This past weekend, the Department of Justice joined law enforcement from six other countries in issuing their hopes for the future of encryption.
The letter was signed by U.S. Attorney General William Barr and his counterparts from the United Kingdom, Australia, New Zealand and Canada, with support from India and Japan.
The group started things off in the right direction. The letter goes over just how critical encryption is to our rapidly developing society. They pointed to the crucial role it plays in protecting personal data, privacy, intellectual property, trade secrets and cyber security.
But its a lot deeper than credit card numbers. The letter went further into the impact that encryption has for those living under repressive regimes. Encryption is a life or death thing for a lot of journalists, human rights defenders and other marginalized vulnerable populations.
After setting this bar for how important encryption is to a high-tech society moving forward, the tone starts to change a bit. The letter takes on a new direction that starts by addressing the challenges encryption creates, particularly when it comes to protecting the safety of sexually exploited children.
We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content, the letter read. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions.
First off, the international consortium of law enforcement wants companies to embed the safety of the public in the systems they are designing. The letter argues this will enable companies to act against illegal content and activity effectively with no reduction to safety.
The two most direct ways to look at this is its either a clean-your-own-house reference with the idea of embedding a willingness in company cultures to take more intrusive steps to find offenders on their platforms, or its a demand for a backdoor. Their definition of embedding safety includes facilitating the investigations and prosecutions, so its a safe bet its leaning more toward the backdoor perspective.
The letter wants the tech industry to, Enable law enforcement access to content in a readable and usable format where an authorization is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight, and, Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions. The various law enforcement agencies want to be assured they are as deeply embedded in the development process as possible around the globe as encryption continues to develop.
Law enforcement argues that the companies have a responsibility to provide themselves a mechanism to protect the public and stated:
End-to-end encryption that precludes lawful access to the content of communications in any circumstances directly impacts these responsibilities, creating severe risks to public safety in two ways:
By severely undermining a companys own ability to identify and respond to violations of their terms of service. This includes responding to the most serious illegal content and activity on its platform, including child sexual exploitation and abuse, violent crime, terrorist propaganda and attack planning; and
By precluding the ability of law enforcement agencies to access content in limited circumstances where necessary and proportionate to investigate serious crimes and protect national security, where there is lawful authority to do so.
The letter said in light of the threats created by these secure communications, there is increasing consensus across governments and international institutions that something must be done. But they dont provide how these new backdoors might impact the journalists, human rights defenders and vulnerable populations.
While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online, the letter reads.
Law enforcement believe these mechanisms that would only give the few a window into peoples online lives wouldnt impact data protection or peoples privacy rights. Specifically saying, However, we challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.
The fundamental argument is about being able to maintain the level of data security since this whole letter is about encryption. How could you possibly do that if youre talking about building your window? That window in the structure in itself makes it less secure.
Think of a steel pole with two people talking to each other through it. But Billy wants to cut a hole in and listen. In the process of bringing Billys dream to life theres no way to keep the same integrity of privacy in the conversation. If someone walked up to Billys hole how would we know? Does Billy even know how to tell if someone is standing there next to him looking? The list of variables goes on.
We asked the American Civil Liberties Union for its take on the letter.
End-to-end encryption enables free speech no matter how the Department of Justice tries to spin its longstanding attempts to force technology companies to build government backdoors into our encrypted communications, theres a reason their arguments have been consistently rejected, Kate Oh, policy counsel with the ACLU, told L.A. Weekly.
Oh argues encryption is our strongest defense against repressive governments, hackers and organized crime.
Encryption also enables journalists, dissidents, whistleblowers and human-rights defenders to freely express themselves, organize and expose governmental abuse without fear of retribution, Oh said. Instead of trying to break encryption, which would compromise everybodys communications, the U.S. government should focus on using the substantial powers it already has to investigate crime and protect national security, within the bounds of our Constitution.
Karen Gullo, senior media relations specialist and analyst with the Electronic Frontier Foundation, told L.A. Weekly the plan is more of the same terrible ideas weve heard from the DOJ and the FBI about backdoors to encryption.
Neither agency is credible on this issue, Gullo said. They have a long track record of exaggeration and even false statements in support of their position. The AG has claimed that the tech sector will design a backdoor for law enforcement that will stand up to any unauthorized access, ignoring the broad technical and academic consensus in the field that this risk is unavoidable.
Gullo argues encryption mechanisms that would include law enforcement requests simply arent encryption. Encryption with special access for select entities is just broken encryption security backdoors for law enforcement will be used by oppressive regimes and criminal syndicates, putting everyones security at risk, she said.
Another point is why do we need to lower security around our all data if law enforcement is already finding ways to target the specific people using encryption tools like Tor for nefarious purposes? Last month, the DOJs Joint Criminal Opioid and Darknet Enforcement team joined Europol in a victory lap to announce the results of Operation DisrupTor. The action led to the seizure of 274 kilograms of drugs that included fentanyl, oxycodone, hydrocodone, methamphetamine, heroin, cocaine, ecstasy, MDMA, and medicine containing addictive substances in the United States. It was more than half of the global take on the operation.
The 21st century has ushered in a tidal wave of technological advances that have changed the way we live, said DEA Acting Administrator Timothy J. Shea at the time. But as technology has evolved, so too have the tactics of drug traffickers. Riding the wave of technological advances, criminals attempt to further hide their activities within the dark web through virtual private networks and tails, presenting new challenges to law enforcement in the enduring battle against illegal drugs. Operation DisrupTor demonstrates the ability of DEA and our partners to outpace these digital criminals in this ever-changing domain, by implementing innovative ways to identify traffickers attempting to operate anonymously and disrupt these criminal enterprises.
The DEA said Operation DisrupTor led to 121 arrests in the United States, two in Canada, 42 in Germany, eight in the Netherlands, four in the United Kingdom, three in Austria, and one in Sweden. Plus theyre still working to identify the individuals behind a number of dark web accounts.
This raises the question that if efforts are currently finding success in the age of encryption, why should we destabilize the security of all data period? The name Operation DisrupTor is a pun referencing the Tor operating system. The node-based secure anonymity network is popular with spies, activists, drug dealers and everyone in between on the wrong side of their local ruling classes around the world. The principle the system uses was developed by the United States Naval Research Laboratory, but Tor itself is open source.
These law enforcement entities are waving their victory flags across multiple time zones while theyre asking for more access to our secure data.
See original here:
ACLU and EFF Call DOJ's Encryption Dream a Nightmare - L.A. Weekly
- WhatsApp boosts end-to-end encryption - BusinessTech - September 17th, 2021
- WhatsApp to offer encryption on cloud backups: Heres all you need to know - India Today - September 17th, 2021
- London's Top Cop Says 'Big Tech,' Encryption Are Letting The Terrorists Win - Techdirt - September 17th, 2021
- Zoom unveils new security features including end-to-end encryption for Zoom Phone, verified identities and... - ZDNet - September 15th, 2021
- Insights on the Hardware Encryption Global Market to 2026 - by Algorithm & Standard, Architecture, Product, Application and Region - PRNewswire - September 15th, 2021
- Light Start: WhatsApp rolls out backup encryption, LG is more attractive, Google goes dark and iPhones only laak gud vaabs Stuff - Stuff Magazines - September 15th, 2021
- Revenant REvil. WhatsApp offers encryption. Hortum spyware in Turkey. Update on the UN data breach. Healthcare breaches disclosed. - The CyberWire - September 15th, 2021
- How a glitch in the Matrix led to apps potentially exposing encrypted chats - The Register - September 15th, 2021
- Secure cloud storage: which are the most secure providers? - ITProPortal - September 15th, 2021
- WhatsApp is finally allowing users to encrypt chat backups uploaded to iCloud and Google Drive - Buzz.ie - September 15th, 2021
- WhatsApp is adding encrypted backups - The Verge - September 11th, 2021
- What Is Fully Homomorphic Encryption (FHE)? - CIO Insight - September 11th, 2021
- WhatsApp end-to-end encrypted messages arent that private after all - Ars Technica - September 11th, 2021
- UK government backs Apple, and wants to scan encrypted messages for CSAM - 9to5Mac - September 11th, 2021
- VPN and Email Encryption Provider, WiTopia, Inc., Is Now Raising Capital Via StartEngine - PRNewswire - September 11th, 2021
- Future in the cloud for encryption - Capacity Media - September 8th, 2021
- WhatsApps Claims Of End-To-End Encryption Might Be Entirely True - Ubergizmo - September 8th, 2021
- Debunking Wi-Fi Security Myths: Wi-Fi Encryption Is Weak - TechSpective - September 8th, 2021
- WhatsApp Flaw Casts Doubt on End-to-End Encryption - Security Boulevard - September 8th, 2021
- Bluefin Receives U.S. Patent on Systems for Vaultless Tokenization and Encryption - WFMZ Allentown - September 8th, 2021
- Priti Patel backs ad campaign that criticises Facebook's stance on end-to-end encryption - Graham Cluley Security News - September 8th, 2021
- EXCLUSIVE: What's in the new zero-trust strategy - Politico - September 8th, 2021
- 3 ways to protect yourself from cyberattacks in the midst of an IT security skill shortage - Help Net Security - September 8th, 2021
- Apple Has Betrayed Its Privacy Legacy and Will Undermine End-to-end Encryption Everywhere - Privacy News Online - September 8th, 2021
- IBM's first 7nm Power10 chip arrives in E1080 server system with a wealth of shiny features - The Register - September 8th, 2021
- The adoption of multi-cloud drives the need for better data protection and management of encryption keys an... - Security Boulevard - August 26th, 2021
- Cryptomator Vs. BoxCryptor: Which One Is The Best Encryption Software? - Analytics Insight - August 26th, 2021
- Why you should encrypt your data on your computer and how to do it - The Star Online - August 26th, 2021
- Video end-to-end encryption on Ring to be available worldwide - ITP.net - August 26th, 2021
- What is a Vocoder? How an audio encryption device used in WW2 became the sound of electro and modern pop - Mixdown - August 26th, 2021
- Privacera partners with StreamSets to strengthen data security for ETL processing in the cloud - Help Net Security - August 26th, 2021
- R400m cocaine-in-a-boat accused used encryption app to communicate - TimesLIVE - August 26th, 2021
- Evervaults encryption as a service is now open access - TechCrunch - August 24th, 2021
- How to Encrypt Your Own Windows and Mac Devices (and Why You Need To) - Lifehacker - August 24th, 2021
- Why encryption is the key to digital fitness, according to Thales - iTnews - August 24th, 2021
- How to check each of your WhatsApp chats are ACTUALLY private right now and not being intercepted by h... - The Sun - August 24th, 2021
- WebCam: How Australia paved the way for Apple's encryption backflip - Crikey - August 24th, 2021
- Staggering 400% rise in child sexual abuse images detected by Facebook as fears over encryption plans g... - The Sun - August 24th, 2021
- Hardware-based Full Disk Encryption Market 2021 and Analysis to 2027 Micron Technology Inc, Seagate Technology PLC, Toshiba, Intel - The Market... - August 24th, 2021
- WhatsApp could soon have an iPad app for the first time - Engadget - August 24th, 2021
- Facebook is bringing end-to-end encryption to Messenger calls and Instagram DMs - TechCrunch - August 14th, 2021
- Apple opens the encryption Pandora's box - Axios - August 14th, 2021
- How to encrypt your computer (and why you should) - Mashable - August 14th, 2021
- Protects User Privacy With Encryption and Authentication - Security Magazine - August 14th, 2021
- An Overview of Blockchain in Supply Chain: Whats the Link? - JD Supra - August 14th, 2021
- Facebook introduces end-to-end encryption for its voice & video call features - Techstory - August 14th, 2021
- Hardware Encryption Devices Market Research Report 2021 Elaborate Analysis With Growth Forecast To 2027 Intel, Toshiba, Micron Technology Inc,... - August 14th, 2021
- If You Build It, They Will Come: Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World - EFF - August 14th, 2021
- Encryption Software Market Report 2021-26: Size, Growth, Size, Share and Forecast IMARC Group - The Market Writeuo - The Market Writeuo - August 14th, 2021
- AES Encryption Software Market Growth in the Forecast Period of 2021 to 2026 With Top Companies: , Dell, Eset, Gemalto, IBM, Mcafee - The Market... - August 14th, 2021
- Regulated encryption isnt possible heres what is - POLITICO Europe - August 3rd, 2021
- Work from home and cloud are prompting hard looks at security - GCN.com - August 3rd, 2021
- Atakama and Spirion to announce their strategic partnership at Black Hat 2021 - PRNewswire - August 3rd, 2021
- Spirion and Atakama Join Forces at Black Hat 2021 Conference - MarTech Series - August 3rd, 2021
- Looking for ways to password protect a file or folder on Windows 11? Here's how you can do it - India Today - August 3rd, 2021
- XSOC CORP's SOCKET Receives UL- 2900 Certification for Securing Encrypted Workflows of Today's Enterprise and Industrial Connected Devices - Business... - August 3rd, 2021
- Apple @ Work: FileVault 2 is so good, theres no reason for IT departments not to use it - 9to5Mac - August 3rd, 2021
- The Future of Industrial Security - Security Today - August 3rd, 2021
- Global Encryption Software System Market Size And Forecast to 2021 2027 analysis with key players : IBM, Microsoft, Sophos ltd, Gemalto, Net App Inc,... - August 3rd, 2021
- Cloud Encryption Software Market Size 2021 Industry Demand, Share, Global Trend, Industry News, Business Growth, Top Key Players Update, Business... - August 3rd, 2021
- Global E-mail Encryption Market Dynamics Analysis, Production, Supply and Demand, Covered in the Latest Research 2021-2026 - Digital Journal - August 3rd, 2021
- Insights on the Optical Encryption Global Market to 2027 - Featuring Arista Networks, Broadcom and CenturyLink Among Others - ResearchAndMarkets.com -... - July 8th, 2021
- Jupiter Project Presents 'Metis Messenger', the Decentralized Chat Application That Syncs Across All Platforms - GlobeNewswire - July 8th, 2021
- If full encryption of police radios necessary? Berkeley may allow public to hear one of their channels - The Daily Post - July 2nd, 2021
- Leveraging Encryption Keys to Better Secure the Federal Cloud - Nextgov - July 2nd, 2021
- Benefits of Adopting Data Encryption in Businesses - CIOReview - July 2nd, 2021
- Encryption can be lucrative, but with environmental costs - Floridanewstimes.com - July 2nd, 2021
- UK Government has suggested messaging apps to avoid using end-to-end encryption on the accounts of children because that can be harmful to them -... - July 2nd, 2021
- Diavol ransomware linked to Trickbot botnet - IT PRO - July 2nd, 2021
- Got data? The biggest-ever portable encrypted SSD just came out - Cult of Mac - July 2nd, 2021
- Application-Level Encryption Market is expected to expand at a CAGR of 25% from 2020 to 2030 KSU | The Sentinel Newspaper - KSU | The Sentinel... - July 2nd, 2021
- Encryption Key Management Market to Eyewitness Massive Growth by 2028: Ciphercloud, Gemalto, Google The Manomet Current - The Manomet Current - July 2nd, 2021
- Data storage: the importance of protecting the device and not just the network - IT-Online - July 2nd, 2021
- Global E-mail Encryption Market 2021 Demands To Sustain in Future Industry Size, Growth, Revenue, Global Statistics and Forecast to 2030 The Manomet... - July 2nd, 2021
- Hardware Encryption Market 2021 Industry Analysis by Manufacturers, End-User, Type, Application, Regions and Forecast to 2027 The Manomet Current -... - July 2nd, 2021
- Former Anonymous and Lulzsec hacker discusses his criminal past and gives his top tips for avoiding ransomware - Texasnewstoday.com - July 2nd, 2021
- Why Inspecting Encrypted Traffic Is A Must - Security Boulevard - June 25th, 2021
- Researchers: 2G Connection Encryption Deliberately Weakened To Comply With Cryptowar Export Restrictions - Techdirt - June 25th, 2021
- The Ultimate Guide to Key Management Systems - Hashed Out by The SSL Store - Hashed Out by The SSL Store - June 25th, 2021
- Will regulation adapt to encryption, or will encryption adapt to regulation?Expert answers - QNT - June 25th, 2021