One of the United States government’s top counterterrorism officials says Congress must help investigators crack the encrypted communications of terrorists as groups like the so-called Islamic State ramp-up their online recruitment efforts.
On Capitol Hill on Wednesday, Michael Steinbach, the assistant director of the Federal Bureau of Investigation’s counterterrorism division, told the House Homeland Security Committee that the FBI is “imploring for Congress to help” law enforcement with its quest to decrypt digital communications.
Steinbach said that the FBI is working with the Department of Homeland Security to ensure that the law enforcement tactics currently in use can be implemented as needed, but suggested that legislation might be needed for situations where communications being sought are obfuscated from the eyes of investigators by encryption or other means.
According to Steinbach, individuals belonging to the group calling itself the Islamic State (also known as ISIS, or ISIL), are making the jobs of counterterrorism investigators increasingly difficult by relying more and more on methods of communication that cannot be compromised as easily as more mainstream mediums.
It’s no secret that ISIS proclaims its ideology far and wide with the help of social networking tools like Twitter, enabling the message to be spread among the public instantly. A report issued by the Brookings Institute this past March alleged the individuals sympathetic with ISIS opened at least 46,000 Twitter accounts during the last quarter of 2014, and slickly produced propaganda that the group amplifies with professional social media software has done anything but draw away attention. According to Steinbach, upwards of 20,000 Twitter account holders can end up on the receiving end of a single tweet sent by the group or one of its supporters.
“Unfortunately, social media is a great tool for the public,” he said, “but it also allows for this horizontal distribution which is very difficult to follow.”
Twitter actively suspends ISIS-affiliated accounts, according to the Brookings report, but collecting the private messages of accounts isn’t easy as having a person’s profile shut-down and requires legal action which Steinbach and others think should be easier to achieve.
The blatant spreading of ISIS-endorsed messages and ideals on the open web notwithstanding, backchannel communications sent privately between suspected members and sympathizers are complicating matters for federal investigators, Steinbach said.
"We're not looking at going through a backdoor or being nefarious. We’re talking about going to the company and asking for their assistance"
— Andrew Blake (@apblake) June 3, 2015
Even when private communications can be obtained, Steinbach said that encryption that’s been properly implemented in certain cases has made it a “very problematic issue” for investigators tasked with figuring out the contents of messages.
“We’re not looking at going through a backdoor or being nefarious. We’re talking about going to the company and asking for their assistance,” he said.
“We understand privacy. Privacy above all other things, including safety and freedom from terrorism, is not where we want to go.”
Rep. Michael McCaul (R-Texas), the committee chair, told Steinbach that “If we have coverage, we can pick up that communication. Because terrorists are increasingly taking their conversations to a “dark space” on the web, however, McCaul warned that investigators “don’t have the ability to monitor these communications.”
The Dark Web
The online activity the occurs on the world wide web as it’s widely known to exist only represents a fraction of what’s really online: a vast amount of web traffic unfolds in the realm of the so called “dark web” or “deep web,” where sites aren’t archived by search engines like Google and bits and bytes are routed to remote servers around the world to help anonymize the identities of those who operate there.
McCaul told Steinbach that “one of the greatest concerns” for him personally involves the government’s inability to monitor that portion of the web, and the FBI agent admitted in his response that the bureau believes it’s already well behind with what it calls its “going dark” problem – the FBI’s weakness with regards to cracking into the digital traffic that occurs in the shadows.
“We are past going dark,” Steinbach said. “In some instances, we are dark,”
“The ability to know what they're saying in these encrypted communication situations is troubling.”
In his prepared remarks, Steinbach explained that “changing forms of internet communication are quickly outpacing laws and technology designed to allow for the lawful intercept of communication content.”
“This real and growing gap the FBI refers to as ‘going dark’ is the source of continuing focus for the FBI, it must be urgently addressed as the risks associated with ‘going dark; are grave both in traditional criminal matters as well as in national security matters.”
In April, the executive assistant director of the FBI’s science and technology branch, Amy Hess, told the House Committee on Oversight and Government Reform that it’s critical for cops to “have the ability to accept or to receive the information that we might need in order to hold those accountable who conduct heinous crimes or conduct terrorist attacks.” According to cryptology experts, though, it’s so far been proven impossible to implement a method of bypassing encryption that can only be exploited by some.
“We just can’t do what the FBI is asking without seriously weakening our infrastructure,” Prof. Matt Blaze, a cryptology expert from the University of Pennsylvania’s school of engineering and applied sciences, testified at the time, adding that even attempts have the potential to yield “terrible consequences for our economy and national security.”
Earlier in the week, meanwhile, the CEO of Hacking Team – an Italian cyber vendor whose spyware has been sold to various government customers, including the US Navy and Drug Enforcement Agency – claimed in an email to clients that his company is quite capable of cracking the deep web.
"If you are a lawful user of the Internet, you have little to fear from Hacking Team," he wrote. "BUT IF you break the law or engage in terrorism (or are thinking about it), you should know that the safe haven that the DARKNET provides is beginning to be exposed to the light."