FBI Refuses to Say Which 'Experts' Inform Director's Bad Take on Encryption

FBI Director Christopher Wray arrives to deliver his budget request to a House Appropriations Committee subcommittee, on Capitol Hill in Washington, Thursday, April 4, 2019.
Photo: J. Scott Applewhite / AP

Before he was approved to lead the FBI, Christopher Wray met privately with Senator Ron Wyden, easily the sharpest privacy hawk in Congress. The topic of their conversation, one of many Wray would hold with lawmakers during his confirmation process, was encryption. The FBI has long held controversial views on the subject; namely, it wants to destroy it. Or if not, it wants to weaken it, make it easier to break—at least, for itself.

Most experts will tell you, cryptography is the science of keeping secrets, but its foundation lies in mathematics. What the FBI has long desired—a magical key to unlock all the doors—is not mathematically feasible. Not without endangering the safety and security of all Americans. Historically, the FBI hasn’t cared too much about that.

Advertisement

Wray was uninformed and admitted as much, according to Wyden. He had yet to form an opinion about encryption and needed time to study the issue. Nevertheless, he assured Wyden that he would rely on the opinions of experts—as opposed to blindly advancing the agenda of his predecessors.

The following month, on August 1, 2017, the Senate overwhelmingly confirmed Wray to lead the bureau. Citing specifically his failure to “oppose government backdoors into Americans’ personal devices, or to acknowledge facts about encryption,” Wyden, a stalwart defender of privacy on the powerful Senate Intelligence Committee, voted not to confirm the former litigator. It didn’t end there.

In his first public speech as FBI director, Wray called on Silicon Valley to devise a method by which the bureau’s agents could easily bypass cellphone encryption. “I just do not buy the claim that it’s impossible,” he said.

Having heard Wray parrot “the same debunked arguments,” Wyden wrote to the FBI director in late-January 2018, saying he wished to learn more about how he “arrived at and justified this ill-informed policy proposal.” Specifically, Wyden asked for a list of the cryptographers with whom Wray had “personally discussed this topic” since their July 2017 sit down. “[S]pecifically identify those experts who advised you that companies can feasibly design government access features into their products without weakening cybersecurity,” he requested.

Advertisement

Last week, the FBI finally responded; not Wray personally, but the acting section chief, Charles Thorley, who leads the bureau’s Office of Congressional Affairs. There would be no list, he said:

“It is not appropriate for the FBI to identify specific individuals or entities with whom it may have consulted on this issue, as doing so might place those individuals or entities at greater risk, or undermine other security-focused efforts. As you are aware, however, several independent non-governmental experts have recently publicly offered what they believe to be technically feasible solutions to this complicated problem.”

Advertisement

The FBI’s response is (for lack of a better word) stupid. There are plenty of cryptographers, established experts in the field, happy to go on the record. Many have even written books on the topic. Others, such as Johns Hopkins associate professor Matthew Green, frequently and openly express their views on the FBI’s agenda. None of them, as far as anyone can tell, are in any danger.

“The biggest threat I can see is that a bunch of nerds might make fun of them on Twitter,” Green told Gizmodo. “This is a very strange reaction. And doesn’t help move this debate forward. You can’t debate people who are afraid to participate in that debate,” he added.

Advertisement

Some officials are happy to debate, even if they lack the education required to be considered experts in the technology. But while Deputy Attorney General Rod Rosenstein is no authority on encryption, he is supposed to be an authority on the law—which makes some of his takes on the subject all the more puzzling.

Our society, he claimed in an October 2017 speech, two months following Wray’s confirmation, has “never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant.”

Advertisement

That statement, as Electronic Frontier Foundation general counsel Kurt Opsahl keenly noted, is total nonsense.

“We’ve always had (and will always have) a perfectly reliable system whereby criminals can hide their communications with strong security,” he said, stating what should be obvious: “In-person conversations.”

Advertisement

In the same speech, Rosenstein went on to attack default end-to-end encryption, claiming that the companies deploying it are doing something “the law does not allow telephone carriers to do: exempt themselves from complying with court orders.” Here, too, Opshal easily dispatched Rosenstein—not with some witty comeback, but with a simple reading of the law that Rosenstein pretended to know by heart.

The Computer Assistance for Law Enforcement Act, he noted, does not actually require telephone carriers to decrypt communications, as long as it’s the users themselves in possession of the keys. Here’s what it actually says:

A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

Advertisement

“Regardless of whether the Federal Bureau of Investigation labels vulnerability by design a backdoor, a front door, or a ‘secure golden key,’ it is a flawed policy that would harm American security, liberty, and our economy,” Wyden wrote to Wray in January 2017. “In addition to taking issue with the obvious technical flaws in your proposal, I am disappointed you did not contact me prior to your speech, as you promised you would.”

Wray never replied, so more than a year later, Wyden wrote again: “Experts have said repeatedly, for decades, that strong encryption is incompatible with backdoors. Strong encryption helps ensure both security and liberty, and Americans rely on this security to protect the location of their families and the intimate details of their communications from hackers and foreign criminals.”

Advertisement

“It is foundational to American liberty that individuals feel free to express their deeply held, but controversial, beliefs without fear of prying eyes or ears,” he continued. “Knowing you’re being watched—or that you may be overheard—leads to self-censoring that would Ben Franklin rolling over in his grave.”

The FBI’s decision to withhold the names of the experts Wray allegedly spoke to before developing his opinion on encryption suggests only one thing: that, perhaps, he hasn’t spoken to any—that there are no cryptographers advising him; that there are no actual experts in the field at all informing him.

Advertisement

His only advisers, one might assume (in the absence of any evidence to the contrary), are career FBI employee with the long-held belief that there’s nothing Americans communicate in private that should be beyond their power to collect.

Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

EmailTwitterPosts
PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD