Encryption

CIA Encryption Meddling and Chinese Espionage Allegations Make It Clear: We All Need Strong Data Protection

Somebody tell the FBI and Congress.

|

U.S. officials have been insisting to tech platforms that overly strong encryption is a threat to public safety and that "back doors" must be provided for law enforcement to bypass security, all in the name of fighting crime.

Meanwhile, U.S. officials have also been claiming that China-based tech company Huawei can use secret security bypasses that are intended for law enforcement use only in order to access data that could be used by the Chinese government for surveillance purposes.

In summation: The same U.S. government that wants tech companies and telecoms to create secret software doors that would allow it to snoop on our private communications and data is also worried that other governments will be able to use those same back doors to do the same thing. This is what tech privacy experts have been warning U.S. officials (and U.K. officials and Australian officials) all along: Any back door that allows law enforcement to circumvent user privacy protections will ultimately be used by people with bad intentions.

The context here is a Wall Street Journal report that reveals U.S. officials have been quietly telling allies that Huawei can secretly access data from its phone networks through taps that the company built into the hardware it sells to cellphone carriers. Laws mandate that Huawei (and other telecom companies) install these "interception interfaces" into their equipment, but only authorized law enforcement officials are supposed to have access. Even Huawei itself is not supposed to be able to gain access without the permission of the phone carriers. But U.S. officials are insistent that Huawei has maintained secret access to these taps since at least 2009.

Huawei says these claims are not true and that these hardware taps can only be accessed by "certified personnel of the network operators." The company also insists it is not surveilling data and passing it along to the Chinese government.

The story leans heavily on U.S. claims from secret intelligence that has recently been declassified, but it's not exactly proof of the claims.

On a surface level, this is about the global tech market and the competition between China and the United States. But dig deeper and you can see the relevance to our encryption fight.

The FBI and Department of Justice insist that tech companies need to be adding similar, virtual back doors in our communication tools, phones, and apps in the name of fighting crime and terrorism. People like FBI Director Christopher Wray and Attorney General William Barr are willing to discuss encryption back doors only in terms of how it helps the U.S. government. But this Wall Street Journal report makes it clear that the U.S. government is abundantly aware that any access point (real or virtual) to look at private data is a point of vulnerability.

If this intelligence is true, it means that any government-mandated encryption bypass is potentially abusable and the U.S. should not be demanding tech companies make them, lest the Chinese government (or Saudi government, or Russian government, or United Arab Emirates, or identity thieves with hacking skills) get their hands on whatever mechanism created for law enforcement use only.

If the intelligence is not true, it nevertheless makes it clear that the United States understands that back doors create huge vulnerabilities. Government officials know full well that the Justice Department's demands are unreasonable and should be shut down, and lawmakers like Sen. Lindsey Graham (R–S.C.) should not be proposing bills to force companies to implement encryption back doors.

But then, perhaps I should simply stop treating the Justice Department and Congress as though they're making these arguments in good faith. You see, yesterday, the Washington Post published a very different story about encryption and data privacy. It turns out that, for decades, the CIA and German intelligence owned and secretly operated an encryption company named Crypto AG. They sold compromised encryption technology to other countries, then secretly spied on them. The Washington Post reports that

they monitored Iran's mullahs during the 1979 hostage crisis, fed intelligence about Argentina's military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.

Germany left the partnership in the 1990s, fearing exposure. So the CIA ran the company until 2018 when it liquidated Crypto AG and sold it off to two companies, one of whom apparently had no idea about its secret background.

We should be wary of the U.S. government doubling down on its efforts to compromise encryption, especially now that Crypto AG is not of use to the CIA. We know full well those back doors are going to be used for a lot more than trying to track down alleged pedophiles, and the federal government knows that, too.

NEXT: Is Bernie Sanders the Democratic Party's Donald Trump? 

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I saw this report a day or two ago. It made me laugh — the US complaining that Huawei backdoors are rendering US backdoors obsolete, and out of the other side of its lying mouth, it says it doesnt spy on Americans, and that backdoors will not be used to spy on people without authorization, and oh noes you peons mustn’t use encryption that would interfere with our backdoors.

    And people think this self-same government would be capable of engineering the 9-11 WTC collapses and blaming innocent Saudis, or that this self-same government should be in charge of health care and controlling the climate and telling tech companies what to do.

  2. I welcome the coming arms race in the encryption space. The sooner every packet sent across the networks of the world is secured with end-to-end 4112-bit encryption, the sooner will be blunted the long arm of authoritarianism worldwide.

    1. Don’t need that ridiculous level of encryption. However, given how powerful every modern messaging device is, including phones, 128bit encryption should be the default standard. 128bit encryption WITHOUT backdoors. It won’t stop a determined NSA attack but it’s sufficient for keep local law enforcement from casually violating everyone’s rights.

      1. I would rather see 256- or 512-bit encryption, but point taken. There was a degree of facetiousness to my suggestion of 4112-bit encryption.

    2. “The sooner every packet sent across the networks of the world is secured with end-to-end 4112-bit encryption”

      What is stopping you from doing this now? Government? Business? Ignorance of cryptography? Serious question, your ideas are welcome. ‘Somebody should tell Congress’ implies that we are powerless to encrypt without government involvement.

  3. no reason to send things you think are sensitive over your phone.

  4. “Any back door that allows law enforcement to circumvent user privacy protections will ultimately be used by people with bad intentions.” You kind of repeated yourself there, no?

  5. Any thing I felt needed end to end encryption would never be sent over the public airwaves.

    1. Trick being; how about anything you felt needed end-to-end encryption in China?

      It’s pretty easy to read this as a ‘har-har US surveillance state is paradoxically emulating socialist surveillance state’, but a more complete reading is actually a bit scarier/creepier: the socialist surveillance state is beating the capitalist surveillance state at capitalism.

      Even Reason has a pretty decidedly terrible take on how to take libertarianism/capitalism global in a world where the average person has no idea who Adam Smith is and doesn’t know or care about the text of the 1A.

  6. This just in

    U. S. Government Claims Exclusive Right To Large Prime Numbers

    Cites “National Security Concerns”

  7. “and lawmakers like Sen. Lindsey Graham (R–S.C.) should not be proposing bills to force companies to implement encryption back doors.”

    At no point in the draft does it say anything about that. You are either a liar or you didn’t bother reading. A tech blogger said the AG “could” put that in there. The AG “could” also require every dick picture sent to have a DOB and photo of the owner’s face included.

    There are a million things that the bill “could” require. You know, just like every other bill that’s still a draft.

    What does the draft mention? You’re writing about things that aren’t in it. (Journalism, eh?)

    The draft does mention age restrictions. How does that work? How can one do that and have people not lie? Probably the same way phone companies and ISP’s know your DOB, SNN, and address. By verifying identity to retain CDA 230 immunity. That means everyone that signs up to use their service. Why not write about that? The age limits ARE in the draft unlike the talk of E2EE.

  8. “Laws mandate that Huawei (and other telecom companies) install these “interception interfaces” into their equipment, but only authorized law enforcement officials are supposed to have access.”

    You mean passing a law doesn’t automatically generate the intended results? Imagine that!

  9. I’m constantly disappointed in the lack of independent thought by Reason writers. Every thought on this page, and most other Reason articles, seems cribbed from one orthodoxy or another.

    1. The ideas aren’t original as well. No new thoughts. It seems like the authors just browse news stories and rewrite them without doing any kind of journalism on their own. If they do they enter it with a mindset of finding what they are already looking for.

  10. So they’ve admitted that the there are taps? That’s unsettling.

  11. Google pay 350$ reliably my last pay check was $45000 working 9 hours out of consistently on the web. My increasingly youthful kinfolk mate has been averaging 19k all through continuous months and he works around 24 hours reliably…..Read MoRe

  12. This is very Amazing when i saw in my Acount 8000$ par month .Just do work online at home on laptop with my best freinds . So u can always make Dollar Easily at home on laptop ,,.. Read more

  13. “We know full well those back doors are going to be used for a lot more than trying to track down alleged pedophiles”

    Pedophilia does NOT require one to commit child abuse!
    You might as well have used the word GAY as the group to track down

Please to post comments

Comments are closed.