of chasing the innovation from this great country to other places.
Comey appears to lack a deep enough understanding of technology and the worldwide availability of it. There will always be someone somewhere creating new, stronger encryption outside the rule of law Comey envisions in his idealized community of nations.
And who would participate in this community? Its unlikely China, a nation where many devices are manufactured, would ever agree to a framework allowing American intelligence agencies access to encryption standards. Its hard to imagine Russian officials agreeing to such an arrangement (or actually doing what they say they agree to do), let alone following the rules established therein. Even if most developed nations agreed to this framework, it wouldnt prevent the availability of strong encryption tools from other areas of the world. If China and Russia would be on board (wink, wink), theyd still be using their own strong encryption to protect their own data. The international component Comey dreams about would be dead in the water. And certainly individuals intent on using strong encryption will use it despite any existing national laws.
To me, Comey is that really smart kid in college who didnt like it when someone scored higher than him because it skewed the grading curve out of his favor. Its easier to focus your frustration on another person rather than on yourself. By demanding the technology community hand over its encryption technology to the intelligence agencies, Comey is that college classmate. He appears to believe we (the IT security community) are making things too hard for the intelligence operatives. But that is our unequivocal responsibility.
Were doing our jobs by protecting our data and the data of others for which we become trusted stewards. We are creating solutions that protect our customers, clients and patients. Comey, his successor and his former colleagues, need to do theirs. By exercising the same level of innovation and critical thinking, they will be able to get at the information they need to keep our nation safe.
Counterterrorism activities are essential, absolutely; so are continued efforts to create stronger and stronger encryption systems to protect data against malicious actors with all kinds of unsavory motivations. And that is why the encryption debate matters.