The Federal Bureau of Investigations has responded to what it's called the "urgent public safety issue" of mobile encryption by calling Apple a bunch of "jerks."
At the FBI International Conference on Cyber Security in Manhattan, senior FBI forensic expert Stephen R. Flatley lashed out at the technology giant for being "pretty good at evil genius stuff."
Flatley's full remarks are currently unavailable, so it's difficult to impute motivation to the expert's comments.
Even so, his condemnatory words appear to relate back to the belief widely held by the Bureau that mobile encryption used by Apple and other tech companies hinder investigators' work.
FBI Director Christopher Wray has himself made that sentiment clear.
Presenting at the FBI conference in New York, Director Wray explained how investigators were unable to access data from nearly 7,800 devices in the fiscal year that ended on 30 September 2017. The agents had the legal authority to access the devices, he noted. However, they were unable to open them due to the use of encryption on those phones.
Director Wray therefore feels mobile encryption is a big problem for the FBI:
"While the FBI and law enforcement happen to be on the front lines of this problem, this is an urgent public safety issue for all of us. Because as horrifying as 7,800 in one year sounds, it’s going to be a lot worse in just a couple of years if we don’t find a responsible solution.
The solution, I’ll admit, isn’t so clear-cut. It will require a thoughtful and sensible approach, and may vary across business models and technologies, but—and I can’t stress this enough—we need to work fast."
The FBI has been dealing with this "urgent public safety issue" for years now. According to Naked Security, it started back in September 2014 when Apple launched iOS 8 and announced it could no longer access data on an encrypted device. That stance helped produce the infamous encryption dispute between the FBI and Apple over unlocking one of the San Bernardino shooter's iPhones in early 2016, along with similar incidents where investigators raised the call for backdoors in order to access malicious actors' encrypted data.
Once again, the FBI and other government actors miss the point that encryption doesn't just benefit malicious actors. Here's Matt Pascucci on the matter:
"Yes, there are malicious people using encryption for illegal acts and there will always be individuals bending technology for their own mischievous purposes. This, however, doesn’t mean we should remove the ability to protect ourselves and is exactly the reason why putting a backdoor into encryption is a bad idea.
There are exponentially more people using encryption to protect themselves and their privacy from being subjected than those looking to harm others. We put bolt locks on doors to keep out those we don’t want to enter. If criminals are using bolt locks to prevent law enforcement from entering, it’s not the lock’s fault."
Creating encryption backdoors to help solve the FBI's "Going Dark" problem ultimately creates more risk for ordinary users than it helps investigators catch criminals.
With that said, organizations need to realize that malicious actors are increasingly using encryption to carry out their criminal activities. They should therefore make an effort to continuously monitor their keys and certificates lest bad actors abuse their encryption infrastructure for nefarious purposes.
Gain complete visibility over your keys and certificates with Venafi TLS Protect.
Get a 30 Day Free Trial of TLS Protect Cloud, Automated Certificate Management.
Related blogs