Encryption

If the Feds Have Stopped Snooping on Our Phone Records, Watch Out for the Anti-Encryption Propaganda

Backdoors into your texts and private message provide far more information than your phone metadata.

|

FBI Director Christpher Wray
AdMedia/Newscom

The USA Freedom Act may be dying not with a bang, or a fight, or a big public debate, but with a whimper. And that might be explained by a simple question: When's the last time you used your cellphone to make an actual phone call?

If you missed the news (and you might have, since as it barely made a dent in the news cycle), the National Security Agency (NSA) has reportedly abandoned a surveillance tool it fought hard to maintain after Edward Snowden exposed it. The NSA had been secretly collecting millions and millions of Americans' phone records and metadata and storing them to look for potential connections to terrorism. Or at least that's the reason we were told they were doing it—there is no evidence that collecting all this private domestic information actually helped fight terrorism at all.

When this abuse of the PATRIOT Act was exposed, intelligence officials and their lawmaker allies fought hard to keep the authority to collect all this information. A compromise was reached in 2015 with the USA Freedom Act, which allowed the NSA to request Americans' phone records from the telecom companies themselves in a more restricted fashion. They still requested millions and millions of records through this system each year. Then they discovered that they were getting records they didn't have the authority to access and had to purge the system last year.

Now an aide to a Republican congressman claims that the NSA has all but abandoned using the Freedom Act to collect phone metadata and the law might not get renewed when it expires at the end of the year. If that's true, it's a strange end to a long fight between national security state officials and privacy activists—a battle that stretched across multiple administrations.

There's a good reason to be skeptical: It's the NSA! They might have developed other ways to collect this data, and there's such a complex and secret legal framework around our surveillance systems that we can't really be certain of what's going on. But there's also a legitimate possibility here that the NSA eventually realized this surveillance wasn't really getting it the data it needed.

That should be good news, but it actually highlights the dramatic importance of another privacy fight: the one over encryption. Increasingly we're using apps and messaging systems to communicate with each other, not phone calls.

On the one hand, that means the metadata from phone calls is less useful to anybody who wants to snoop on you. But it also means that we're passing along the actual contents of the conversation through texts and other messaging tools. And that means that when somebody gets access to your phone, he gets access to the actual conversations you're having—something that wasn't the case with the Freedom Act.

That means the battle over your right to hard-to-break encryption is much more important than the fight over NSA surveillance, even if the latter got so much more attention. Encryption protects your data and messages from prying eyes, including government eyes (not just America's, but others as well).

There's been a significant law-enforcement push, both in the United States and abroad, to try to force tech companies to provide access to this information on demand. Reason has been following this fight for years now, and we've been and warning—as have just about every single technology and information company out there—that strong encryption is necessary to protect our privacy and data from criminals and other bad actors.

But many officials would apparently rather let you be victimized than give up a chance to access your private conversations. Just last week, FBI Director Christopher Wray was beating the drum that there needs to be some way to stop criminals from using encryption to hide information. But there's simply no way to develop systems to bypass encryption that cannot be abused.

At the same time Wray was lamenting encryption's role in keeping secrets from police, Facebook chief Mark Zuckerberg was talking about adding end-to-end encryption to Facebook to make it harder for third parties (including law enforcement) to snoop on private messages. It's becoming clear that encryption is going to be an extremely important mechanism to protect our data privacy as we turn more and more to messaging systems to communicate.

All of this is to say that we really, really need to be paying more attention to how Australian lawmakers may be destroying the stability of our encryption and rendering all of us (not just their own citizens) vulnerable. Australia's Parliament has, over the objections of essentially the entire tech community, passed anti-encryption legislation that grants police agencies the power to make tech companies secretly help them bypass their own security systems to gain access to private data. They can even secretly order tech companies to introduce vulnerabilities to facilitate their own access into an app or a social media platform's messaging systems.

In a recent Reason interview with outgoing libertarian Australian Sen. David Leyonhjelm (available now online here in a trimmed-down version), I asked if he felt lawmakers truly understood the can of worms they were opening with their anti-encryption bill. Leyonhjelm, who is a vocal critic of the expansion of government surveillance there, said he didn't believe that they did:

I don't think they have any idea of what they've getting into….In all fairness, also, we have a law that allows the government to access metadata. And when that was being introduced, our attorney general…was asked by the media, "What is metadata?" He did not have a clue. He did not have a clue. He was responsible for the legislation, which was quite intrusive, similar to the decryption legislation, quite intrusive. It was giving the government authority to monitor our metadata without a warrant….

Now, my view is that the people who thought monitoring metadata was a good idea probably didn't know what it was or what they could do with it. I suspect the same people are responsible for the decryption legislation. They really don't know what they are doing. They're not technically very smart and have no decent understanding of what its limitations are going to be or the principle that the government has a right to snoop on anything that you write.

Australia has an intelligence-sharing agreement with the United States, Canada, the United Kingdom, and New Zealand. If the security of private messaging systems gets compromised in Australia, there's no reason to think that the information that government collects won't get shared with other countries or that the tools used to bypass encryption won't be passed along to these allies.

It's unlikely that the NSA would abandon the use of a surveillance tool if it was effective in any way. The message being sent by the possible abandonment of the USA Freedom Act surveillance powers is that there are other methods of surveillance that might be more effective. And just as we were vocal about the abuses of the PATRIOT Act, we need to be vocal about not allowing our encryption to be compromised and our data security evaporated by secret demands to snoop on us.

Advertisement

NEXT: FDA Finally Approves Genetically Enhanced Salmon—After 24 Years

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. The most fundamentally idiotic thing about all this is the assumption that you need to use some giant tech company’s product in order to communicate secretly. Any serious criminal or terrorist organization is going to use something like Signal, or hell, a home grown solution. I mean, you could make a simple encrypted messaging app in an afternoon. There is absolutely nothing law enforcement can do about that.

    A War On Encryption would be by far the most futile War On Thing yet. The very concept makes the War on Drugs or Terror sound like a simple task by comparison.

    1. This.

      The laws of mathematics will never be under government jurisdiction, no matter how hard idiot politicians may try to make it so.

      1. Google is now paying $17000 to $22000 per month for working online from home. I have joined this job 2 months ago and i have earned $20544 in my first month from this job. I can say my life is changed-completely for the better! Check it out whaat i do…..

        click here ======?? http://www.Aprocoin.com

    2. Start working at home with Google! It’s by-far the best job I’ve had. Last Wednesday I got a brand new BMW since getting a check for $6474 this – 4 weeks past. I began this 8-months ago and immediately was bringing home at least $77 per hour. I work through this link, go to tech tab for work detail.
      >>>>>>>>>> http://www.payshd.com

      1. Start working at home with Google! It’s by-far the best job I’ve had. Last Wednesday I got a brand new BMW since getting a check for $6474 this – 4 weeks past. I began this 8-months ago and immediately was bringing home at least $77 per hour. I work through this link, go to tech tab for work detail.
        >>>>>>>>>> http://www.Aprocoin.com

      2. On sunday my check was 1500$ just do work on this website few hour and Earn Easily at home on laptop online .This is enough for me and my family.

        >>=====>>>> http://www.Theprocoin.com

    3. Unless you’re going to build the device yourself (and I mean build it all the way down to the construction of the chips), yeah, you do need some giant tech company’s product. Sure, you can use Signal. I do, too. And that will provide protection at layers above the hardware stack. But with the right access to the hardware, you could easily intercept the information before the encryption steps. It’s not as easy as attacking the application layer but it’s not impossible.

    4. You’re absolutely correct. I use a homegrown solution which is a severely modified D-H algorithm with a 4096-bit key. The key rotates daily and uses a one-way encryption algorithm itself. I estimate that if the NSA uses ALL of their Crays, they might be able to crack it in a little under two years of continuous cycling. Of course, my message will be a bit dated by that time.

  2. Weren’t we getting the anti-encryption propaganda WHILE they were snooping on us?

  3. I sure am glad that Facebook has stepped up to protect us from the cyberstalkers, there’s nobody I’d trust more to protect my privacy outside of a government agency.

    1. It’s not just about cyberstalkers, it’s about mean-spirited memes too.

  4. No, you can’t snoop on my back door.

  5. the NSA eventually realized this surveillance wasn’t really getting it the data it needed.

    And what exactly would that data be?

    *** clicks link ***

    Lubin and I expect to have our paper discussing these issues, including the technical aspects, out relatively soon.

    Right.

  6. The NSA is going to vacuum up all the data they can get. The legality of those actions doesn’t matter. All you can do to try to protect yourself is assume that all non encrypted communications is not private at all and is being recorded and saved in gov’t database. And the best you can do is go with open source software like Signal, that is less likely to have backdoors or other intentional flaws.

  7. Start working at home with Google! It’s by-far the best job I’ve had. Last Wednesday I got a brand new BMW since getting a check for $6474 this – 4 weeks past. I began this 8-months ago and immediately was bringing home at least $77 per hour. I work through this link, go to tech tab for work detail.
    >>>>>>>>>> http://xurl.es/BestOnline

  8. ?Google pay 95$ consistently my last pay check was $8200 working 10 hours out of every week on the web. My more young kin buddy has been averaging 15k all through ongoing months and he works around 24 hours consistently. I can’t confide in how straightforward it was once I endeavored it out.This is my primary concern…GOOD LUCK .

    click here =====?? http://www.Geosalary.com

  9. On sunday my check was 1500$ just do work on this website few hour and Earn Easily at home on laptop online .This is enough for me and my family.

    >>=====>>>> http://www.Theprocoin.com

Please to post comments

Comments are closed.