January 13, 2018 5:19 pm

Reality Check: FBI head calls encryption an ‘urgent public safety issue,’ but is it?

FBI Director Christopher Wray is sworn in prior to testifying before the House Judiciary Committee December 7, 2017 in Washington, DC. The committee hearing focused on oversight of the Federal Bureau of Investigation.

(Photo by Win McNamee/Getty Images)

The FBI has been unable to access data from nearly half the devices it has tried to unlock due to encryption, FBI director Christopher Wray stated on Tuesday.

“This is an urgent public safety issue,” said Wray, while admitting that a solution to the problem is “not so clear cut.”

In 2017, the FBI was unable to access data from close to 7,800 devices, despite possessing proper legal permission to obtain the information.

WATCH: Apple fights court order to unlock San Bernardino shooter’s iPhone

Story continues below

Wray went on to explain that this is an issue that impacts every area of the agency’s work.

Discussions around personal security versus public safety in terms of technology have been on the lips of regulators and major tech firms for years.

In the past few years, controversies including Apple’s refusal to unlock the phone of a terrorist in a 2016 shooting, and the RCMP obtaining access to Canadian tech juggernaut BlackBerry’s global encryption key, have further pushed the issue into the spotlight.

WATCH: Apple denying FBI access to San Bernardino shooter’s iPhone ignites debate

Kenneth E. Gray Jr., a lecturer in the University of New Haven’s department of criminal justice and retired FBI special agent, agrees with Wray’s sentiments on unbreakable encryption.

“In the event that you have, say, a terrorist that is planning to carry out a terrorist attack, you can get the court to authorize you to access the content of the conversation — whether it be by email or an encrypted phone call. But despite the fact the court authorizes it, you can’t get it. You can’t access the information,” Gray explained in an interview with Global News.

He went on to say that despite these concerns, major tech companies like Apple and Samsung are moving towards rolling out the strongest possible encryption on their devices.

READ MORE: France, Germany want messaging apps to limit encryption to fight terrorism

“I think the industry is certainly moving towards encryption systems that are unbreakable. And that unbreakable nature tends to freeze out public safety.”

He recalled the 2016 shooting in San Bernardino, California where the FBI implored Apple to unlock an iPhone belonging to the shooter, Syed Farook. After a drawn out, public legal battle, Apple ultimately declined to help the FBI and the agency eventually contracted a private company to unlock the phone.

READ MORE: FBI: Using third parties to break encryption not only answer

At the time, Tim Cook called the order to unlock the device “chilling,” and said it would require writing new software that would effectively serve as “a master key, capable of opening hundreds of millions of locks.”

Gray retorts that despite the fact that the FBI was able to access the data, their method wouldn’t be universally effective.

“In that one particular case, with that one particular version of phone, an outside consulting computer security company was able to develop a technique to break into that one specific phone, but it would only work for that one particular phone, and that one phone is not the current version,” said Grey.

WATCH: CSIS under fire for keeping personal data on Canadians

However, Rebecca Slayton, a lecturer and cybersecurity expert at Cornell University, warns that arguments like Wray’s can often lead to “building back doors to technology” to offer law enforcement a legal channel to access data.

“Most of these technologies basically already have back doors. Those are the bugs, the glitches in the system that hackers can exploit. So building those in deliberately to give law enforcement access, I think actually makes people insecure — that in itself becomes a public safety issue,” she explained.

WATCH: No reform necessary on Bill C-51: Former CSIS director Richard Fadden

Furthermore, she added, having secure communication is also a matter of public safety.

“There are bad guys out there who will exploit those holes in ways that can do damage as well. Whether it’s exploiting holes in the technology of public officials or getting to the technology of police, or just the everyday person, it puts people at risk when their technologies are not secure.”

In 2016, the RCMP and the Canadian tech firm BlackBerry came under fire after Vice Canada obtained documents revealing that the RCMP had intercepted and decrypted over one million BBM (Black Berry Messenger) messages. While neither party confirmed how the key was obtained by the RCMP, it was speculated in media reports that the law enforcement agency was likely granted access.

READ MORE: New cybersecurity rules coming this winter amid year of massive hacks: Ralph Goodale

Gray explained a comparable case where past directors of the FBI had tried to work with telecommunications companies to share keys.

He added that most encryption systems have a public key and a private key. Governments with a public key would have no ability to access information from the smartphone company or email provider, or gain access to the encryption key.

Slayton, on the other hand, stated that “my concern is that when you start talking about building those back doors so that law enforcement can get in, you actually end up making the public safety issue worse.”

While Slayton said she would always support law enforcement obtaining a warrant to access data before doing so, she warns that the public should be cognizant of how far the boundaries of privacy are being pushed.

-With files from Reuters. 

© 2018 Global News, a division of Corus Entertainment Inc.

Report an error


Want to discuss? Please read our Commenting Policy first.