Opinion: In attack on encryption, FBI director ignores those who need protection

The leaks of celebrity photos stored on iCloud or exchanged via Snapchat have focused the public’s attention on how insecure their data are.

And yet FBI Director James Comey is trying to persuade us that we face the opposite risk: The personal data on our phones and computers may become too secure.

Talk about cognitive dissonance.

In a speech Thursday at the Brookings Institution in Washington, Comey warned that the automatic data encryption that Apple and Google are adding to their operating system “threatens to lead all of us to a very dark place.”

Said Comey, “With Apple’s new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default. Shortly after Apple’s announcement, Google announced plans to follow suit with its Android operating system. This means the companies themselves won’t be able to unlock phones, laptops and tablets to reveal photos, documents, e-mail, and recordings stored within.”

Maybe so, but it also means that we’ll have a more secure place to keep our nude selfies, assuming we don’t entrust them to the cloud. And the passwords to all our online accounts. And the health records that are proving to be surprisingly lucrative for hackers.

At a time when events are teaching hard lessons about the vulnerability of personal data, it’s surpassingly odd to hear a top government official tell horror stories about a dystopian future where data are protected.

And here’s the truly stunning part of Comey’s stance.

Encryption is widely available to the public today, and has been for years. Yes, the National Security Agency has reportedly done its best to build back doors into some of the most popular types, but it’s still hard to decode encrypted files. So if you’re eager to hide something on your Macbook or Galaxy device from Johnny Law, you can do so already.

What Apple and Google are doing aims to protect the data of people who don’t think they have anything to hide. Computers and the Internet weren’t built with security at their core; instead, they’ve been optimized for copying and sharing information, which is one reason hackers and data thieves have thrived.

The updates planned by Apple and Google would effectively change the underlying assumption about the world, adding a badly needed element of suspicion and self-defense. Yes, that will make it harder for law-enforcement officials to find incriminating evidence on the computers of evil-doers who weren’t crafty or foresighted enough to use encryption anyway. But to a far greater degree, the changes will protect the same people Comey is trying to protect: law-abiding citizens.

Comey seemed to recognize that he was swimming against the current of popular opinion. He warned in his speech that the “[Edward] Snowden disclosures” had left the public with the wrong impression about government having the ability and the inclination to sweep up all of the public’s communications.

“Are we so mistrustful of government—and of law enforcement—that we are willing to let bad guys walk away...willing to leave victims in search of justice? There will come a day — and it comes every day in this business — where it will matter a great deal to innocent people that we in law enforcement can’t access certain types of data or information, even with legal authorization,” he intoned.

“Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction — in a direction of fear and mistrust. It is time to have open and honest debates about liberty and security.”

That may be a persuasive argument in Washington for updating the two-decade-old law that requires communications networks to support court-ordered wiretaps. Comey says Congress should extend the law to cover the emerging communications technologies that lawmakers didn’t anticipate in the era before ubiquitous broadband and smartphones, and that’s a point worth exploring.

But do we really want to stop software companies from doing what they should have been doing from the start, which is to protect the data people store on their devices?

Follow Healey’s intermittent Twitter feed: @jcahealey