Americans should have strong privacy-protecting encryption ...that the Feds and cops can break, say senators
I don't care if it's mathematically impossible, make it happen nerds!
In its latest attempt to come up with a digital encryption scheme that's both secure and not, the US Senate Judiciary Committee on Tuesday heard conflicting testimony from industry, academics, and law enforcement about whether encryption can simultaneously protect information and also reveal it on demand.
Committee Chairman Senator Lindsey Graham (R-SC) framed the issue as if longing for a cake he could both have and eat: "I think all of us want devices that protect our privacy. Having said that, no American should want a device that becomes a safe haven for criminality."
Senator Diane Feinstein (D-CA) recalled the December 2015 shooting attack in San Bernardino, California, that resulted in 14 deaths and 22 injuries. The shooter destroyed all of his phones except his work handset, an iPhone 5C, which was recovered at the scene by the FBI.
Apple declined to assist with an iOS rewrite because that doing so would undermine the encryption for all its customers. And the FBI ultimately paid a contractor an amount said to be about $900,000 to break into the device using an undisclosed software vulnerability, to find nothing of value.
That should never have happened, said Feinstein. "In American law there is no place that's immune from inquiry if criminality is involved," she said, without mentioning the various legal privileges that excuse people from forced testimony.
Cyrus Vance, Jr, District Attorney for New York City, in his testimony [PDF] made similar arguments about the need for lawful access to information on demand.
Either we can have user privacy or lawful access, but we can’t have both, they say. And they’ve been successful in propagating this message, even though it’s not true
"Apple and Google," he said, "have framed this issue as an either/or proposition. Either we can have user privacy or lawful access, but we can’t have both, they say. And they’ve been successful in propagating this message, even though it’s not true."
Yet Vance did not reveal how encryption might work only some of the time. Rather, he recalled the situation before 2014, when different security mechanisms on devices were readily removed.
In effect, he called for a return to the time before effective end-to-end encryption was widely available. His answer to functional encryption is its absence, which isn't the same thing as locks that open only for the "good guys."
Anticipating Apple's argument that "it is impossible to maintain keys to open one of their devices without creating a hole for crypto criminals themselves to gain access," Vance said the company has acknowledged that its pre-2014 phone unlocking process never led to a known security breach.
He neglected to cite examples of lawful access systems going wrong. As noted in a 2015 paper [PDF] addressing this issue – one US authorities keep trying to resolve to their satisfaction – a lawful access mechanism built into a telephone switch operated by Vodafone Greece allowed an unknown party to spy on 100 members of the Greek government, including the Prime Minister, Ministry of Defence, and Ministry of Justice, for 10 months in 2004 and 2005. And when Chinese hackers penetrated Google's Gmail system in 2010, they entered through a backdoor created to comply with US interception orders.
After implicitly advocating for a return to a time when end-to-end encryption was not widely available to consumers, Vance admitted, "I’m not a technologist, but I’m confident the problem can be solved by a company re-design as well."
Interpol: Strong encryption helps online predators. Build backdoorsREAD MORE
In short, his technically uninformed answer to encryption is not to have it. He wants a design rollback to a time when Apple held the keys to its products and could thus provide them on-demand, for better or worse.
Erik Neuenschwander, manager of user privacy at Apple, said [PDF] pretty much what Vance predicted: "We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in."
At the same time, he noted that over the past seven years Apple has responded to 127,000 requests from US law enforcement. Apple, he said, shares the goal of law enforcement to make the world a safer place and publishes guidance to help law enforcement understand the data it can make available.
Jay Sullivan, product management director for privacy and integrity in Messenger at Facebook, also defended the need to maintain effective encryption. "We can be certain that if we build a backdoor for the US government, other governments, including repressive and authoritarian regimes around the world, will demand access or try to gain it clandestinely, including to persecute dissidents, journalists, and their political opponents," he said [PDF].
He also dismissed the idea that implementing encryption undermines Facebook's commitment to cooperate with law enforcement demands. "For example, encryption will have no effect on our responses to lawful requests in providing metadata, including potentially critical location or account information," he said. "Nor will Facebook’s end-to-end encryption interfere with law enforcement’s ability to retrieve messages stored on a device."
In essence, the focus on encryption obscures other ways electronic information can be surveilled and obtained, through traditional wiretaps, zero-day vulnerabilities, and metadata, among other options.
Matt Tait, a cyber security fellow and professor at The University of Texas at Austin, elaborated on this line of argument, noting in his testimony [PDF] that "options exist for both conducting wiretaps and retaining 'cyber tips' without the need for altering or regulating end-to-end encryption."
In a Bloomberg op-ed on Tuesday, former NSA director Michael Hayden came to a similar conclusion, arguing that Congress should focus on strengthening digital security rather than pushing for law enforcement to have extraordinary access that "would needlessly increase the vulnerability of public and private actors to cyberattacks, without sufficiently addressing law enforcement’s needs."
If only Congress actually paid attention to such protestations. ®