Privacy SOS

FBI cannot access all sorts of information, and that’s totally ok

Unfortunately, Congress has begun scratching an old, FBI-inspired itch again. Staffers on the Senate Judiciary Committee, with the support of chair Senator Chuck Grassley and ranking democrat Senator Dianne Feinstein, are reportedly in talks with technology companies about legislation that would most likely kill encryption as we know it.

The perennial debate between privacy advocates and security experts, on one side, and the FBI, on the other, will inevitably be front page news if the proposed legislation emerges from committee. That’s a terrible thing, because it’s a dangerous waste of everyone’s time to even consider legislation that would interfere with the ability of companies like Apple to secure their products, and thereby, their users.

The FBI has long complained that encryption blocks investigators from accessing critical information they need to investigate and prosecute serious cases like murder and terrorism. Law enforcement officials insist that the rules of mathematics can be twisted to fit their needs, without harming the collective digital security of billions of people on the planet. (Technical security experts disagree.)

But even if it were possible to give the FBI access to encrypted systems without endangering the rest of us (again: it is not), would it be appropriate to mandate that access by law? Put another way: Is there any information to which law enforcement does not have the ability to access, even if they get a warrant?

The FBI complains that encryption blocks its investigators from accessing thousands of phones per year. The jury is out about whether that is even true, in part because of the ongoing and highly lucrative arms race between cryptographers and companies like Cellebrite, which aim to break or bypass encryption systems and sell those solutions to military and law enforcement customers. But let’s be generous for a moment and assume the FBI is telling the truth when it says it cannot access thousands of phones per year because of encryption.

Here are some other circumstances in which the FBI cannot access information it probably wants for criminal investigations:

  • The FBI cannot read minds. That’s obviously too bad, as far as their investigative capabilities are concerned. The FBI would surely benefit if its agents could read the minds of every person on the planet, and even better, rewind those minds to capture the thoughts people have had since the moment they were born.
  • The FBI cannot hear what people say to one another in private conversations, when those conversations are not bugged or overheard. Likely billions, maybe even trillions, of such conversations happen every day. The FBI cannot access these conversations, which arguably harms its ability to solve and prevent crime.
  • The FBI does not have cameras in every room in every building across the United States. If the FBI did have these cameras, surely it would be much easier for officials to investigate crimes and criminal plots.

Obviously, the FBI is complaining that it can’t access stored electronic content in discrete criminal investigations, even pursuant to judicially authorized warrants. That’s slightly different from complaining that they can’t monitor the thoughts and feelings of all people at all times, or that they don’t have bugs or video cameras in every bedroom and bathroom in the country. But it’s not that different in at least one core respect: The government does not, and should not, have access to all information about all people at all times, no matter what level of investigative authorization agents may have from a court. There are simply some things FBI investigators will never know about the people they investigate.

And that’s fine. In fact, it’s good.

In a free society, the government should know very little about the people, and the people should know almost everything about the government. Seventeen years after 9/11, and a decade plus into the digital revolution, that basic axiom about democratic governance has been flipped on its head.

Contrary to the claims made by people like former FBI director James Comey and current director Christopher Wray, we are currently living in the golden age of surveillance—not the “going dark” nightmare they describe. Investigators have more avenues to access more information about criminal suspects than ever before, and often without even the most minimal checks or balances.

If encryption systems that protect the sensitive personal information of billions of persons—including government officials—are blocking access to certain information in discrete criminal investigations, so be it. The government can and does find other ways to investigate and prosecute crimes. Blowing up encryption systems upon which billions of people and thousands of companies depend for their financial, collective, and personal security is not the answer to the comparatively minor problem these FBI officials describe.

Put another way: Breaking encryption so the FBI can access 10,000 devices a year creates a much bigger problem than the one it purports to solve.

When the FBI and its supporters in Congress tell you our collective security is harmed when Apple is allowed to sell its customers secure products, they aren’t telling the truth. They are, instead, privileging the FBI’s access to information over the collective security of billions of people worldwide. But that’s not all. If they got their way, their plan would even harm what they call “national security,” by making insecure technologies upon which millions of people tied into the US intelligence agencies and US government depend.

When the next big encryption fight heats up, don’t be fooled. True security requires strong encryption. Period.

© 2018 ACLU of Massachusetts.