Both the Federal Senate Judiciary Committee and the Senate Intelligence Committee heard today from FBI Director James Comey, and from Deputy Attorney General Sally Quillian Yates, that they need a backdoor (or a “front door”, as Comey calls it) that allows them to decrypt encrypted email and messages in order to fight terrorism.
Companies that offer email and messaging services with encryption generally have no way themselves to decrypt their customers encrypted data. For example, starting with Apple’s latest iOS, iOS 8, says Apple:
For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.
Google has announced that it will be rolling out something similar.
What this means is that nobody will be able to access the encrypted data other than the user themselves, and anyone to whom they grant access.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Now this, generally speaking, is what you, as a user, want from your encryption.
But the problem with this from a law enforcement perspective is that it means that there is no way – even with a warrant (which generally means that you have proven to a judge that there is a need) – to gain access to those messages. Because even with a warrant, the company (such as Apple) has no way to decrypt the messages. It’s not that they don’t want to – it’s that they can’t.
So this is why Comey and Yates are in front of the Senate committees, asking for tech companies to please build a backdoor into their encryption schemes, so that if they come with a warrant, they can read the messages of the bad guys.
Comey notes ISIS is already using apps that offer end-to-end encryption, such as WhatsApp, and that without a way to decrypt these messages it’s a serious issue in the effort to keep our homelands secure.
For instance, points out Comey, the ISIS Twitter account has more than 21,000 English-speaking followers, and that when a follower seems a likely recruit, they are given directions to move to an encrypted mobile messaging app.
However both the tech community, and many lawmakers, point out that creating a backdoor to encryption means that there is a door, a door which hackers and bad guys can also exploit.
In fact, during the testimony, Senator Leahy of Vermont noted that “creating special access for law enforcement would still introduce into the digital space significant security weaknesses at a time when we need the strongest possible cybersecurity.”
In response to the Feds requesting backdoor access – or as some call it “exceptional access” – a group of computer scientists and cybersecurity experts including no less than Whit Diffie have published a document entitled Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, outlining the near impossibility of creating exceptional access which won’t be exploitable by someone, somewhere. The summary explains:
As computer scientists with extensive security and systems experience, we believe that law enforcement has failed to account for the risks inherent in exceptional access systems. Based on our considerable expertise in real-world applications, we know that such risks lurk in the technical details. In this report we examine whether it is technically and operationally feasible to meet law enforcement’s call for exceptional access without causing large-scale security vulnerabilities. We take no issue here with law enforcement’s desire to execute lawful surveillance orders when they meet the requirements of human rights and the rule of law. Our strong recommendation is that anyone proposing regulations should first present concrete technical requirements, which industry, academics, and the public can analyze for technical weaknesses and for hidden costs.”
As the authors point out, this isn’t their first rodeo – some of you may recall essentially the same debate over the proposed Clipper Chip – a debate on encryption and decryption for government need which happened nearly 20 years ago, and which ended with the Clipper Chip proposals dying on the vine.
But, says Comey, there has to be some solution, somehow, that allows law enforcement agencies to access those conversations between, for example, ISIS and Americans who are being radicalized and are involved in plots to do harm, even on U.S. soil.
Says Comey, in a post this week on the Lawfare blog, “When the government’s ability—with appropriate predication and court oversight—to see an individual’s stuff goes away, it will affect public safety. That tension is vividly illustrated by the current ISIL threat, which involves ISIL operators in Syria recruiting and tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment.”
Clearly these are weighty issues, and there is no easy solution.
You can see video of the full testimony before the committees here on the Judiciary committee website.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.