Based upon what FBI Director James Comey told a Senate Judiciary Committee Wednesday, it seems the Bureau has backed off the idea of a "government backdoor" per se, as long as technology companies themselves can still access customers' data (and thus surrender it to law enforcement when legally subpoenaed).
Comey's main grievance, therefore, is end-to-end encryption.
"The government shouldn't be telling people how to operate their systems," Comey said. "We are in a place where we understand it's not a technical issue; it's a business model question."
Amy Hess, the FBI’s executive assistant director for science and technology, used similar language in an interview with the Washington Post this week.
Firms that feared being tagged as tools of a privacy-invading government became less willing to assist in surveillance “because it was perceived as not a good business model to be seen as cooperating with the government,” Hess said.
It used to be, she said, that companies meeting a legal requirement to provide “technical assistance” generally would try to comply with wiretap orders. “Now all of a sudden we get hung up on the question of what, exactly, does that mean I have to provide to you?” she said.
American technology companies' concerns that their cooperation with the U.S. government was bad for business were not entirely unfounded. In October, worries about NSA snooping and other surveillance caused the European Court of Justice to strike down Safe Harbor, the data transfer agreement that had, for the past 15 years, allowed multinationals to store Europeans’ data in the U.S. if the companies agree to comply with Europe’s data privacy laws.
Today, the European Union's Justice Commissioner said that the new data transfer pact that will replace Safe Harbor will give the EU the right to "pull the plug on the deal if it fears the United States is not safeguarding privacy enough," Reuters reports.
In the interview with the Post, Hess also confirmed for the first time that the FBI uses zero-day exploits. From the story:
[Hess] said the trade-off is one the bureau wrestles with. “What is the greater good — to be able to identify a person who is threatening public safety?” Or to alert software makers to bugs that, if unpatched, could leave consumers vulnerable?
“How do we balance that?” she said. “That is a constant challenge for us.”