Encryption

The Justice Department Renews Its Irresponsible Calls for Encryption Bypasses

In order to fight crime, Americans must...make their data more susceptible to hacking?

|

A new round of attacks on our right to secure, hard-to-crack encryption has kicked off.

In separate speeches this month, Attorney General William Barr and FBI Director Christopher Wray each insisted that they understand encryption is a necessary tool—particularly as more and more information about us is digitized—to protect our personal data from anybody with ill intent. But both nevertheless believe that apps and tech platforms need to develop tools that let government officials bypass encryption to comply with warrants. Neither seems willing to accept the reality that a back door that lets the FBI in would by its very nature weaken encryption, making it subject to attacks by the very same predators we need to be protected from.

In an address at the International Conference on Cyber Security on July 23, Barr opined [emphasis added]:

At conferences like this, we talk about those costs in abstract terms. They are not abstract; they are real. The costs of irresponsible encryption that blocks legitimate law enforcement access is ultimately measured in a mounting number of victims—men, women, and children who are the victims of crimes—crimes that could have been prevented if law enforcement had been given lawful access to encrypted evidence.

Throughout the speech, Barr refers to "warrant-proof encryption" rather "end-to-end encryption" (which appears all of once in the whole speech) or "quantum cryptography" (which doesn't appear at all). These are types of encryption designed to make it extremely difficult, if not impossible, for third parties or unintended recipients to access the information. This is an increasingly necessary tool for protecting our data privacy that also has a secondary effect of making it hard for law enforcement to access our private data and communications even with warrants.

This type of encryption also, incidentally, makes it hard for the governments of countries like Saudi Arabia, Iran, Russia, and China and others to access our private data. So it's absurd but telling for Barr to dismiss it as "irresponsible" simply because his agencies can't gain access. The costs of having your data accessed and copied by foreign governments are not abstract either.

Similarly, Wray gave a speech July 25 at the FBI International Cyber Security in which he insisted that he understands how important data security is, but also declared that government access to encrypted data is equally important:

I don't want to think about a world in which we lose the ability to detect dangerous criminal activity because a technology provider decides to encrypt this traffic—data "in motion"—in such a way that the content is cloaked and no longer subject to our longstanding legal process. Our ability to do our jobs—law enforcement's ability to protect the American people—will be degraded in a major way.

Later, he complains: "I get a little frustrated when people suggest that we're trying to weaken encryption—or weaken cybersecurity more broadly. We're doing no such thing." There's a reason that nearly everybody in the private sector tech security establishment is making that suggestion: because what Wray and Barr want cannot happen without weakening encryption. There is no such thing as a door that only the "good guys" (for whatever definition of good guys you choose) can enter.

Back in 2016, some hackers attempted to show the FBI exactly what would happen with encryption "back doors." Microsoft had an encryption key to bypass part of its authentication process for its operating system. Developers used it to test new operating builds. The hackers managed to get their hands on this encryption key and publicized how it worked. Their intent was to show the FBI that anything that would allow law enforcement to bypass encryption would ultimately get into the "wild" somehow and that people with malicious plans, be they criminals or foreign governments, would also kick that door wide open. They begged the FBI to pay attention to their example.

Apparently, the FBI is still refusing to listen. We may end up trying to following Australia's footsteps and making the world a more dangerous place for law-abiding citizens while clever criminals and predatory foreign governments both take advantage of these back doors and use a constantly shifting array of lesser-known, disposable encrypted communication apps that the feds will not be able to stay on top of. We'll end up in the worst of all worlds.