Attorney General Barr rehashes failed arguments in the encryption debate

By Robert Gilway
|
November 21, 2019
| No Comments

With encryption, it’s as Yogi Berra stated, “déjà vu all over again.” Earlier this year, Attorney General William Barr signaled that the Department of Justice (DOJ) would renew its push to force tech companies to create back doors in their encryption for law enforcement use. Taking a stance against strong encryption, Barr described as “illegitimate” companies creating encrypted products to which “law enforcement will not be able to gain lawful access.” Contra Barr, the reality is that strong encryption is crucial to both Americans’ personal security and US national security.

US Attorney General William Barr speaks with Senator Chuck Grassley (R-IA) at the White House
US Attorney General William Barr speaks with Senator Chuck Grassley (R-IA) at the White House in Washington, DC, November 6, 2019 – via REUTERS

This latest battle over encryption is not the first. While today Barr and others cite child safety as the impetus for including built-in flaws in encryption products, in 2015, the FBI attempted to force Apple to break the encryption on one of the San Bernardino terrorists’ iPhones. The debate has become more acrimonious in its latest iteration — compare Barr’s attack on illegitimate encryption to former FBI Director James Comey’s concession that he and his opponents “share[d] the same values.” The fight over whether consumers should have access to encryption dates back to the 1990s, when the government stopped classifying cryptographic software as “munitions” subject to strict regulation.

One episode of the ‘90s encryption debate is particularly instructive to today’s debate. In 1993, the National Security Agency (NSA) unveiled its Clipper chip, a computer chip that the agency argued would provide safe encryption of phone calls while giving the government a back door: the ability to decrypt calls when deemed necessary. Within a year, major flaws were found in the chip’s security, and the plan was abandoned. The Clipper chip incident exemplifies the risk of attempting to mandate back doors in encryption: Any intentional flaw in the security of an encrypted product will inevitably allow unintended access.

Barr seems to believe that this time it’s different and that a technical solution is feasible. In his July speech, he said:

Our tech sector has the ingenuity to develop effective ways to provide secure encryption while also providing secure legal access. . . . It is well past time for some in the tech community to abandon the indefensible posture that a technical solution is not worth exploring.

Unfortunately for Barr, cybersecurity experts don’t share this rosy view. In 2015, a group of security experts at the Massachusetts Institute of Technology prepared a report evaluating the state of encryption technology. The title “Keys under doormats: Mandating insecurity by requiring government access to all data and communications,” gives a sense of their conclusion. The experts point to three major problems with proposals for “exceptional access,” or government-mandated back doors, to encrypted communications:

  • If any person or organization accessed the government’s “private key” — its tool for decrypting communications — “all data ever secured with this public key is immediately compromised.”
  • Providing a key to the government would, beyond compromising confidentiality, undermine authentication: “The message recipient is no longer provided with technical assurance of the communication’s integrity; disclosure of the key allows the third party . . . to forge traffic to the recipient and make it look as if it is coming from the original sender.”
  • Introducing a back door for the US government raises a host of thorny jurisdictional issues: “Would German and French . . . organizations be willing to use systems that gave the US government access to their data?” When considering communications between the US and less-friendly countries such as Russia or China, this problem becomes even more worrisome.

The report’s authors conclude that government-mandated back doors “will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict.”

In the four years since that report was produced, the technological challenges have not changed. Furthermore, top national security voices including Michael Hayden (former CIA and NSA director), Mike McConnell (former NSA director and director of national intelligence), Michael Chertoff (former homeland security secretary), and William Lynn (former deputy defense secretary) have all come out in favor of strong encryption since 2015. Yet that hasn’t prevented Barr from backing up his strong words with an aggressive stance toward tech companies. The DOJ has pressured Facebook to delay its plans to encrypt its messaging services, and Barr has implied that if companies do not comply voluntarily, he would support a legislative solution.

The cybersecurity experts have it right: Strong encryption is integral to the internet age. Over 138 million Americans use Facebook Messenger alone, and encrypted messaging allows whistleblowers, activists, and persecuted people around the world to communicate safely. Undermining this important tool will open millions to harm, and the government should end its campaign to mandate backdoors to encrypted products.

Learn more: Who’s afraid of TikTok — and why? | The FBI overstated the ‘going dark’ problem, and the facts on encryption remain the same

The post Attorney General Barr rehashes failed arguments in the encryption debate appeared first on American Enterprise Institute – AEI.

Housing Finance, Housing Policy