Encrypted communication continues to be a thorn in the side of the US and other authorities, who persist in openly campaigning in favor of incorporating backdoors into the technology.
End-to-end encryption ensures that only the sender and the intended recipient of a message or other data has access to it. Meanwhile, the idea to build in backdoors would allow others, including governments and other actors, to gain access to this data.
We recently reported that Trump administration was considering mandating encryption backdoors and today it seems official.
The US government, Attorney General William Barr said in a speech on Tuesday, wants the ability to break the encryption on consumer devices – when this is mandated by a warrant.
But tech companies that are supposed to do this, and security experts alike, have long been warning that there is no known way to weaken encryption without allowing “bad actors” to also find, and then exploit such purposefully built-in vulnerability.
Barr said the situation where some devices and services offered their users impenetrable encryption, leaving police and security agencies unable to crack them, was “untenable.”
FBI director Christopher Wray last year revealed that “the number of devices it couldn't gain access to was less than a quarter of the claimed 7,800 phones and tablets.” This suggests that the actual scale of the problem faced by law enforcement agencies because of encryption might not be significant.
Nevertheless, Barr believes this is an important problem in the fight against all sorts of serious crimes. He also reportedly suggested that ordinary citizens should make peace with the idea that their devices might become collateral damage – in case hackers other than those employed by the government exploit the proposed encryption backdoor.
After all, at risk would be consumer products and services “such as messaging, smartphones, e-mail, and voice and data applications” and not “nuclear launch codes” he suggested, according to the article.
Although Barr is just the latest in a long line of US attorney generals to push for breaking encryption for everyone in the name of making the job of the law enforcement easier – one senator from the ranks of the Democrats seems to want to make this a Trump administration issue.
Ron Wyden spoke against giving “this attorney general and this president” the power to “burrow into the most intimate details of every American's life” – because, according to him, “they will abuse those powers.”
In reality, the debate about what to do with encryption has been ongoing for decades – and if Edward Snowden's 2013 revelations are anything to go by – any attorney general and any president is as likely as the other to abuse their power when it comes to government overreach.
However, Wyden also repeated something security experts have been warning about for a long time: that weakening encryption for Americans would make them more vulnerable to attack from the outside, while the rest of the world would go on with protecting its interests and data with full encryption.
Never before have I been so certain that the administration in power would KNOWINGLY abuse the massive power of government surveillance. Their record shows they do not feel constrained by the law. They have not been bound by legal or moral precedents.
— Ron Wyden (@RonWyden) July 23, 2019
The War on Encryption
Perhaps not quite all of the rest of the world. The UK announced in early 2019 it was hoping to convince tech giants to build “the ghost protocol” into their encrypted apps and services.
The ghost protocol would allow agencies to spy on conversations by joining them unobserved as “ghost users”- but Apple, Google, Microsoft, and Facebook's WhatsApp reportedly refused to cooperate.
In 2017, proposals were floated in the EU to introduce encryption backdoors – but this has not yet happened.
Then there's the case of Australia, which once again led the way in the western world is undermining citizens' privacy and data safety by passing its “encryption busting laws” in 2018. The country's parliament is now reviewing the legislation, that legal experts say clashes with EU and US privacy rules.
According to the report, tech companies warned last week that Australia could suffer economically and be left out of bilateral trade deals with the US.
And the controversial Assistance and Access Act was also “difficult to reconcile” with EU's General Data Protection Regulation (GDPR), the report said, citing the Law Council of Australia's representatives testifying before a parliamentary committee.
Australian Government contractor Vault Cloud is telling the committee that the encryption-breaking law is impacting the Australian economy as foreign companies are starting to avoid it.
“We have seen multinationals ‘blacklist' Australia as a place to store data and, in some cases, that same company continues operations in China and Russia,” said Rupert Taylor-Price, Vault Cloud's CEO.