White House Push To Allow FBI Phone Hacks Could Hurt Intelligence Gathering

FBI Director James Comey speaks about the impact of technology on law enforcement, on October 16, 2014.

Jose Luis Magana/AP

AA Font size + Print

FBI Director James Comey speaks about the impact of technology on law enforcement, on October 16, 2014.

Two former Navy SEALs say that the White House and FBI push against encryption will hurt troops, intelligence gathering. By Patrick Tucker

Through public speeches and secret meetings, FBI Director James Comey has been pushing to stop companies like Apple and Google from encrypting users’ phone data. Two former Navy SEALs say that the policy that the FBI and the Justice Department are pursuing would hurt men and women in uniform and possibly even our allies by forcing  them to use insecure devices and services for communication.

Here’s how the fight over encryption took form. In September, Apple announced that its most recent operating system update for the iPhone, the iOS 8, would encrypt phone data.

“On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes and reminders is placed under the protection of your passcode….Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data… So it’s not technically feasible for us to respond to government warrants,” Apple says in a notice on the privacy portion of its website.

Google followed, announcing an encryption update for its Android 5.0 Lollipop operating system. As Yahoo Tech’s Rob Pegoraro reports, that will affect the Nexus 6 first and other phones soon after.

Upon news of the announcement, Comey responded by condemning encryption, first speaking out at a Brookings Institution event, saying that Apple and Google’s decision was going to take the country to a  “very dark place” where law enforcement “misses out” on crucial evidence to stop terrorists and gather evidence against criminals. Comey approached the president and, along with representatives from the Justice Department, briefed members of the House in a classified session. Legislatively, the lawmakers could easily block Apple and Google from offering encryption by updating the Communications Assistance for Law Enforcement Act, which mandates that telephone companies like AT&T and Verizon build backdoors into their networks to allow taping. But the 1994 law doesn’t apply to companies like Google and Apple or other newer networks, so an update to the law could force the companies to allow law enforcement easier access to user data.  

At a moment when the United States is conducting a military campaign to disrupt, dismantle and defeat ISIL, now is not the time to be considering legislation that takes away the exact tools we need to combat ISIL.
Sen. Mitch McConnell, R-Ky.
Senate Majority Leader

How do lawmakers feel about that? Despite widespread public concern about government electronic spying on the public, on Nov. 18 the Senate effectively killed the only NSA reform measure to come out of the Snowden scandal, the so-called Freedom Act.

Incoming Senate Majority Leader Mitch McConnell, R-Ky. even said that the fight against the Islamic State means that the U.S. can’t consider reforming the way the government collects bulk meta data and that’s via phone. “At a moment when the United States is conducting a military campaign to disrupt, dismantle and defeat ISIL, now is not the time to be considering legislation that takes away the exact tools we need to combat ISIL.”

All of that suggests that some lawmakers are more open to Comey’s arguments now that the midterm elections are over. 

(Read More: The FBI’s Quiet Plan To Expand Its Hacking Powers)

Vic Hyder and Mike Janke, two former Navy SEALs with the company Silent Circle, say that the FBI’s plan to block phone makers and service providers from offering phone encryption would make it significantly more difficult for deployed people to communicate back home and even for members of the intelligence community to communicate with sources.

Importantly, Hyder and Janke aren’t exactly unbiased in this fight. Silent Circle, the company that Janke launched in 2012 with computer scientist Philip Zimmermann, sells encryption services—and devices—to the public. They offer different encryption apps that they sell through the App store and through Google Play that allow users to encrypt their phone calls contacts and tests. They also sell encryption calling plans to members. Hyder is the company’s chief strategy officer.

In June, the company debuted a smart phone called the Blackphone. They already have customers within the U.S. military.

While they acknowledge that their opposition is borne out of self-interest, they say that blocking encryption would also hurt their customers, which includes a lot of men and women on the front lines. “If Director Comey’s efforts actually resulted in legislative change to halt the sale of encryption or encryption services, he would only be hurting the American people, businesses, government entities who Silent Circle’s encrypted communication services are currently protecting,” Janke told Defense One.

The intelligence community today is a great deal larger and more diverse than it was 50 years ago. Getting good sources to talk becomes more difficult if secure communication is the sole right of a small handful of people. 

Janke started the company as a way to actually meet a military neednot so much as a replacement for tactical communications (many which have their own security problems), but rather to enable troops to stay better connect with family on the other side of the world without giving away data to potential adversaries or hackers.

“Where this comes in to play is when [troops] are calling home and they pop up on their mobile phones and use Skype. It’s hackable, not secure and not approved for government use. We wanted something for those mobile phones to give privacy back. The company started for the purpose of helping deployed troops and human rights advocates speaking out against their governments,” Hyder told Defense One. “Comey’s telling the guys they can’t communicate back home without an Iridium phone,” he said, referring to a pricy satellite phone that can run into thousands of dollars and offers no smartphone functionality.

Zimmermann elaborated on the threat to soldiers posed by communication over insecure networks and platforms like Skype, but the growing need to stay-connected, especially over frequent and long deployments, makes less secure communication back home from the front lines inevitable.

“Suppose a U.S. soldier is talking to his family back home and he’s using a tool that doesn’t encrypt things,” said Zimmermann, “there will be leakage of information… things he talks about with his family. That’s just the place where the military intersects their civilian lives. You can’t have backdoors in this stuff because those backdoors will be exploited… Look at how the Chinese government exploited the back doors in Google services that Google built in for law enforcement.”

The FBI’s nascent war on encryption is all too familiar to Zimmermann, who is also the creator of Pretty Good Privacy or PGP, one of the most used e-mail encryption software packages in the world. Since Zimmermann first published it for free on the Internet in 1991, PGP has helped thousands of people around the world communicate more securely, including people the intelligence and the military community.

But some in government saw the act of publishing PGP as a potential violation of U.S. export arms restrictions (cryptographic software, according to this line of thinking, constitutes a weapon). Zimmermann spent three years under criminal investigation. The world now relies on software like PGP and encryption in general.

“I would like to point out that the legislative environment today is different from the 1990s.” Back then, he said, “You had to justify your use of crypto,” and attempting to send messages in secret suggested, perhaps reasonably, that you had something to hide that might be of value to the national security community. Today cyber-security is rising as a consumer, business and national security concernand encryption is a key part of making networks, devices and data more secure..

“If you are a doctor and your hospital doesn’t encrypt records, you’re in violation of HIPAA Law,” said Zimmermann, referring to the Health Insurance Portability and Accountability Act. A world without encryption is one where hackers in China and Russia can much more easily commit financial and even military espionage, of the sort that has garnered attention recently from the press and from lawmakers. One example of that is the recent cyber attacks from China aimed at U.S. Transportation Command.

You can’t have backdoors in this stuff because those backdoors will be exploited.
Philip Zimmermann
Co-founder, Silent Circle

The governments of Mexico, Brazil, Ukraine, Trinidad and Tobago, Saudi Arabia, Jordan, Singapore and Germany are all using Silent Circle’s services for secure communication. “I was told the Queen of England was notified of the baby’s birth last year via Silent Phone due to the law requiring secure communication methods used to inform her first,” said Hyder.

The company says that legislation making encryption unavailable to the public could also hurt intelligence collection. The intelligence community today is a great deal larger and more diverse than it was 50 years ago. Potential sources of information in places like northern Iraq or China may be much less likely to provide actionable intel if they can’t communicate over a secure medium with U.S. agents, contractors, journalists or intermediaries. Getting good sources to talk becomes more difficult if secure communication is the sole right of a small handful of people. 

“As [human intelligence] assets report on current activities to journalists or government agents from hotbeds around the world, they can do so knowing they are protected from prying ears who would imprison or kill them for the information they are providing. Silent Circle’s encryption not only increases the flow and quality of information that can be used to target criminal elements but also protect those who are in the fray assigned to collect and report,” Janke said.

It’s a sales pitch, of course, but Janke’s claim is backed up, at least a bit, by the sorts of clients they service.

“A lot of the guys I’ve worked with over the years [primarily in military intelligence] have come in asking about the Blackphone and have purchased in small numbers,” said Hyden. The concern among these spies was the safety of their sources, people with whom they needed to communicate but who wouldn’t be safe carrying around U.S. military equipment.

The vulnerability of conventional phone and text communication could even affect the intelligence environment in Iraq and Syria, where the rapid rise of the Islamic State resulted, according to some, from a lack of U.S. human intelligence on the ground.

“I heard about a journalist in Damascus who was calling her editor to report what was going on in a cell phone. It caught the attention of the Syrian Regime. They intercepted that and there was a banging on her hotel room door not long after. She had to escape out the back. She got Blackphone and that solved the problem,” Zimmermann said.

(Related: Democrat to NSA: Forget Congress, Stop Mass Spying Now)

In working to block Google, Apple and potentially Silent Circle, from offering encryption, Comey is being shortsighted, Zimmermann said. “The FBI is enjoying the golden age of surveillance. Some of this comes form pervasive cameras, facial recognition, optical reading tech and transaction data. Comey is talking about a few pixels. He has an enormously lucrative environment for surveillance today that he never had before.”

Bottom line for Zimmermannencryption is now a tool that can make the world more secure. Despite Comey’s dire warnings about how allowing everyone to talk more securely would make law enforcement harder, agents in the field understand its value. For evidence of that refer to a talk Zimmermann gave at this years DefCon event in Law Vegas in August, long before Comey’s recent moves.

“The FBI visited us at our office,” Zimmermann recalled. “They said ‘We’re here to ask about pricing.’”

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.