“William Barr is an idiot.” Not my words, but I wholeheartedly agree the view recently expressed about our attorney general. However, I am glad that others see just how dangerous the leaders of this country are at this time.
The person who called him this was Max Eddy, a senior security analyst at infosec.exchange. He sees the danger in Barr’s ridiculous insistence that backdoors be added to encrypted communication systems, consequences be damned.
He is not alone. Barr’s lack of understanding of critical security in communications systems is in line with a handful of Republican senators and past heads of government security agencies; former FBI Director James Comey; the current Director, Christopher Wray; and former Attorney General Loretta Lynch, have all beaten the drum about wanting back doors to undermine end-to-end encryption.
I have written about backdoors often, even penned a paper on it. So, I will not go into that here. What I will go into is the latest related track of attacks on end-to-end encryption.
Three of today’s most dangerous congresspersons, all Republicans, of course, Lindsey Graham, Tom Cotton and Marsha Blackburn, (I’m surprised Mitch McConnel is not in on this) who say encryption is hindering U.S. law enforcement from catching criminals and terrorists – OMG, they want vendors to install a backdoor that can be used to circumvent end-to-end encryption!
The idiotic statements coming out of the Senate only show just how ignorant they are about so many things, security being only one of them. They are so worried about not having Russia-like control over the masses that they have lost touch with reality.
This started back, in earnest, when the flap between the FBI and Apple emerged over Apple’s refusal to unlock the phone of the terrorist who was involved in the 2015 mass shooting in San Bernardino, California. Syed Farook and Tashfeen Malik, his wife, shot up a regional center during a holiday party.
The FBI later found Farook’s iPhone and wanted to search it for information on the terrorist attack. That led to the FBI demanding that Apple unlock the device because the agency said it could not do it on its own.
Apple stood its ground and said they could not unlock the phone. Whether they could or could not is immaterial. For the record, I was in favor of accommodating the FBI’s request. However, that was then, this is now.
In retrospect, with the communistic mentality of the present administration, I am glad it went that way, then. Eventually, an Israeli company was given the task to compromise the terrorist’s iPhone and they were able to retrieve the data.
What kills me is that the government will not let this go. Most intelligent people should understand that such data, if critical to a criminal investigation, should be accessible. Just like camera video and audio. However, using Gestapo-like tactics to weaken such encryption used by Apple, Facebook, and others is not the right way to do it. And with a backdoor that anybody can access with the right code.
That is why such end-to-end encryption is designed the way it is – to protect the consumer from anyone, including the government. If properly implemented even the provider of the hardware, or app, has no way to access the user information inside. The only one to be able to access the data is the owner.
This was set up this way for a reason. Does it make law enforcements job a bit more challenging? Of course, it does. It should not be easy for anyone, including law enforcement, to retrieve personal data. That is the purpose of end-to-end encryption.
It is a bit of a double-edged sword, however. There is certainly legitimacy in having law enforcement being able to acquire data that is used in illegal activities. But again, if you give the government an inch and they take a mile – especially the present government.
Hardly surprising, given the vehemence of this government to erode personal rights, some in Congress are trying to pass legislation to circumvent the privacy laws – again. And, as to be expected it is the Republicans – again.
This particular gang of three has introduced what they call the Lawful Access to Encrypted Data Act. The bill is being spun as a way to bolster national security interests by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior (and the rest of us, but they do not differentiate between us and the bad actors nor define the conditions that determine this).
Gotcha! This is a carte-blanch act that says once law enforcement has obtained the “necessary court authorizations” it requires tech companies to aid in obtaining such data – from anyone and any platform. Hmmm… I thought this is already the way it is. You want something, get a warrant. It has been that way for decades.
The same bill also gives the U.S. Attorney General the power to force U.S. technology companies into complying with the court order. For instance, the AG can demand the product provider supply a timeline of when access to the encrypted data will be available to federal investigators. Seems like Barr is determined to become the power Czar of this administration.
On the downside, the obvious cost would be user privacy. That cost is too high. We are already inundated with privacy breaches because there is no real legislation in place to protect us from, even the “good guys,” such as the FAAMG rat pack (Facebook, Apple, Amazon, Microsoft, and Google). In fact, it was just discovered that TikTok has been secretly spying on millions of iPhone users.
In order to give the government what it wants, it will open the floodgates to exactly the bad actors such encryption is intended to thwart – including our own government. We cannot assume that law enforcement will always act in the best interest of society. Administrations and laws will change, however, and what is protected today may be fair game tomorrow.
As well, even if, by the furthest stretch of one’s imagination, our government acts honorably, other governments do not. What is accessible by our government is, most certainly, accessible by other governments. They all have the same technology.
We also cannot assume that this bill and other actions will offer protections limiting access to the personal information of innocent individuals – something we know all too well from the National Security Agency’s massive spying operations in the past. Through both negligence and design, the NSA accessed much more information than it was supposed to have collected, including that of the U.S. citizens the agency is prohibited from spying on.
It is best said by Will Cathcart, of WhatsApp with this quote, “At a time when cyber threats from criminals, hackers and nation-states are on the rise, our nation’s leaders should not be calling on companies to weaken the encryption that allows us all to communicate privately and securely.”
Furthermore, the Electronic Privacy Information Center notes that these three republican musketeers are trying to weaken systems that are secure enough to keep government and law enforcement from using unauthorized access. Alan Butler, EPIC interim executive director, makes the point that one cannot have a backdoor accessible to government and law enforcement, exclusively. “That is not how encryption works,” he said. Well, duh! My point exactly with government ignorance around such topics.
In the end, the saddest thing is that even if all of this happens and now law enforcement can have access to any and all data in the name of security, there is little proof that such data will, all of a sudden, make us safer and stop bad actors. Crypto expert Klaus Schmeh did some back-of-the-napkin research and concluded that breaking encryption is not likely to yield better results for law enforcement.
So, it is time again to be afraid… very, very afraid.