FBI Director James Comey says either regulators or Congress need to step in to insure law enforcement has access to the data it needs to catch the bad guys, and that means applying some laws to edge providers that apply to ISPs and telcos.
In a speech at the Brookings Institution Thursday (Oct. 16), Comey suggested the pendulum had swung too far in the other direction following the Edward Snowden data collection disclosures.
"[T]he prevailing view is that the government is sweeping up all of our communications," he said. "That is not true. And unfortunately, the idea that the government has access to all communications at all times has extended—unfairly—to the investigations of law enforcement agencies that obtain individual warrants, approved by judges, to intercept the communications of suspected criminals."
Apple and Google have announced new operating systems for iPhone and Android phones that will encrypt the information so that law enforcement can't get at it. Comey said that could have serious consequences, including that criminals would come to count on that to evade detection.
He pointed out that cable and phone telcos and ISP's have to, by law, build in intercept capabilities for their networks to accommodate court-ordered surveillance, but that the Apples and Googles of the world have no such requirement.
"[T]hat law, the Communications Assistance for Law Enforcement Act, or CALEA, was enacted 20 years ago—a lifetime in the Internet age," he said, "and it doesn’t cover new means of communication. Thousands of companies provide some form of communication service, and most are not required by statute to provide lawful intercept capabilities to law enforcement."
He said the issue was whether those companies not subject to the Communications Assistance for Law Enforcement Act" should be required to build in those intercept capabilities.
His answer was clearly yes. "We...need a regulatory or legislative fix to create a level playing field, so that all communication service providers are held to the same standard and so that those of us in law enforcement, national security, and public safety can continue to do the job you have entrusted us to do, in the way you would want us to," he said. (to read the entire speech, go here).
The Computer & Communications Industry Association--Google is a member--was not applauding the speech.
“The FBI is basically saying we don’t need technology to limit government access – that we can rely on legal protections," said CCIA President Ed Black. "Unfortunately, hackers are not bound by the law, and there is potential for misuse of vast amounts of data by not just the U.S. government, but oppressive governments around the world that have fewer legal barriers or privacy protections for their citizens. What we do will be a model for the rest of the world.
“The implications of a government backdoor to smartphone data, no matter how secure, are far-reaching because smartphones contain so many intimate details about a user’s life," he said.
“Technology companies have an obligation to protect the information entrusted to them and give customers around the world the tools that they demand to protect their data. The biggest barriers to the kind of legislation the FBI is requesting are the tens of millions of people who don’t want the government to have easy access to their devices and personal information.