Terror group turning to encrypted communications

July 9, 2015
In The News

The Islamic State terror group is increasingly using encrypted communications to recruit troubled Americans and urge them to carry out attacks, FBI Director James Comey is expected to tell Congress on Wednesday.

Comey’s testimony is the latest effort by the Obama administration to pressure Silicon Valley companies to enable law enforcement agencies to continue monitoring communications over devices that are increasingly equipped with high-level encryption.

But Comey is expected to acknowledge that the administration does not yet have a legislative proposal to achieve that aim, and is not even sure it will prepare one, officials said.

Comey and Deputy Attorney General Sally Yates will be appearing before the Senate Judiciary Committee Wednesday morning. Comey will also testify in the afternoon before the Senate Intelligence Committee.

In a prepared joint statement, the two officials said that a group of individuals recently arrested in the United States were contacted by a known Islamic State supporter who had traveled to Syria and encouraged them to do the same. Some of the conversations took place on private messaging sites. “These encrypted direct messaging platforms are tremendously problematic when used by terrorist plotters,” they said.

At the same time, Comey has said that he is concerned about an increasing trend in which Islamic State operators in Syria are contacting Americans on social media sites and then moving into encrypted forms of communication, such as mobile instant messages, which cannot be intercepted.

Many lawmakers are hostile to the idea of requiring tech companies to alter the security of their encrypted products so that law enforcement can obtain text messages, phone calls and other data.

On Tuesday, the nation’s leading cryptographers issued a paper that raised objections to any proposal that would require companies to change their technology to preserve access for law enforcement.

“Lawmakers should not risk the real economic, geopolitical and strategic benefits of an open and secure Internet for law enforcement gains that are at best minor and tactical,” said the scientists, who include Whitfield Diffie, a pioneer of public-key cryptography, and Ronald L. Rivest, an inventor of the RSA encryption algorithm.

The issue burst to the fore last September when Comey spoke out against Apple and Google’s announcements that they were offering forms of smartphone encryption so secure that no third party — not even law enforcement agents with a warrant — could gain access.

Comey’s goal in testifying at the two hearings, officials said, is to keep a national debate going on an issue that has divided technologists, civil libertarians and tech companies on the one hand, and law enforcement and national security officials on the other.

“Democracies resolve such tensions through robust debate,” Comey said in a blog post published Monday on Lawfare. “But my job is to try to keep people safe. There is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption.”

He added that society might decide that “there is no sensible, technically feasible way to optimize privacy and safety” if companies are required to provide decryption solutions for law enforcement. “Those are decisions that Americans should make,” he said. “ [P]art of my job is to make sure the debate is informed by a reasonable understanding of the costs.

One FBI official, who was not authorized to speak on the record, said what Comey wants people to think about is: “As a society, are we okay to say that if your child is kidnapped, if there’s a homicide, it’s okay if law enforcement is not able to get access to [content on a criminal’s] device?”

The White House is leading a multi-agency review of the different approaches to decryption for law enforcement to include the technical, geopolitical, legal and economic implications. It has not yet reached any conclusions — including whether legislation is desirable, administration officials said.

A number of lawmakers from both parties, meanwhile, have spoken out against the idea of requiring companies to hold a decryption key — what they call a “backdoor” — to unlock data and communications when served with a warrant. They argue that building such mechanisms creates vulnerabilities that can be hacked by other nations’ intelligence services and criminals.

“The House voted overwhelmingly twice to prevent intelligence agencies from asking for surveillance backdoors in technology,” said Rep. Zoe Lofgren (D-Calif.) in a statement to The Post. “Leading tech experts say the ‘secure encryption backdoor’ is not technologically feasible and would put the data security of all Internet users at risk.”

What the recent hack of Office of Personnel Management computers showed is “we need more encryption, not less,” said Rep. Ted W. Lieu, another California Democrat, who last month wrote a letter to Comey voicing opposition to a decryption key mandate. “Given the current lack of cybersecurity across both our public and private sectors, I cannot imagine Congress passing legislation that would further weaken our information security and privacy.”

 

Both Lofgren and Lieu have sponsored measures that barred such solutions.

 

The FBI has not advanced a particular technical solution. The official said the bureau preferred that companies work with the FBI in coming up with one. “Nobody knows the systems better than the companies themselves,” the official said. “What we really need is the dialogue with the company. You built the system. Tell us what you think is the best solution.”

In their statement, Comey and Yates said: “We don’t have any silver bullet. While there has not yet been a decision whether to seek legislation, we must work with Congress, industry, academics, privacy groups and others to craft an approach that addresses all of the multiple, competing legitimate concerns.