The Washington PostDemocracy Dies in Darkness

FBI chief calls encryption a ‘major public safety issue’

FBI Director Christopher A. Wray speaks during Fordham University’s International Conference on Cyber Security at Fordham University in New York on Tuesday. (Drew Angerer/Getty Images)

NEW YORK — FBI Director Christopher A. Wray on Tuesday renewed a call for tech companies to help law enforcement officials gain access to encrypted smartphones, describing it as a "major public safety issue."

Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it tried to crack in that time period — despite having a warrant from a judge.

"Being unable to access nearly 7,800 devices in a single year is a major public safety issue," he said, taking up a theme that was a signature issue of his predecessor, James B. Comey.

"We're not interested in the millions of devices of everyday citizens," he said in New York at Fordham University's International Conference on Cyber Security. "We're interested in those devices that have been used to plan or execute terrorist or criminal activities."

Attorney General Jeff Sessions on Thursday accused technology companies of failing to adequately help federal investigators access encrypted communications. (Video: Reuters)

He said: "We need to work together, the government and the private sector, to find a way forward, and find a way forward quickly."

The bureau has highlighted this challenge to its investigative work, which it calls "Going Dark," for more than a decade. But the issue has grown more pressing, it says, with the advent of phones that not even companies can unlock because they do not hold the encryption key.

The Justice Department went to court in 2016 to force Apple to devise a way to help it gain access to a dead attacker's iPhone after a mass shooting in San Bernardino, Calif. That battle ended when the FBI paid a third party to hack the phone.

Deputy Attorney General Rod J. Rosenstein last fall hinted that the Trump administration would take more aggressive steps if the companies can't come up with "responsible encryption" that gives law enforcement access after a warrant is obtained.

See all the latest developments in the Apple vs. FBI case. (Video: Jhaan Elker/The Washington Post)

As an example of a possible compromise, Wray cited a case from New York several years ago. Four major banks, he said, were using a chat messaging platform called Symphony, which was marketed as offering "guaranteed data deletion." State financial regulators became concerned that the chat platform would hamper investigations of Wall Street.

"In response," Wray said, "the four banks reached an agreement with the regulators to ensure responsible use" of Symphony. They agreed to keep a copy of their communications sent through the app for seven years and to store duplicate copies of their encryption keys with independent custodians not controlled by the banks, he said.

"So in the end, the data was secure — still encrypted, but also accessible to regulators," he said.

Privacy advocate Amie Stepanovich, however, said such solutions may not be appropriate for the average Internet user and threaten the user's digital security.

"They create new targets for data breaches and they complicate user security in a way that can be compromised by bad actors,'' said Stepanovich, U.S. policy manager at Access Now, an advocacy group.

Wray acknowledged the solution is not "clear cut." He said "it's going to require a thoughtful but sensible approach'' that "may vary across business models and different technologies."

He added: "I just do not buy the claim that it's impossible."