Federal law enforcement officials decrying the proliferation of strong encryption said Tuesday that the only reason they lack actual examples of how often it shields criminals is that they’ve done a “bad job” of collecting them.
“I will be the first person to tell you that we’ve done a really bad job collecting empirical data. We need to do a much better job of that,” said Amy Hess, the FBI’s assistant executive director of science and technology, at an encryption debate hosted by Passcode, a new security and privacy blog from the Christian Science Monitor.
Asked how often investigations are stymied by encryption, Kiran Raj, a senior counsel of the Department of Justice, responded with a non-answer. “It is an important point that you make, that we have to provide the sense of a scale,” he said.
Neither Hess nor Raj said what they planned to do about it.
Hess said that data currently available on investigations, including the annual wiretap report indicating that agents encountered encryption only a handful of times during the course of the year, is simply wrong. “The fallacy that that data is built on,” she said, is that “if [agents] think an individual is going to use some sort of encrypted device, they’re not going to pursue it” any further.
Raj said that requests for the content of phone communications — text messages, emails, and more — only come at the end of a very exhaustive list of less intrusive methods. “We call it an investigative technique of last resort,” he said. But when pressed on why there’s no evidence of the number of times agents hit this final wall, he simply said that these are “hard issues.”
Previous examples provided by FBI Director James Comey in October to illustrate the dangers of “going dark” turned out to be almost laughable. Comey acknowledged at the time that he had “asked my folks just to canvas” for examples he could use, “but I don’t think I’ve found that one yet.” Then he immediately added: “I’m not looking.”
Manhattan District Attorney Cyrus Vance Jr. cited one possible example in an August New York Times op-ed — where an encrypted mobile phone may have stymied a murder investigation in Illinois — but that seems to be pretty much all anyone has come up with.
The lack of evidence has hardly toned down the rhetoric.
“The pendulum has swung so far post Snowden that we’re continuing to see society as a whole where more and more people are going to be operating above the law,” Hess said Tuesday. The question that we need to answer, she said, is “are we comfortable with that as a society?”