Encryption

If the Feds Have Stopped Snooping on Our Phone Records, Watch Out for the Anti-Encryption Propaganda

Backdoors into your texts and private message provide far more information than your phone metadata.

|

FBI Director Christpher Wray
AdMedia/Newscom

The USA Freedom Act may be dying not with a bang, or a fight, or a big public debate, but with a whimper. And that might be explained by a simple question: When's the last time you used your cellphone to make an actual phone call?

If you missed the news (and you might have, since as it barely made a dent in the news cycle), the National Security Agency (NSA) has reportedly abandoned a surveillance tool it fought hard to maintain after Edward Snowden exposed it. The NSA had been secretly collecting millions and millions of Americans' phone records and metadata and storing them to look for potential connections to terrorism. Or at least that's the reason we were told they were doing it—there is no evidence that collecting all this private domestic information actually helped fight terrorism at all.

When this abuse of the PATRIOT Act was exposed, intelligence officials and their lawmaker allies fought hard to keep the authority to collect all this information. A compromise was reached in 2015 with the USA Freedom Act, which allowed the NSA to request Americans' phone records from the telecom companies themselves in a more restricted fashion. They still requested millions and millions of records through this system each year. Then they discovered that they were getting records they didn't have the authority to access and had to purge the system last year.

Now an aide to a Republican congressman claims that the NSA has all but abandoned using the Freedom Act to collect phone metadata and the law might not get renewed when it expires at the end of the year. If that's true, it's a strange end to a long fight between national security state officials and privacy activists—a battle that stretched across multiple administrations.

There's a good reason to be skeptical: It's the NSA! They might have developed other ways to collect this data, and there's such a complex and secret legal framework around our surveillance systems that we can't really be certain of what's going on. But there's also a legitimate possibility here that the NSA eventually realized this surveillance wasn't really getting it the data it needed.

That should be good news, but it actually highlights the dramatic importance of another privacy fight: the one over encryption. Increasingly we're using apps and messaging systems to communicate with each other, not phone calls.

On the one hand, that means the metadata from phone calls is less useful to anybody who wants to snoop on you. But it also means that we're passing along the actual contents of the conversation through texts and other messaging tools. And that means that when somebody gets access to your phone, he gets access to the actual conversations you're having—something that wasn't the case with the Freedom Act.

That means the battle over your right to hard-to-break encryption is much more important than the fight over NSA surveillance, even if the latter got so much more attention. Encryption protects your data and messages from prying eyes, including government eyes (not just America's, but others as well).

There's been a significant law-enforcement push, both in the United States and abroad, to try to force tech companies to provide access to this information on demand. Reason has been following this fight for years now, and we've been and warning—as have just about every single technology and information company out there—that strong encryption is necessary to protect our privacy and data from criminals and other bad actors.

But many officials would apparently rather let you be victimized than give up a chance to access your private conversations. Just last week, FBI Director Christopher Wray was beating the drum that there needs to be some way to stop criminals from using encryption to hide information. But there's simply no way to develop systems to bypass encryption that cannot be abused.

At the same time Wray was lamenting encryption's role in keeping secrets from police, Facebook chief Mark Zuckerberg was talking about adding end-to-end encryption to Facebook to make it harder for third parties (including law enforcement) to snoop on private messages. It's becoming clear that encryption is going to be an extremely important mechanism to protect our data privacy as we turn more and more to messaging systems to communicate.

All of this is to say that we really, really need to be paying more attention to how Australian lawmakers may be destroying the stability of our encryption and rendering all of us (not just their own citizens) vulnerable. Australia's Parliament has, over the objections of essentially the entire tech community, passed anti-encryption legislation that grants police agencies the power to make tech companies secretly help them bypass their own security systems to gain access to private data. They can even secretly order tech companies to introduce vulnerabilities to facilitate their own access into an app or a social media platform's messaging systems.

In a recent Reason interview with outgoing libertarian Australian Sen. David Leyonhjelm (available now online here in a trimmed-down version), I asked if he felt lawmakers truly understood the can of worms they were opening with their anti-encryption bill. Leyonhjelm, who is a vocal critic of the expansion of government surveillance there, said he didn't believe that they did:

I don't think they have any idea of what they've getting into….In all fairness, also, we have a law that allows the government to access metadata. And when that was being introduced, our attorney general…was asked by the media, "What is metadata?" He did not have a clue. He did not have a clue. He was responsible for the legislation, which was quite intrusive, similar to the decryption legislation, quite intrusive. It was giving the government authority to monitor our metadata without a warrant….

Now, my view is that the people who thought monitoring metadata was a good idea probably didn't know what it was or what they could do with it. I suspect the same people are responsible for the decryption legislation. They really don't know what they are doing. They're not technically very smart and have no decent understanding of what its limitations are going to be or the principle that the government has a right to snoop on anything that you write.

Australia has an intelligence-sharing agreement with the United States, Canada, the United Kingdom, and New Zealand. If the security of private messaging systems gets compromised in Australia, there's no reason to think that the information that government collects won't get shared with other countries or that the tools used to bypass encryption won't be passed along to these allies.

It's unlikely that the NSA would abandon the use of a surveillance tool if it was effective in any way. The message being sent by the possible abandonment of the USA Freedom Act surveillance powers is that there are other methods of surveillance that might be more effective. And just as we were vocal about the abuses of the PATRIOT Act, we need to be vocal about not allowing our encryption to be compromised and our data security evaporated by secret demands to snoop on us.