Following in the footsteps of former FBI Director James Comey and other top law enforcement officials, Attorney General William Barr is taking a swing at the growing prevalence of encryption across the digital landscape, with a particular renewed focus on the rising number of communications apps that are offering end-to-end encryption. On Thursday, the Justice Department published an open letter to Facebook CEO Mark Zuckerberg asking the social media giant not to proceed with its end-to-end encryption for its messaging services without providing law enforcement court-authorized access to the content of communications.
The letter, signed by the Attorney General, United Kingdom Home Secretary Priti Patel, Australia’s Minister for Home Affairs Peter Dutton, and Acting Homeland Security Secretary Kevin McAleenan, came on the same day the U.S. and UK governments entered into the world’s first ever CLOUD Act Agreement. The agreement, according to the Justice Department, “will allow American and British law enforcement agencies, with appropriate authorization, to demand electronic data regarding serious crime.”
The Justice Department argues that current legal assistance between the two countries when it comes to gaining access to private electronic data can take up to two years, an interval that the new agreement hopes to shorten while also “protecting privacy and enhancing civil liberties.” The new US-UK Bilateral Data Access Agreement aims to “speed up investigations by removing legal barriers to timely and effective collection of electronic evidence” by allowing law enforcement, when armed with appropriate court authorization, to “go directly to tech companies based in the other country to access electronic data, rather than going through governments.”
Tech companies, including Facebook and digital rights advocates alike expressed alarm over these developments. Regarding the demand that Facebook forego its encryption effort, which was, ironically, sparked in part by government and consumer pressure on Facebook to better protect users’ privacy, digital rights and privacy group EFF said, "this is a staggering attempt to undermine the security and privacy of communications tools used by billions of people. Facebook should not comply.”
Facebook itself decried the governments’ latest moves to undercut encryption. “End-to-end encryption already protects the messages of over a billion people every day,” the company said in a statement. “We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”
Coming in the front door
To give its renewed anti-encryption push more momentum, the Justice Department on Friday held what it called a Summit on Lawful Access, gathering state and federal law enforcement officials with experts on the distribution of child pornography to make the emotional, if not technological, case that tech companies should open up their encryption schemes to police investigating crimes. Kicking off the Summit, FBI Director Christopher Wray disputed the widely held opinion among cryptographers and cybersecurity specialists that building a backdoor into encrypted communications will weaken cybersecurity overall.
“I will tell you I get more than a little frustrated when people keep trying to suggest that we're somehow trying to weaken encryption or weaken cybersecurity more broadly. We're doing no such thing,” Wray said. “We also have no interest in any backdoor. The FBI and our state local law enforcement partners, we go through the front door with a warrant from a neutral judge only after we've met the requirements of the Fourth Amendment.”
Wray, like all of the speakers at the Summit, maintains that end-to-end encryption allows criminals to flourish under the anonymity that encryption provides. “I can tell you that police chief after police chief, sheriff after sheriff, our closest foreign partners and other key professionals are raising this issue with growing concern and urgency,” he said. “They keep telling us that their work is too often blocked by encryption schemes that don't provide for lawful access. So, while we're big believers in privacy and security, we also have a duty to protect the American people.”
As private as your living room
During a keynote address at the Summit, Attorney General Barr briefly acknowledged the benefits of encryption but mostly made the case for why tech companies are on the wrong track when they insist that encryption makes society as a whole much safer. “As individuals and as a nation, we have become dependent on a vast digital infrastructure that in turn has made us vulnerable to cyber criminals and foreign adversaries that target them,” he said.
“Infrastructure encryption provides enormous benefits to society by enabling secure communications, data storage and online transactions. But as we work to secure our data and our communications from hackers, we must recognize that our citizens face a far broader array of threats,” Barr said. “Hackers are a danger, but so are violent criminals, terrorists, drug traffickers, human traffickers, fraudsters and sexual predators.”
Barr also challenged the privacy notions of civil libertarians such as EFF who advocate for end-to-end encryption as a privacy safeguard. “Do we want to live in a society where everyone is invisible?” he asked. The Fourth Amendment, he argued, “establishes that under certain circumstances the public has a legitimate need to gain access to an individual’s zone of privacy in pursuit of public safety.”
Barr took a swipe at EFF for saying that a secure message platform should provide the same amount of privacy as you have in your living room. “That's right,” he said. “We agree. That's exactly what law enforcement is seeking. As you should all know, with a warrant law enforcement can get access to your living room, both physically and virtually, where there is probable cause to do so.”
Looking to the next phase
Australia’s Peter Dutton talked about his country’s controversial anti-encryption legislation passed late last year designed to force tech companies to provide police and security agencies with access to encrypted messages. “There is a lot more that we need to do within the space, but it allows, where it's technically possible, for a company to provide on a voluntary basis to give that assistance to the investigators.”
Dutton believes, however, that tech companies haven’t done enough to cooperate with law enforcement. “I do think that we have played this game and conducted this dance with the companies for far too long. We need to now understand in the next phase how the companies are going to address it and if not, how we're going to legislate for them to address it.”
The UK has its own version of controversial anti-encryption legislation, the Investigatory Powers Act, otherwise known as the Snooper’s Charter. Under this Act, companies can be asked to break encryption they provide to their users but only if they have applied it themselves and it is practical to do so. The UK’s Priti Patel, however, doesn’t think the Act goes far enough.
“As with any act of parliament or legislation, that alone is not the answer,” she said. One solution for Patel is the kind of pact the UK just signed with the U.S. “The right level of data sharing, working at the right kind of way through international parameters, through legal frameworks. That is where we could move the needle and make a difference.”