The encryption debate flared up this week when US Attorney General William Barr gave a speech in New York on Tuesday. Although the cast of characters is new, Barr’s arguments echoed the same points Justice Department officials have been making for years: The government needs access to encrypted data, he says, or else devices are “law-free zones” that hinder law enforcement officers.
US Attorneys Geoffrey Berman and Richard P. Donoghue took the stage on Wednesday to back up Barr and pointedly criticize Silicon Valley tech giants.
“These companies are marketing—they deny they’re marketing, but they are marketing—that they deny access to law enforcement,” Donoghue said. “They should be held accountable.”
Following Barr, Berman called on Congress to write and pass legislation mandating lawful access to encrypted data.
“We’re not talking about a backdoor,” Berman said. “We’re talking about cooperation from these companies that allows us court-ordered access when we need it.”
No one can deny that Silicon Valley is engaging in marketing. Apple is running a global commercial campaign spotlighting its iPhone’s privacy bona fides. The Justice Department is fighting a big marketing battle as well. Despite the prosecutors’ points, backdoors and court-ordered access are two names for the same thing: the end of strong, unbreakable encryption.
“There is no safe backdoor solution on the table,” cryptographer Matthew Green said in response to Barr’s comments. “Barr and the Trump administration have nothing new to offer here except for a creatively terrifying interpretation of the Fourth Amendment and a desire to minimize risks.”
Barr’s remarks are the Trump administration’s most forceful comments on the encryption debate, but it’s not clear what if anything will come of them. Some of the speech seemed tailor-made for Trump, including remarks about foreign terrorists and drug cartels using encrypted messaging apps to plan assassinations.
Sitting on stage next to the American prosecutors, German prosecutor Markus Hartmann disagreed with his US counterparts, saying that criminals and terrorists “will simply just turn to different services” if a country like the US passes a law to bypass encryption.
“What can be done to prevent anybody to use some foreign service that is not following the law by US, Germany, France, Europe, whatever?” Hartmann said. “It comes down to going to GitHub, downloading an open-source encryption library, and setting up an end-to-end encrypted chat system within a few hours. The issue of dealing with encryption is broader than providing lawful access. The current situation provides us with a treasure trove of metadata, and there is much room as law enforcement agencies of improving the way we deal with that. The strategy to fight encryption should be more than just asking companies to provide lawful access.”
Barr’s call for government access to encrypted data provoked a wave of criticism from privacy advocates, technologists, and even former National Security Agency director Michael Hayden, who tweeted that he disagreed with Barr when the AG said Americans should accept the pronounced cybersecurity risks inherent in building special government access into encrypted data.
The encryption debate extends back decades in the United States. It’s been especially relevant in the last five years. In 2015, the FBI and Apple engaged in a headline-grabbing legal battle as the federal government tried and failed to force Apple to crack its own encryption in order to gain access to the encrypted iPhone of San Bernardino terrorist Syed Farook.
Apple did not give the FBI access, but the FBI gained it anyway through third-party tools. Selling tools that give law enforcement access to encrypted phones has become an increasingly profitable industry for companies like Cellebrite and GrayKey.
During his speech, Barr did not mention the suite of tools sold to governments around the world and in the US for the purpose of breaking into encrypted devices like phones, computers, and cars. It was a major omission in the conversation around government access.
One of the primary technical problems with demanding a “key” or “backdoor” allowing government access to encrypted data is, many cybersecurity and cryptography experts say, that it would ultimately make every user less secure.
“Barr today raised a tired, debunked plan to blow a hole in one of the most important security features protecting Americans’ digital lives,” Democratic senator Ron Wyden said on Tuesday. “Mr. Barr is trying to undermine strong encryption and require government backdoors into Americans’ personal devices.”