Encryption

The Justice Department Renews Its Irresponsible Calls for Encryption Bypasses

In order to fight crime, Americans must...make their data more susceptible to hacking?

|

A new round of attacks on our right to secure, hard-to-crack encryption has kicked off.

In separate speeches this month, Attorney General William Barr and FBI Director Christopher Wray each insisted that they understand encryption is a necessary tool—particularly as more and more information about us is digitized—to protect our personal data from anybody with ill intent. But both nevertheless believe that apps and tech platforms need to develop tools that let government officials bypass encryption to comply with warrants. Neither seems willing to accept the reality that a back door that lets the FBI in would by its very nature weaken encryption, making it subject to attacks by the very same predators we need to be protected from.

In an address at the International Conference on Cyber Security on July 23, Barr opined [emphasis added]:

At conferences like this, we talk about those costs in abstract terms. They are not abstract; they are real. The costs of irresponsible encryption that blocks legitimate law enforcement access is ultimately measured in a mounting number of victims—men, women, and children who are the victims of crimes—crimes that could have been prevented if law enforcement had been given lawful access to encrypted evidence.

Throughout the speech, Barr refers to "warrant-proof encryption" rather "end-to-end encryption" (which appears all of once in the whole speech) or "quantum cryptography" (which doesn't appear at all). These are types of encryption designed to make it extremely difficult, if not impossible, for third parties or unintended recipients to access the information. This is an increasingly necessary tool for protecting our data privacy that also has a secondary effect of making it hard for law enforcement to access our private data and communications even with warrants.

This type of encryption also, incidentally, makes it hard for the governments of countries like Saudi Arabia, Iran, Russia, and China and others to access our private data. So it's absurd but telling for Barr to dismiss it as "irresponsible" simply because his agencies can't gain access. The costs of having your data accessed and copied by foreign governments are not abstract either.

Similarly, Wray gave a speech July 25 at the FBI International Cyber Security in which he insisted that he understands how important data security is, but also declared that government access to encrypted data is equally important:

I don't want to think about a world in which we lose the ability to detect dangerous criminal activity because a technology provider decides to encrypt this traffic—data "in motion"—in such a way that the content is cloaked and no longer subject to our longstanding legal process. Our ability to do our jobs—law enforcement's ability to protect the American people—will be degraded in a major way.

Later, he complains: "I get a little frustrated when people suggest that we're trying to weaken encryption—or weaken cybersecurity more broadly. We're doing no such thing." There's a reason that nearly everybody in the private sector tech security establishment is making that suggestion: because what Wray and Barr want cannot happen without weakening encryption. There is no such thing as a door that only the "good guys" (for whatever definition of good guys you choose) can enter.

Back in 2016, some hackers attempted to show the FBI exactly what would happen with encryption "back doors." Microsoft had an encryption key to bypass part of its authentication process for its operating system. Developers used it to test new operating builds. The hackers managed to get their hands on this encryption key and publicized how it worked. Their intent was to show the FBI that anything that would allow law enforcement to bypass encryption would ultimately get into the "wild" somehow and that people with malicious plans, be they criminals or foreign governments, would also kick that door wide open. They begged the FBI to pay attention to their example.

Apparently, the FBI is still refusing to listen. We may end up trying to following Australia's footsteps and making the world a more dangerous place for law-abiding citizens while clever criminals and predatory foreign governments both take advantage of these back doors and use a constantly shifting array of lesser-known, disposable encrypted communication apps that the feds will not be able to stay on top of. We'll end up in the worst of all worlds.

Advertisement

NEXT: Will Any Democrat Stand Up for Free Trade at This Week's Debates?

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. The problem is giving the cops the keys is giving everyone the keys because there is no way these backdoors could ever be kept secret forever.

    Hard pass.

    1. The problem is giving the cops the keys.

      1. This is the first major misstep I’ve seen from Barr, who otherwise, has seemed to have the right idea.
        What could law enforcement have gotten before smart phones and the internet that they can’t get now? Realistically, they can still generate a web of contacts – they just don’t know what the communications say. But unless they were tapping your phone, they didn’t know that before. They can still tap your phone, but the problem (from their perspective) is they have to get a warrant first, and the warrant only applies to communications they intercept AFTER they start recording.
        Seems a fair traideoff. Some criminals get away because the only evidence against them is locked up on their computer or phone, while the majority of the world is simply protected from criminals by the not weakening security.

        Put another way – would all the cops agree to use locks and burglar alarms on their houses that could be opened/disabled by a master key/code? And would they trust 100,000 people across the Country to have access to that information?

  2. In addition to the observation that we can’t open back doors for the government without also creating a serious security vulnerability, we might also point out that the people who are looking to exploit these security vulnerabilities aren’t just bored nerds. The governments of China, Iran, North Korea, and Russia already have their best people working on ways to exploit security vulnerabilities, and they’d make short work of any back door for the U.S. government–as sure as the sun will rise tomorrow.

    Meanwhile, witness yesterday’s announcement regarding the breach at Capital One and it should be clear that the level and scope of encryption we have available to us now is inadequate. In the future, most everything will need to move to blockchain, but in the meantime, we need stronger encryption than what we have now. They’re not just a little bit wrong about this back door. They’re swimming hard in the wrong direction.

  3. Understand how forced technology transfers work:

    You want access to the Chinese market? That’s great! We’re the Chinese government, and we’re here to help. We’ve got an agency whose sole purpose is to help facilitate your entry into our market.

    Once our agency has researched your company and the industry, you’ll be assigned a join venture partner. Don’t worry. We’ll assign you to a company we trust. The head of the company will either be a former member of the Chinese Communist Party or the People’s Revolutionary Army. If he weren’t trustworthy, we wouldn’t assign them to lead your joint venture.

    Anyway, once you’ve become a minority shareholder in the new joint venture and shared your technology with your partner to the satisfaction of our agency, you’ll receive a license to sell your products in China.

    What’s not to like about that?

    1. Ah, shit. wrong thread?

      It had to happen eventually.

    2. Nothing to like about that (think you were replying to my reply on the other board). But I don’t see the forced part of that equation. When did the commies hold guns to their head? Also they are communist so why anyone would believe they would protect private property instead of confiscate it is beyond me. Stupid execs making stupid decisions means they should be fired; not protected. Sorry for your loss Apple, keep your operations in America next time.

      1. “I don’t see the forced part of that equation. When did the commies hold guns to their head?”

        We’re talking about this within the context of a free trade agreement, where we get access to their markets in exchange for them getting access to ours.

  4. We may end up trying to following Australia’s footsteps and making the world a more dangerous place for law-abiding citizens while clever criminals and predatory foreign governments both take advantage of these back doors and use a constantly shifting array of lesser-known, disposable encrypted communication apps that the feds will not be able to stay on top of. We’ll end up in the worst of all worlds.

    That’s how it always is. Any proposal by the government to “keep us safe” works out this way. I’m inclined to think that it’s on purpose: that the government considers us to be the threat that needs to be dealt with.

    1. BINGO! I’m concerned, however, about your choice of the word ‘inclined,’ followed by ‘to think.’ A more appropriate phrase might be: ‘convinced,’ no?

  5. There are some laws that Congress can’t change, starting with the laws of mathematics.

      1. In fairness neither Congress nor Australia are trying to change the laws of mathematics, the are just ignoring them in favor of political posturing

  6. Your right to be secure in your person, house, papers and effects is designed to keep you safe from snoopy neighbors, not from your friendly government. In order to protect your person, house, papers and effects, the government has to know what it’s protecting, doesn’t it?

    1. Is this a serious question?

      1. Yes, it is ~ if you’re the government.

  7. A few years back I developed my own encryption which is a VERY modified Diffie-Hellman algorithm with a 4096-byte key. My drive is totally encrypted and for communication, I send the recipients a decryption app first (communication uses a randomly selected 2048-byte key). I estimate that, using all of the Crays they own, it would take NSA around 5 years to hack in.

  8. what law is being played? Is this news accurate ??

    Dndpoker

  9. Each of the 2 major parties has different freedom they want to take from you. This is one where their will likely be bi partisan agreement. A generation or so ago, democrats once supported civil liberties. For republicans it was even longer.
    A nation of complacent sheep.

Please to post comments