FBI Director Christopher Wray on Wednesday called for technology companies to step up cooperation in federal investigations, saying firms' encryption services sometimes mask illegal activity and hamper efforts to stop cyber crimes.
"We're having to fight these increasingly dangerous threats while contending with providers increasingly shielding indispensable information about those threats from any form of lawful access through warrant-proof encryption," Wray said during a keynote address at a cyber security conference hosted by Boston College.
"Now, we're all for strong encryption and, contrary to what you might hear, we are not advocating for 'back doors,' " he continued. "We've been asking for providers to make sure that they, themselves, maintain some kind of access to the encrypted data we need, so that they can still provide it in response to a court order. And when they can't, they're often blinding us to vital evidence showing who is behind an intrusion or what they're going to do next."
Encryption is a longstanding point of tension between the tech community and the Justice Department. In a recent example, investigators were unable to access messages on two iPhones belonging to a man who killed three sailors in a December shooting rampage at a naval base in Pensacola, Fla.
"We should be able to get in when we have a warrant that establishes that criminal activity is underway," Attorney General William Barr said in January.
Apple countered that creating a way to break into encrypted data would be dangerous, exposing many law-abiding users to hacks at the expense of aiding probes into the relatively few users who commit crimes.
"We have always maintained there is no such thing as a back door just for the good guys," the company said. "Back doors can also be exploited by those who threaten our national security and the data security of our customers."
Wray did not mention any case or company by name Wednesday, but he delivered his remarks in one of the tech industry's top markets.
And though he said the FBI is "not advocating for back doors," his description of a way for tech firms to "maintain some kind of access to the encrypted data we need" resembles the conventional understanding of the term "back door."
"I struggle to understand how encryption can simultaneously be accessible to a provider and not have it be a back door," said Kevin O'Brien, chief executive of Waltham cybersecurity firm GreatHorn.
"Arguably, the encryption needs to be end-to-end, and there can't be a master key that only lets the good guys in," he added. "There is no such thing. Once encryption can be breached by a vendor, it can be breached by anyone who can coerce or gain access to the mechanism used."
This article was originally published on March 04, 2020.