Federal law enforcement agencies are seeking “backdoor” access to encrypted email and devices which, privacy advocates and human rights groups warn, threatens to abolish key internet safeguards and an essential human right.
In separate hearings before two Senate subcommittees on Wednesday, FBI Director James Comey argued that without special access to secure communications, the United States will be unable to “identify and stop terrorists who are using social media to recruit, plan and execute an attack in our country.”
Comey articulated these threats as tech giants such as Google and Apple have begun to offer more security options for consumers increasingly concerned about government surveillance. One popular technology, known as end-to-end encryption, permits only the sender and recipient to have access to digital messages, which are unlocked by a set of specific “keys.” If such a message is intercepted, as Comey said, it looks like “gobbledygook.”
In one hearing before the Senate Judiciary Committee, Comey and Deputy Attorney General Sally Quillian Yates said they wanted to “work with” those tech companies to gain access to encrypted communications while still “protecting privacy.”
However, experts have long-argued that such access does not and cannot exist. As Intercept reporter Jenna McLaughlin pointed out, “Comey didn’t so much propose a solution as wish for one.”
“Comey’s problem is the nearly universal agreement among cryptographers, technologists and security experts that there is no way to give the government access to encrypted communications without poking an exploitable hole that would put confidential data, as well as entities like banks and power grids, at risk,” McLaughlin wrote.
According to reporting, Comey repeatedly questioned whether technology companies were doing enough to develop a workaround for this Catch-22.
“A whole lot of good people have said it’s too hard … maybe that’s so,” Comey told the Senate Intelligence Committee. “But my reaction to that is: I’m not sure they’ve really tried.”
“Maybe no one will be creative enough,” Comey reiterated during the Judiciary Committee hearing, “unless you force them to.”
In a paper (pdf) published on Monday by the Massachusetts Institute of Technology, a number of leading security technologists argue that the government demands for access to private communications and data has “failed to account for the risks inherent” in such “exceptional access systems.”
The report concludes that “such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict.”
Further, the computer scientists warn that for governments seeking this power, namely the U.S. and United Kingdom, there will be “considerable” costs to countries’ “soft power” and “moral authority.”
This last concern has also been raised among rights groups, including the United Nations Office of the High Commissioner for Human Rights, who say encryption and online anonymity are actually a foundational human right.
Despite their insistence on the necessity of breaking into the secure communications of terrorist groups, during the hearings the officials were unable to substantiate these claims.
[Yates] told the committee that she sees the problem “every day,” but does not keep track of cases in which encryption has stopped the department from monitoring communications. Her explanation was that the DOJ, when presented with instances of encryption, no longer even tries to secure a wiretap order. […]
A Federal Courts report on wiretapping in 2014 released last week disclosed that federal and state law enforcement personnel at all levels encountered only four cases all year in which wiretaps were thwarted because of encryption.
In a column published on Wednesday, Cynthia Wong, senior Internet researcher at Human Rights Watch, argued that developing a means to break into encrypted messages threatens human rights activists worldwide, who rely on such tools to organize without fear of reprisal.
“The U.S. government supports Internet freedom abroad as a pillar of its human rights foreign policy,” Wong wrote. “But the FBI has embarked on an aggressive campaign to convince the public that encryption built into our digital tools should be weakened in the name of countering terrorism. Yet it has failed to recognize the broad, though unintended, harm such an approach would bring to human rights activists worldwide. ”
[T]he nearly universal view within the digital security community is that there is no technical solution that would allow the FBI to decrypt all communications, but wouldn’t leave internet users exposed to actors (government and non-government) that would try to uncover that vulnerability for malicious purposes. Repressive regimes will exploit back doors to identify “troublemakers” and throw them in jail.
And if the FBI forces tech companies to weaken their security, then why wouldn’t every other government demand the same, including those that equate dissent with terrorism. How comfortable would we be if Russia, China, and Saudi Arabia had back door access to Apple and Google devices?