The FBI Calls Phone Encryption a ‘Major Public Safety Issue’

Last week, FBI Director Christopher Wray rekindled a dialogue to convince tech companies to give law enforcement backdoor access to encrypted smartphones. Privacy is a top concern among technology users. Many in the industry are opposed to this ability being handed over to agencies like the FBI.

But Wray hints that a lack of access could pose a threat to the public.

A Growing Concern For the Government

At Fordham University’s International Conference on Cybersecurity, Wray discussed the issue of phone encryption, a subject heavily debated during James Comey’s tenure as director of the bureau. Wray mentioned that the FBI couldn’t access over half of the smartphones it tried to access in 2017.

“Being unable to access nearly 7,800 devices in a single year is a major public safety issue,” Wray explained. “We’re not interested in the millions of devices of everyday citizens. We’re interested in those devices that have been used to plan or execute terrorist or criminal activities. We need to work together, the government and the private sector, to find a way forward, and find a way forward quickly.”

While smartphone access has been a longstanding issue for the FBI, it became more pressing with the arrival of phones that even the manufacturers can’t unlock (since they don’t have the encryption key). The most infamous example of this in recent history was the FBI’s request for Apple’s San Francisco developers to create backdoor software to access the iPhone of one of the San Bernardino mass shooting attackers. Apple refused, but the FBI still gained access with the help of a third party.

Searching for Compromise

To allay the fears of staunch privacy supporters, most plans allowing for smartphone backdoor access also strictly regulate exactly who can use it. The Trump administration has alluded to a policy that would give investigators access after receiving a warrant. But even with a warrant from a judge, Wray says, it’s difficult or impossible access many phones.

The FBI director continued with an example of an alternate strategy: four major banks were utilizing Symphony, a communication platform that promised “guaranteed data deletion.” Of course, this feature raised some eyebrows due to its potential to impede industry investigations. In the end, Symphony agreed to temporarily store encrypted data that only financial regulators could access for a finite time.

Finding a Balance

Many supporters of privacy argue that any type of new access, even if regulated, still increases the probability that a nefarious infiltrator may gain access. Amie Stepanovich, U.S. policy manager at privacy advocacy group Access Now, says of these types of solutions, “They create new targets for data breaches and they complicate user security in a way that can be compromised by bad actors.”

Even Wray admitted that this was not a “clear-cut” scenario, and it would “require a thoughtful but sensible approach [that] may vary across business models and different technologies.” Still, he followed up with cautious optimism; “I just do not buy the claim that it’s impossible.”

Although there has been no concrete resolution to this issue of privacy versus public safety, it’s promising to see that the FBI is aware this situation is not so cut and dry. Any policy enacted could have everlasting implications for every U.S. citizen, not just the mobile app development community. What do you think is the best way to solve this? Let us know in the comments!