18 May 2017

I Side With the 'Bad Guys' on Encryption

By Stephen L. Carter 

One of the more intriguing pearls in FBI Director James Comey’s testimony before the Senate Judiciary Committee last week was his disclosure that the Bureau has been unable to penetrate the encryption on about half of the 6,000 cell phones seized in the course of various investigations between October and March. To Comey and the senators, this was plainly a problem. I will confess that my own feelings are more mixed.

Let’s start at the top. Criminals and terrorists use cell phones. A lot. Those cell phones contain a trove of information: calls made and received, text messages, lists of contacts. But law enforcement is finding it harder and harder to penetrate the encryption that protects the privacy of ordinary users and bad guys alike.

Khalid Masood, who killed five people and injured 50 in a terror attack in London in March, used WhatsApp to send a message from his cell phone just before his rampage began. The appeal of WhatsApp is its end-to-end encryption of whatever you send, encryption even the company cannot break. Initially, law enforcement worried publicly about being unable to read Masood’s final message or discover the recipient. Some weeks later, the message was somehow retrieved. The means used have not been disclosed, but there has been speculation that the authorities never broke the encryption but instead somehow obtained Masood’s password.

But WhatsApp itself -- the company is owned by Facebook -- has remained adamant that it will not install a backdoor allowing law enforcement agencies a way in. Were the company to yield on this point, its business model would collapse. The reason a billion people use the app is that they believe that nobody can eavesdrop on them.

To be sure, law enforcement has been complaining bitterly for some while now about its inability to break the encryption that is now almost a standard feature on much of social media and cell phones. Comey himself has argued for years that modern techniques for masking messages from unwanted readers has allowed terror groups to go dark. Law enforcement officials from around the world have demanded that tech companies build backdoors into their encryption software to enable authorities to gain access, provided a court issues a warrant. Privacy advocates are horrified.

Although I sympathize with the needs of law enforcement, I fear that my libertarian soul sides with the bad guys on this one.

By “bad guys,” I mean us -- people -- individuals -- who are not happy at the thought of governments snooping around our private lives. When the head of the FBI says to the tech companies, “Please help us,” he is in effect saying to ordinary users, “Please trust us.” And that’s where the problem lies. Little in recent history -- or, for that matter, not-so-recent history -- offers any particular reason to believe that government officials, once granted a power, will use it sparingly.

Moreover, a warrant requirement offers little protection. The courts rarely say no, and recent administrations, including those of President Donald Trump’s two predecessors, have found ways to get around judicial scrutiny. Nor has Trump himself given the impression that his use of such powers would be sparing. But even if we imagine a government run entirely by angels, we live at a time when intelligence agencies can hardly protect their own secrets, including their hacking tools. If the tech companies yield to official pressure and begin to build backdoors into their encryption, how long will it be until the details show up on WikiLeaks, and the actual methods are being bartered in various corners of the Dark Web?

Actually, the Dark Web is used these days by journalists, who try to evade the vast networks of official surveillance by offering sources the ability to remain anonymous while sending encrypted communications via SecureDrop. SecureDrop uses the Tor network of hidden servers to allow sources and reporters who never meet to exchange untappable messages. Among the many news outlets that have signed on are the Washington Post, the New York Times, and the New Yorker.

Now suppose that the U.S. government demanded that a backdoor be built into SecureDrop. After all, in the view of law enforcement, to disclose classified information to the news media is a crime. Under the Obama administration, more leakers were prosecuted for espionage -- espionage! -- than in all prior administrations combined.1

Clear thinking from leading voices in business, economics, politics, foreign affairs, culture, and more.

Why, then, are my feelings mixed? Because what Comey says is also likely true. The easy availability of state-of-the-art encryption does make the job of law enforcement more difficult. Terrorists would have to be very foolish indeed not to take advantage of the secure communications that modern technology makes available. In a word of reasoned and reasonable conversations, we might have an actual public conversation about how to strike the balance. But in a world where the model for public argument is the partisan screed, I fear I have to vote against trusting the good guys. That’s a painful line to write. It’s also where we are.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners. 

The Obama administration, in its zeal to crack down on leaks, ran what may have been the most extensive surveillance operation against the press since the Watergate era.

No comments: