The Islamic State terrorist group is increasingly using encrypted communications to recruit troubled Americans and urge them to carry out attacks, FBI Director James B. Comey told Congress on Wednesday.
Comey’s testimony is the latest effort by the Obama administration to pressure Silicon Valley companies to design their products in ways that will allow law enforcement agencies to monitor communications that would otherwise be rendered unreadable by advances in encryption.
But the Obama administration also signaled for the first time that it may not seek legislation that would force technology companies to make changes that many think would undermine their security and commercial viability.
Deputy Attorney General Sally Yates, who also testified before the Senate Judiciary Committee, said the administration hoped that companies would comply voluntarily rather than have the government “cram down their throats” legislation requiring them to disable their own encryption systems.
Facing persistent skepticism from both technology companies and members of Congress, the Justice officials described plans to expand encryption capabilities as a growing danger to the public. Comey said that the Islamic State has attracted at least 21,000 English-speaking followers on the Twitter social media platform, bombarding them with incitements to violence.
“There is a device, almost a devil on their shoulders, all day long saying, ‘Kill, kill, kill, kill,’ ” Comey said, referring to the group’s use of Twitter, whose message streams can be read on smartphones. He said the group is urging people to kill military members and behead them.
When Islamic State operatives encounter a potential recruit, Comey said, “we see them giving directions” to move to a mobile messaging app that is encrypted, he said. “And they disappear.”
Many lawmakers are reluctant to require tech companies to alter their products’ security so that law enforcement officials can obtain text messages, phone calls and other data. Sen. Patrick J. Leahy (Vt.), the committee’s ranking Democrat, said that “creating special access for law enforcement would still introduce into the digital space significant security weaknesses at a time when we need the strongest possible cybersecurity.”
Last month, the government disclosed that the personnel records and background check files of millions of current and former federal employees were hacked, breaches that many say underscore the need for stronger security.
On Tuesday, some of the nation’s leading cryptographers issued a paper objecting to any proposal that would require companies to alter their technology to aid law enforcement.
“Lawmakers should not risk the real economic, geopolitical and strategic benefits of an open and secure Internet for law enforcement gains that are at best minor and tactical,” said the scientists, who include Whitfield Diffie, a pioneer of public-key cryptography, and Ronald L. Rivest, an inventor of the RSA encryption algorithm.
The issue gained attention in September when Comey spoke out against Apple and Google’s announcements that they were offering forms of smartphone encryption so secure that no third party — not even law enforcement agents with a warrant — could gain access.
Comey has called for a broader debate of an issue that has divided technologists, civil libertarians and tech companies on the one hand, and law enforcement and national security officials on the other.
The White House is leading a multi-agency review of the different approaches to decryption for law enforcement to include the technical, geopolitical, legal and economic implications. It has not reached any conclusions — including whether legislation is desirable, administration officials said.
Yates noted that some companies that offer encryption on their products have retained the ability to use a key to unlock otherwise secure streams of data for business purposes or the detection of cyberthreats. The administration wants other companies to similarly retain decryption keys, she said, adding, “They would simply provide the information to us” when presented with a warrant.
At a Senate Intelligence Committee hearing in the afternoon, Sen. Ron Wyden (D-Ore.) said Yates “seemed to suggest that companies should retain a stockpile’’ of keys. That, he said, “would be a huge gift to foreign hackers and criminals.” Such an idea, he said, “is a big-time loser. It’s a loser on security grounds. It’s a retreat on privacy. I think it will do damage to our cutting-edge industry.”
Lawmakers from both parties have argued that such security “back doors” create vulnerabilities to foreign intelligence services and criminals. The House has twice passed amendments that have barred the federal government from requiring companies to create decryption keys.
But Sen. Dianne Feinstein (Calif.), the intelligence panel’s ranking Democrat, called for legislation that would require the companies to cooperate.
“It seems to me, if companies will not voluntarily comply with lawful court orders for information, then they should be required to do so through legislation,” she said.
Yates said the government has had “productive conversations” with companies and understands that “they are responding to market demands to protect the privacy of their customers.” They “are not the villains here,” she said. But, she added, “given the gravity and urgency of the situation, I think it’s important that we kick it up a notch.”