FBI Director James Comey is on quite a media blitz. In the month since the iPhone 6 launch, he's appeared on television and radio over and over again, talking up the supposed dangers of Apple's new encryption standards. After a televised press conference in September, he's appeared in countless articles criticizing Apple's new measures, which would automatically encrypt data held on the iPhone, and prevent Apple from decrypting it for law enforcement. Last night, Comey showed up on 60 Minutes to do it again. It's enough for the AFP to dub it Crypto Wars 2.0, a rehash of the struggle for legal cryptography that played out in the ’90s.
FBI Director Comey never does more than talk
One important thing to notice: Comey never does more than talk. The battles over encryption in the ’90s played out with arrests and court battles. Anyone offering end-to-end encryption, which doesn't let carriers hold the decryption keys, was under real legal threat. In the most alarming example, Phil Zimmermann spent years battling federal arms exporting charges over his PGP encryption suite. The threat of force was real, and resisting it took real sacrifice. Director Comey, on the other hand, hasn't offered anything more than vague concerns. If he's serious about the dangers of encryption, there's plenty Comey could do — whether in court cases or in Congress itself — but without some real proposal, he's just rehashing decades-old arguments about warrants and software freedom. After three weeks of talk, it's time for Comey to put up or shut up.
The most obvious route is to take Apple to court. If the FBI serves Apple a warrant for data on a suspected murderer's iPhone and Apple doesn't comply (according to Tim Cook, they can't), then the FBI can hold them in contempt of court until they change their system. It wouldn't be the first time the FBI jumped into a long legal battle on a point of principle, and the Department of Justice has plenty of lawyers who would love to try that case. It will be messy and public, but that's a small price to pay for rescuing kidnapping victims, right?
If encryption is a problem, why not take Apple to court?
If Comey's worried the law itself isn't on his side, he can push to have the law changed. There's a bill called CALEA II that would mandate exactly the kind of backdoor Comey wants. It's been kicking around Congress for years, with no shortage of sponsors. Why not get on national television and call for Congress to push it through, just to show you're serious? Congress is bad, but they can still pass a few laws when there's enough heat on, and they like James Comey a whole lot more than Tim Cook.
But in both cases, Comey's holding back because he knows he'd probably lose. Every time CALEA II comes up for a vote, privacy groups sound the alarm — and with surveillance fears at an all-time high, that tactic is only getting more effective. If Comey publicly backed CALEA II, it would only raise the alarms early, spooking whatever congressional support the bill already has. And if the FBI pressed the current law against a company as powerful as Apple, there's plenty of reason to think Apple would come away clean, thanks in part to the precedents set by the last crypto wars. The FBI can bully small companies like Lavabit over encryption, but the law is still on the side of the coders.
So Comey's left exactly where we started, making ominous noises and generating headlines favorable to the FBI, but not actually doing anything. It's a bluff, a way to nudge public opinion without committing the bureau to anything. This isn't a crypto war — it's a pageant.