Absolute privacy doesn’t exist in the United States, according to FBI Director James Comey. He says the courts can compel us to testify about private and privileged communications, and that the government should be able to access our personal encrypted data.
Speaking at the Boston College cybersecurity conference, Mr. Comey said,
There is no such thing as absolute privacy in America; there is no place outside of judicial reach.
He went on to say, “Even our communications with our spouses, with our clergy members, with our attorneys are not absolutely private in America.” In other words, doctors and attorneys should expect the things their clients tell them in confidence won’t stay secret, and spouses could be forced to testify against each other.
There are situations when doctors, counselors, clergy can be compelled to testify on information that normally falls under privileged communication protection, so Mr. Comey isn’t dropping a bombshell revelation. When coupled with his very public stance on encryption, however, it takes on a more ominous tone.
FBI and Encryption Don’t Mix
Mr. Comey feels, as does the FBI and Department of Justice, that the government should have the ability to bypass the encryption and security features in our smartphones, tablets, and computers. He made that clear a year ago when the FBI obtained a court order compelling Apple to create a version of the iPhone operating system that didn’t include the safeguards preventing brute force attacks on the lock screen passcode.
In that case, the FBI was investigating a mass shooting in San Bernardino California where the suspects were killed by police. An iPhone belonging to one of the suspects was recovered, although investigators couldn’t get at its contents thanks to the security passcode.
The FBI turned to Apple for help and was able to recover some data through iCloud. When Apple said it didn’t have the means to bypass the iPhone’s security, however, the FBI turned to the Federal courts.
Apple fought the order saying it was an overreach of authority, and that complying would pose a real security risk to iPhone users around the world. Mr. Comey said that wasn’t so, and that the request was a one-off deal—a statement that later proved to be false as cases around the country stacked up waiting to get at Apple’s hackable operating system.
In the end, the FBI turned to a private company to hack into the iPhone, preventing the fight with Apple from going to court.
Encryption in Name Only
Part of Mr. Comey’s argument was that encryption creates an information black box forever obscuring potentially critical evidence from law enforcement. He says companies should build back doors into their products so investigators can bypass encryption when necessary.
The problem is that a back door for one is a back door for all. If the FBI can use it, then other governments and criminals can, too. Privacy through encryption is a binary thing: either you have it or you don’t, and creating back doors means you don’t.
Enforcing hackable encryption also undermines security in online transactions. Credit card numbers can’t be presumed to be safe, nor can passwords for banks and other services.
That seems to be lost on Mr. Comey and his quest for a compromise on encryption and government access to personal data. “We all value privacy. We all value security,” he said. “We should never have to sacrifice one for the other.”
We shouldn’t have to sacrifice one for the other, but he’s asking us to sacrifice both. The people who really want to keep their data private will find ways to make it happen, and everyone else will live with a false sense of security thinking their data is private and safe. That doesn’t sound like a good compromise at all.
[Thanks to CNN for the heads up]