The broken record: Why Barr’s call against end-to-end encryption is nuts – Daily Stock Dish

Posted on by

/ The US, UK, and Australia want Facebook to hold off on end-to-end encrypting Messenger until they have a way to inject themselves into the conversation. picture alliance / Getty Images

Here we go again.

US Attorney General William Barr is leading a charge to press Facebook and other Internet services to terminate end-to-end encryption effortsthis time in the name of fighting child pornography. Barr, acting Secretary of Homeland Security Kevin McAleenan, Australian Home Affairs Minister Peter Dutton, and United Kingdom Secretary of State Priti Patel yesterday asked Facebook CEO Mark Zuckerberg to hold off on plans to implement end-to-end encryption across all Facebook Messenger services without including a means for lawful access to the content of communications to protect our citizens.

The open letter comes months after Barr that warrant-proof cryptography is extinguishing the ability of law enforcement to obtain evidence essential to detecting and investigating crimes and allowing criminals to operate with impunity, hiding their activities under an impenetrable cloak of secrecy. The new message echoes , which stated:

it is imperative that all sectors of the digital industry including Internet Service Providers, device manufacturers and others to continue to consider the impacts to the safety of children, including those who are at risk of exploitation, when developing their systems and services. In particular, encryption must not be allowed to conceal or facilitate the exploitation of children.

Facebook has played a significant policing role on social media, providing reports of child abuse imagery and attempts by offenders to groom children online to the National Center for Missing and Exploited Children (NCMEC) in 2018, for instance. And there is no doubt the child pornography problem has exploded in recent years. A revealed that the number of images of sexual abuse of children has been growing exponentially over the past two decades, with investigators flagging over 45 million images and videos last year. Facebooks reports were 90 percent of the 18.4 million cases reported to NCMEC in 2018a number double that of 2017 and 18 times greater than the number reported in 2014.

Barr and his cohorts noted that NCMCE estimates that 70% of Facebooks reporting12 million reports globally for content related tochild sexual exploitation and terrorism would be lost if all Messenger traffic is protected by end-to-end encryption and Facebook cannot screen the content through its safety systems. This would significantly increase the risk of child sexual exploitation or other serious harms, Barr and the others claimed.

The letter also broadened its message beyond Facebook to the entire tech industry, stating:

We therefore call on Facebook and other companies to take the following steps:

There are some major problems with this plan. First, backdoored encryption is fragile at best and likely to be quickly broken. Second, encryption is available in enough forms already that blocking its use by major service providers wont stop criminals from encrypting their messages. If secure encryption is a crime, only criminals will have secure encryptionand it will be really easy to be a criminal, since all it takes is a download or some simple mathematics.

Much of the reasoning behind the need to prevent end-to-end encryption by defaultan argument used when Apple introduced it as part of iMessage and repeated multiple times sinceis that criminals are inherently stupid, and giving them protection by default protects them from being stupid and not using encryption.

Facebook has offered end-to-end encryption as an option for Messenger conversations for years now, and it offers the service as part of WhatsApp as well. But because encryption requires an extra (and non-intuitive) step to turn it on for Messenger, most people dont use itapparently even criminals sending messages they think arent under surveillance. Its like the effect in that casethe belief is that criminals and its concealing them from being observed.

The problem is not all criminals are idiots. And while Facebook may have contributed massively to the reporting of child pornography in recent years, there are other services that even the idiots could move to if it becomes apparent that theyre not out of sight. Take Telegram, for instancewhere much of 8chan moved to after the site lost its hostingor WhatsApp or Signal, which provide end-to-end voice and messaging encryption. On top of those, there are a host of dark Web and deep Web places where criminals, including those exploiting children, operate.

Based on conversations Ive had with researchers and people in law enforcement, there is a significant amount of tradecraft related to these types of crimes floating around in forums. Not all of it is very good, and people get caughtnot because they didnt have end-to-end encryption but because they used it with the wrong person.

Four years ago, when the focus was on catching terrorists instead of child pornographers, then-FBI Director James Comey decried the cynicism toward government spying and insisted that mathematicians and computer scientists to create encryption with a golden key for law enforcement and intelligence organizations. But as I pointed out then, all you have to do is look at to understand why a government-mandated backdoor would be risky at best. As Whitfield Diffie (half of the pair who brought us the Diffie-Hellman Protocol for encryption key exchange) put it in 1993 when warning against implementing key escrow and the Clipper Chip:

To reinforce these points, a group of leading computer science and cryptography researchersincluding some who actually broke the Clipper Chips key escrow scheme in 1997 warning yet again against government backdoors in encryption. These researchers noted they could create vulnerabilities in systems exploitable by people other than warrant-bearing, lawful searchers:

The complexity of todays Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard-to-detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult questions about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

The math and science of encryption has not stopped government from trying to change the rules, however. While Barr lacks the legal backing to force Facebook or other companies to comply with his demand, other members of the Five Eyes are pressing their fight against encryption with legal teeth.

Last December, Australia passed a law that , dictating that service and application providers must be able to provide access on demand to individuals messages. While a similar effort four years ago in the United Kingdom failed, the UK has mandated Web blocking technologies to fight child pornography and other content-oriented crimesand the country could conceivably extend that blocking to companies that provide encrypted communications seen as a means for trafficking child exploitation.

In many ways, the arguments about end-to-end encryption seem mootconsidering that law enforcement and intelligence organizations already have so many other ways to watch for illicit activities and target suspects. DNS traffic, targeted warrants, and other legal vehicles to gain access to accounts (as with the still-active PRISM program), the targeting of hidden services on Tor (as with the), and end-point hacking all give officials a lot to work with without having to break the rest of the Internet in the process.

While fighting child exploitation, terrorism, or any other fundamental evil is vitally important, the risks posed by banning encrypted communications between citizens, customers and businesses, journalists and sources, whistleblowers and lawyers, and every other legal pairing of entities who may have some need to communicate in confidence are too high to justify mandating an untenable, universal, extraordinary level of access for government to communications.

Every US presidential administration for the past 50 years has demonstrated in some way why we should be concerned about abuse of surveillance powers. And we know from just how expansive those powers have grown. Thats part of the reason that Internet services have moved so decisively toward providing end-to-end encryption and removing themselves from the surveillance apparatus.

See more here:
The broken record: Why Barr's call against end-to-end encryption is nuts - Daily Stock Dish

Related Posts
This entry was posted in $1$s. Bookmark the permalink.