ICT

Renewed calls for backdoor access to encryption have all the same flaws – CNET

Attorney General William Barr Delivers Remarks At The SEC Criminal Coordination Conference

US Attorney General William Barr has renewed the government’s fight for access to encrypted messages.

Chip Somodevilla / Getty Images

For security experts, the US government’s debate over accessing end-to-end encryption sounds like a broken record — with the same logical flaws they’ve pointed out for years. The latest push came Friday at the Justice Department’s “Lawful Access Summit” in Washington, DC. The arguments from both sides sound eerily familiar, even if they were spouted by different individuals and companies. 

Where former US Deputy Attorney General Rod Rosenstein called it “responsible encryption” in 2017, current Attorney General William Barr called it “lawful access” in a letter sent to Facebook CEO Mark Zuckerberg on Friday. FBI Director Christopher Wray echoed former director James Comey’s remarks from 2014, arguing that the agency wasn’t seeking a backdoor, but rather a “front door” to access encrypted messages.   

While the call to give governments access to encrypted messages in 2016 was highlighted by a battle between Apple and the FBI, the fight in 2019 lies between the Justice Department and Facebook. 

The renewed debate between our privacy and the government’s need to access private systems for the sake of public safety comes months after Facebook said it intends to encrypt all of its messaging services. Facebook is the top provider of reports to law enforcement on child exploitation cases, but the Justice Department worries that if the company encrypts all its messaging services, investigators would be left in the dark. 

“Facebook would transform from the main provider of child exploitation tips to a dream-come-true for predators and child pornographers,” Wray said at the summit. 

Facebook’s move forces it into a tricky balancing act. The company opted to adopt end-to-end encryption in an effort to shore up questions about its ability to responsibly handle our data. But that very move now puts it in the crosshairs of the US government. 

End-to-end encryption is a security measure where content in messages is kept hidden even from the companies that provide that service. Police can serve a search warrant to the likes of Facebook and Apple for messages, but the companies wouldn’t be able to provide them because of that encryption. 

Political activists and dissidents also rely on end-to-end encryption in fear that more oppressive governments are spying on their messages. Security experts warn that by giving US law enforcement access to encrypted messages, other nations will follow with similar demands. 

“Even if we agree that the positives of saving US children outweighs our own privacy concerns, there’s little doubt that the interfaces will be used by foreign governments to oppress entire populations,” said Jake Williams, founder of cybersecurity firm Rendition Infosec. 

A coalition of more than 60 international civil rights groups signed a letter to Zuckerberg on Friday, countering the points that the Justice Department laid out. The letter highlighted that end-to-end encryption protects millions of people from oppressive regimes and potential hackers. It also called for Zuckerberg to continue Facebook’s plans to encrypt its messaging services.

“We encourage you to resist calls to create so-called ‘backdoors’ or ‘exceptional access’ to the content of users’ messages, which will fundamentally weaken encryption and the privacy and security of all users,” the letter said. 

The Justice Department argued that there could be a middle ground with security and privacy for all, as well as a way for governments to view people’s messages. At the summit, Barr called on tech companies to develop a way to provide “secure legal access,” something experts for years have said is impossible

“We are confident that there are technical solutions that will allow lawful access without materially weakening the security provided to consumers by encryption,” Barr said.

The attorney general didn’t offer any potential suggestions following his remarks. The concern is that by providing governments access to encrypted messages, it leaves an opening for potential hackers to steal that same key. 

It’s why Apple CEO Tim Cook refused to build a backdoor for the FBI investigating a terrorist’s iPhone, noting that it could potentially be stolen by hackers and open up access to millions of other people’s iPhones in the future. 

At the summit, Deputy Attorney General Jeffrey Rosen specifically called out Apple over its encrypted messages. He criticized the company for its lack of tips on child exploitation cases, pointing out that Apple only reported eight tips in 2017, 43 in 2018 and less than 150 in 2019. 

“When contrasted to the millions of tips reported by Facebook over the same time frame, is the take-home point that Apple magically ran platforms free of child exploitation as the volume of child exploitation materials grew by massive amounts everywhere else on the internet?” Rosen said. 

Sen. Ron Wyden, a Democrat from Oregon who has proposed legislation banning government backdoors, blasted the Justice Department’s arguments Friday. He pointed out that US tech companies were more cooperative with law enforcement, and criminals would just move onto other platforms if “lawful access” was enabled.

“The scourge of child sexual exploitation is a serious problem, but the attorney general’s proposal will only make things worse,” Wyden said in a statement.