FBI Director Chris Wray is following in predecessor James Comey's footsteps in joining the anti-encryption crusade. Though the FBI has admitted to distorting the number of encrypted devices it can't get into, in an interview at the Aspen Security Forum, Wray "hinted he was moving towards an anti-encryption legislative mandate," if a compromise couldn't be reached with tech companies:
"I think there should be [room for compromise]. I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear."
Techdirt wrote a response to Director Wray’s statement:
"The 'compromise' Wray wants is simple: if law enforcement has a warrant, it gets access. The solution isn't. To weaken or backdoor encryption to serve law enforcement's needs makes everyone -- not just criminal suspects -- less safe. If a hole can be used by good guys, it can be used by bad guys. And even the best guys can't prevent their tech tools from making their way into the public domain. Just ask the NSA and CIA. In the case of the NSA, leaked exploits resulted in worldwide ransomware attacks.
Wray pitches an impossibility by portraying it as a lack of effort by the tech industry. The tech industry -- the one with all the 'brightest minds' -- have been consistent in their stance. A hole for one is a hole for all. There's no such thing as securely-compromised encryption. Wray's response has also been consistent: they're just not thinking hard enough. The only 'compromise' pitched by members of the tech sector is basically re-skinned key escrow -- the thing that went out of fashion with the death of the Clipper Chip.”
Director Wray also offered up the following non sequitur:
"We're a country that has unbelievable innovation. We put a man on the moon. We have the power of flight. We have autonomous vehicles… [T]he idea that we can't solve this problem as a society -- I just don't buy it."
"The reality is that solid and technologically sound encryption systems are needed more than ever for data protection, data integrity, and confidentiality. At a time, for example, when voter databases are under assault from foreign actors, we need to be enhancing the integrity of our data systems, not reducing it. I have worked across the private and public sectors to strengthen cyber protections, responded to breaches, and understand how difficult it is to build secure and resilient systems—introducing new vulnerabilities only exacerbates these challenges. So, it is time to ask whether instead of engineering backdoors into encryption systems, are there other reasonable technological solutions available?"
According to a recent study by The Center for Strategic and International Studies (CSIS) encryption is not the most critical issue facing law enforcement in the digital realm. CSIS's study includes a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups. They also commissioned a nationwide survey of law enforcement to better comprehend the full range of challenges they face in accessing and using digital evidence for their cases.
The CSIS study states: "Survey results indicate that accessing data from service providers -- much of which is not encrypted -- is the biggest problem that law enforcement currently faces in leveraging digital evidence."
Some of the findings in CSIS's report, Low-Hanging Fruit - Evidence-Based Solutions to the Digital Evidence Challenge:
Applying fixes to these issues will require a lot of effort and the employment of additional resources on the parts of law enforcement and providers. But, it is possible for law enforcement to gain and maintain the technical skills needed while also protecting civil liberties.