Yesterday the US Senate Judiciary Committee held a hearing on encryption and lawful access. That's the fanciful idea that encryption providers can somehow allow law enforcement access to users' encrypted data while otherwise preventing the bad guys
from accessing this very same data.
But the hearing was not inspired by some new engineering breakthrough that might make it possible for Apple or Facebook to build a secure law enforcement backdoor into their encrypted devices
and messaging applications. Instead, it followed speeches, open letters, and other public pressure by law enforcement officials in the U.S. and elsewhere to prevent Facebook from encrypting its messaging applications, and more generally to portray
encryption as a tool used in serious crimes, including child exploitation. Facebook has signaled it won't bow to that pressure. And more than 100 organizations including EFF have called on these law enforcement officials to reverse course and avoid
gutting one of the most powerful privacy and security tools available to users in an increasingly insecure world.
Many of the committee members seemed to arrive at the hearing convinced that they could legislate secure backdoors.
Among others, Senators Graham and Feinstein told representatives from Apple and Facebook that they had a responsibility to find a solution to enable government access to encrypted data. Senator Graham commented:
My
advice to you is to get on with it, because this time next year, if we haven't found a way that you can live with, we will impose our will on you.
But when it came to questioning witnesses, the senators had trouble
establishing the need for or the feasibility of blanket law enforcement access to encrypted data. As all of the witnesses pointed out, even a basic discussion of encryption requires differentiating between encrypting data on a smartphone, also called
encryption at rest, and end-to-end encryption of private chats, for example.
As a result, the committee's questioning actually revealed several points that undercut the apocalyptic vision painted by law enforcement officials in
recent months. Here are some of our takeaways:
There's No Such Thing As an Unhackable Phone
The first witness was Manhattan District Attorney Cyrus Vance, Jr., who has called for Apple and Google to
roll back encryption in their mobile operating systems. Yet by his own statistics, the DA's office is able to access the contents of a majority of devices it encounters in its investigations each year. Even for those phones that are locked and encrypted,
Vance reported that half could be accessed using in-house forensic tools or services from outside vendors. Although he stressed both the high cost and the uncertainty of these tools, the fact remains that device encryption is far from an insurmountable
barrier to law enforcement.
As we saw when the FBI dramatically lowered its own estimate of unhackable phones in 2017, the level of security of these devices is not static. Even as Apple and Google patch vulnerabilities that might
allow access, vendors like Cellebrite and Grayshift discover new means of bypassing security features in mobile operating systems. Of course, no investigative technique will be completely effective, which is why law enforcement has always worked every
angle it can. The cost of forensic tools may be a concern, but they are clearly part of a variety of tools law enforcement use to successfully pursue investigations in a world with widespread encryption.
Lawful Access to
Encrypted Phones Would Take Us Back to the Bad Old Days
Meanwhile, even as Vance focused on the cost of forensic tools to access encrypted phones, he repeatedly ignored why companies like Apple began fully encrypting their
devices in their first place. In a colloquy with Senator Mike Lee, Apple's manager of user privacy Erik Neuenschwander explained that the company's introduction of full disk encryption in iOS in 2014 was a response to threats from hackers and criminals
who could otherwise access a wealth of sensitive, unencrypted data on users' phones. On this point, Neuenschwander explained that Vance was simply misinformed: Apple has never held a key capable of decrypting encrypted data on users' phones.
Neuenschwander explained that he could think of only two approaches to accomplishing Vance's call for lawful access, both of which would dramatically increase the risks to consumers. Either Apple could simply roll back encryption on
its devices, leaving users exposed to increasingly sophisticated threats from bad actors, or it could attempt to engineer a system where it did hold a master key to every iPhone in the world. Regarding the second approach, Neuenschwander said as a
technologist, I am extremely fearful of the security properties of such a system. His fear is well-founded; years of research by technologists and cryptographers confirm that key escrow and related systems are highly insecure at the scale and complexity
of Apple's mobile ecosystem.
End-to-End Encryption Is Here to Stay
Finally, despite the heated rhetoric directed by Attorney General Barr and others at end-to-end encryption in messaging
applications, the committee found little consensus. Both Vance and Professor Matt Tait suggested that they did not believe that Congress should mandate backdoors in end-to-end encrypted messaging platforms. Meanwhile, Senators Coons, Cornyn, and others
expressed concerns that doing so would simply push bad actors to applications hosted outside of the United States, and also aid authoritarian states who want to spy on Facebook users within their own borders. Facebook's director for messaging privacy Jay
Sullivan discussed ways that the company will root out abuse on its platforms while removing its own ability to read users' messages. As we've written before, an encrypted Facebook Messenger is a good thing , but the proof will be in the pudding.
Ultimately, while the Senate Judiciary Committee hearing offered worrying posturing on the necessity of backdoors, we're hopeful that Congress will recognize what a dangerous idea legislation would be in this area.
Comment: Open Rights Group joins international outcry over UK government calls to access private messages
11th December 2019. See
article from openrightsgroup.org
See
letter from openrightsgroup.org
Open Rights Group has joined dozens of other organizations signing an open letter to the UK government to express significant concerns raised by their recent statements against encryption.
The UK Home Secretary, Priti Patel,
has joined her US counterparts in demanding weaker encryption and asking i nternet companies to design digital back doors into their messaging services. The UK government suggests stronger capabilities to monitor private messages will aid inf fighting
terrorism and child abuse. ORG disagrees, arguing that alternative approaches must be used as the proposed measures will weaken the security of every internet user.
ORG is concerned that this attack on encryption forms a pattern
of attacks on digital privacy and security by the UK government. Only last week leaked documents showed that the UK wants to give the US access to NHS records and other personal information, in a free flow of data between the two countries.
The open letter was also addressed to US and Australian authorities, and was coordinated by the US-based Open Technology Institute and was signed, among others, by Amnesty International, Article 19, Index on Censorship, Privacy
International and Reporters Without Borders.
Javier Ruiz Diaz, Policy Director for Open Rights Group, said:
The Home Secretary wants to be able to access our private messages in WhatsApp and
similar apps, demanding that companies remove the technical protections that keep out fraudsters and other criminals. This is wrong and will make the internet less safe. Surveillance measures should be targeted and not built into the apps used by
millions of people to talk to their friends and family.
Comment: Facebook has also responded to UK/US/Australian government calls for back doors
11th December 2019. See
article [pdf] from about.fb.com
As the Heads of WhatsApp and Messenger, we are writing in response to your public letter addressing our plans to strengthen private messaging for our customers. You have raised important issues that could impact the future of free societies in the
digital age and we are grateful for the opportunity to explain our view.
We all want people to have the ability to communicate privately and safely, without harm or abuse from hackers, criminals or repressive regimes. Every day,
billions of people around the world use encrypted messages to stay in touch with their family and friends, run their small businesses, and advocate for important causes. In these messages they share private information that they only want the person they
message to see. And it is the fact that these messages are encrypted that forms the first line of defense, as it keeps them safe from cyber attacks and protected from falling into the hands of criminals. The core principle behind end-to-end encryption is
that only the sender and recipient of a message have the keys to unlock and read what is sent. No one can intercept and read these messages - not us, not governments, not hackers or criminals.
We believe that people have a right
to expect this level of security, wherever they live. As a company that supports 2.7 billion users around the world, it is our responsibility to use the very best technology available to protect their privacy. Encrypted messaging is the leading form of
online communication and the vast majority of the billions of online messages that are sent daily, including on WhatsApp, iMessage, and Signal, are already protected with end-to-end encryption.
Cybersecurity experts have
repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere. The backdoor access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for
them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm. It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it. People's private messages would be less
secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.