U.S. officials have been insisting to tech platforms that overly strong encryption is a threat to public safety and that "back doors" must be provided for law enforcement to bypass security, all in the name of fighting crime.
Meanwhile, U.S. officials have also been claiming that China-based tech company Huawei can use secret security bypasses that are intended for law enforcement use only in order to access data that could be used by the Chinese government for surveillance purposes.
In summation: The same U.S. government that wants tech companies and telecoms to create secret software doors that would allow it to snoop on our private communications and data is also worried that other governments will be able to use those same back doors to do the same thing. This is what tech privacy experts have been warning U.S. officials (and U.K. officials and Australian officials) all along: Any back door that allows law enforcement to circumvent user privacy protections will ultimately be used by people with bad intentions.
The context here is a Wall Street Journal report that reveals U.S. officials have been quietly telling allies that Huawei can secretly access data from its phone networks through taps that the company built into the hardware it sells to cellphone carriers. Laws mandate that Huawei (and other telecom companies) install these "interception interfaces" into their equipment, but only authorized law enforcement officials are supposed to have access. Even Huawei itself is not supposed to be able to gain access without the permission of the phone carriers. But U.S. officials are insistent that Huawei has maintained secret access to these taps since at least 2009.
Huawei says these claims are not true and that these hardware taps can only be accessed by "certified personnel of the network operators." The company also insists it is not surveilling data and passing it along to the Chinese government.
The story leans heavily on U.S. claims from secret intelligence that has recently been declassified, but it's not exactly proof of the claims.
On a surface level, this is about the global tech market and the competition between China and the United States. But dig deeper and you can see the relevance to our encryption fight.
The FBI and Department of Justice insist that tech companies need to be adding similar, virtual back doors in our communication tools, phones, and apps in the name of fighting crime and terrorism. People like FBI Director Christopher Wray and Attorney General William Barr are willing to discuss encryption back doors only in terms of how it helps the U.S. government. But this Wall Street Journal report makes it clear that the U.S. government is abundantly aware that any access point (real or virtual) to look at private data is a point of vulnerability.
If this intelligence is true, it means that any government-mandated encryption bypass is potentially abusable and the U.S. should not be demanding tech companies make them, lest the Chinese government (or Saudi government, or Russian government, or United Arab Emirates, or identity thieves with hacking skills) get their hands on whatever mechanism created for law enforcement use only.
If the intelligence is not true, it nevertheless makes it clear that the United States understands that back doors create huge vulnerabilities. Government officials know full well that the Justice Department's demands are unreasonable and should be shut down, and lawmakers like Sen. Lindsey Graham (RS.C.) should not be proposing bills to force companies to implement encryption back doors.
But then, perhaps I should simply stop treating the Justice Department and Congress as though they're making these arguments in good faith. You see, yesterday, the Washington Post published a very different story about encryption and data privacy. It turns out that, for decades, the CIA and German intelligence owned and secretly operated an encryption company named Crypto AG. They sold compromised encryption technology to other countries, then secretly spied on them. The Washington Post reports that
they monitored Iran's mullahs during the 1979 hostage crisis, fed intelligence about Argentina's military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.
Germany left the partnership in the 1990s, fearing exposure. So the CIA ran the company until 2018 when it liquidated Crypto AG and sold it off to two companies, one of whom apparently had no idea about its secret background.
We should be wary of the U.S. government doubling down on its efforts to compromise encryption, especially now that Crypto AG is not of use to the CIA. We know full well those back doors are going to be used for a lot more than trying to track down alleged pedophiles, and the federal government knows that, too.
- Bill to protect children online ensnared in encryption fight | TheHill - The Hill - March 13th, 2020
- Child exploitation bill earns strong opposition from encryption advocates - Washington Examiner - March 13th, 2020
- Senators Pretend That EARN IT Act Wouldn't Be Used To Undermine Encryption; They're Wrong - Techdirt - March 13th, 2020
- Patent hints that encrypted displays could appear on future Apple devices - TechSpot - March 13th, 2020
- Senators dispute industry claims that a bill targeting tech's legal shield would prohibit encryption - CNBC - March 11th, 2020
- The EARN IT Act Is a Sneak Attack on Encryption - WIRED - March 11th, 2020
- Krk WiFi vulnerability affected WiFi encryption on over a billion devices - Privacy News Online - March 11th, 2020
- The Benefits of Encryption and the Implications of Creating Backdoors - American Action Forum - March 11th, 2020
- Big Boom in Encryption Key Management Software Market that is Significantly Growing with Top Key Players Netlib Security, Fortanix, Avery Oden, AWS -... - March 11th, 2020
- Mobile Encryption Market to Witness Robust Expansion throughout the Forecast 2020-2026: McAfee(Intel Corporation), Blackberry, T-Systems... - March 11th, 2020
- Email Encryption Market Rising Trends, Technology and Business Outlook 2020 to 2026 - Best Research Reports - March 11th, 2020
- Crypto, Encryption, and the Quest for a Secure Messaging App - Bitcoin News - March 8th, 2020
- Encryption Flaws Leave Millions of Toyota, Kia, and Hyundai Cars Vulnerable to Key Cloning - Gizmodo - March 8th, 2020
- IoT Security Solution for Encryption Market to Boom In Near Future by 2026 Industry Key Players: Cisco Systems, Intel Corporation, IBM Corporation -... - March 8th, 2020
- What are the top-rated encrypted texting apps? - Fox Business - March 8th, 2020
- Data Encryption Software Market: Future Forecast Assessed On The Basis Of How The Industry Is Predicted To Grow 2020-2025 - Bandera County Courier - March 8th, 2020
- How Encrypted Messaging Works And Why Australian Spies Are Trying To Break The Code - Gizmodo Australia - March 8th, 2020
- Why Britains new deal with Silicon Valley for stopping child abuse still has one big hole in it - Telegraph.co.uk - March 8th, 2020
- What the 2020 election means for encryption - The Verge - March 3rd, 2020
- Our guide to the 2020 election including Section 230 and encryption - The Verge - March 3rd, 2020
- Research: IT Managers Regard Encrypted Traffic as a Source of Cyberthreats, But Their Defenses Are Inadequate - Yahoo Finance - March 3rd, 2020
- Encryption Foes in Washington Won't Give Up - Reason - March 3rd, 2020
- BestCrypt by Jetico expands cross-platform protection to computers with T2 chip - Help Net Security - March 3rd, 2020
- Barr's Motives, Encryption and Protecting Children; DOJ 230 Workshop Review, Part III - Techdirt - March 3rd, 2020
- Comment: Its time for governments to learn how end-to-end encryption works - 9to5Mac - March 3rd, 2020
- Crypto AG Shows That US Concern Over Huawei Encryption Backdoors Comes From Long Experience Doing the Same Thing - CPO Magazine - March 3rd, 2020
- MI5 Still Thinks Encryption Backdoors are an Excellent Idea That Couldn't Possibly Go Wrong - Gizmodo UK - March 3rd, 2020
- Global Encryption Software Market is projected to reach a value of USD 20.44 billion by 2026 - WhaTech Technology and Markets News - March 3rd, 2020
- Exporters Should Be 'Very Careful' of Misusing New End-to-End Encryption Carve-Out in ITAR, Experts Say - Export Compliance Daily - March 3rd, 2020
- Encryption Software Market 2020 Analysis by Overview, Growth, Top Companies, Trends, Demand and Forecast to 2026 - Packaging News 24 - March 3rd, 2020
- If We Build It (They Will Break In) - Lawfare - March 3rd, 2020
- Why the US government is questioning WhatsApp's encryption - CNBC - February 25th, 2020
- No Backdoor on Human Rights: Why Encryption Cannot Be Compromised - Bitcoin News - February 25th, 2020
- Backdoor to encryption back on agenda in absurdly named bill - 9to5Mac - February 25th, 2020
- Signal is the European Union's encrypted messaging app of choice - Cult of Mac - February 25th, 2020
- cloudAshur, hands on: Encrypt, share and manage your files locally and in the cloud - ZDNet - February 25th, 2020
- ASIO: Relentless advance of technology was outstripping our capabilities - ZDNet - February 25th, 2020
- Cygilant to Highlight the Need for Encrypted Traffic Visibility at RSA Conference 2020 - Business Wire - February 25th, 2020
- Encryption Software Market 2020 Emerging Trends, Growing Demand, Leading Companies, Applications, Overview and Regional Analysis 2026 - News Times - February 25th, 2020
- US bill seen threatening encryption on tech platforms - EJ Insight - February 25th, 2020
- AES Encryption Software Market to Witness Increased Incremental Dollar Opportunity During the Forecast Period 2020 2026 | Dell, Eset, Gemalto, IBM,... - February 25th, 2020
- Malware and HTTPS a growing love affair - Naked Security - February 25th, 2020
- Hardware-based Full Disk Encryption Market To Witness Growth Acceleration During 2020-2026 | Western Digital Corp, Samsung Electronics, Toshiba,... - February 25th, 2020
- Encryption Software Market are anticipated to lucrative growth opportunities in the future by Product Type, Structure, End-user and Geography to 2027... - February 25th, 2020
- Proposed Bill Could Threaten Apple, Facebook Messaging Platforms - MSSP Alert - February 25th, 2020
- Zettaset to Participate in Cybersecurity Forum at Annual HIMSS 2020 Conference - Business Wire - February 25th, 2020
- Cloud Encryption Technology Market Analysis with Key Players, Applications, Trends and Forecasts to 2025 | Gemalto, Sophos, Symantec - Nyse Nasdaq... - February 25th, 2020
- US legislation to fend off end-to-end encryption of Facebook, Google and others - Financial World - February 25th, 2020
- Encryption on Facebook, Google, others threatened by planned new bill - Reuters - February 22nd, 2020
- What Is an Encryption Backdoor? - How-To Geek - February 22nd, 2020
- Sophos Takes On Encrypted Network Traffic With New XG Firewall 18 - CRN: Technology news for channel partners and solution providers - February 22nd, 2020
- Last Week In Venture: Eyes As A Service, Environmental Notes And Homomorphic Encryption - Crunchbase News - February 22nd, 2020
- Congress, Not the Attorney General, Should Decide the Future of Encryption - Lawfare - February 12th, 2020
- The code breakers: This vault is the epicenter in law enforcement's battle to unlock encrypted smartphones - USA TODAY - February 12th, 2020
- Enea Announces New Smart Tools to Identify Encrypted and Evasive Network Traffic - Yahoo Finance - February 12th, 2020
- Encryption Vs. Decryption: What's the Difference? - Techopedia - February 12th, 2020
- Labor Bill to fix Australian encryption laws it voted for hits second debate - ZDNet - February 12th, 2020
- Encryption Software Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - News Parents - February 12th, 2020
- Mobile Encryption Market to Grow Massively (2020-2025) By Size, Share, Price, Trend and Forecast | Blackberry, T-Systems International, ESET, Sophos,... - February 12th, 2020
- Child-Welfare Activists Attack Facebook Over Encryption Plans - The New York Times - February 9th, 2020
- How Attorney General Barr's War On Encryption Will Harm Our Military - Techdirt - February 9th, 2020
- Strong Opinions on Whether Police Calls Should be Encrypted - Government Technology - February 9th, 2020
- The EARN IT Act is the latest clueless attack on encryption, do not fall for it - Privacy News Online - February 9th, 2020
- Republican Senator Lindsey Graham introduces bill that threatens end-to-end encryption - World Socialist Web Site - February 9th, 2020
- Activists write to Facebook against encryption, says it will dent bid to curb child pornography - Hindustan Times - February 9th, 2020
- BBB Offers the Following Tips for National Clean Out Your Computer and Safer Internet Day WKTN- A division of Home Town Media - WKTN Radio - February 9th, 2020
- Optical Encryption Market Booming by Size, Revenue, Trends and Top Growing Companies 2026 - Instant Tech News - February 9th, 2020
- Federal government warning of voter coercion, foreign election interference through private messaging services - CBC.ca - February 9th, 2020
- Mobile Encryption Market 2020 Recent Industry Developments and Growth Strategies Adopted by Top Key Players Worldwide and Assessment to 2025 -... - February 9th, 2020
- Well-meaning charities urge Facebook to halt encryption plan to protect kids - 9to5Mac - February 6th, 2020
- How the B-Team watches over Australia's encryption laws and cybersecurity - ZDNet - February 6th, 2020
- Kids Need End-to-End Encryption for Protection Against Corporations - The Mac Observer - February 6th, 2020
- Encryption Backdoors: The Achilles Heel to Cybersecurity? - Techopedia - February 6th, 2020
- US Lawmakers Seeking to Ban Companies From Using End-to-End Encryption With a New Draft Bill - Bitcoin Exchange Guide - February 6th, 2020
- United States: a invoice towards end-to-end encryption? - Sahiwal Tv - February 6th, 2020
- TLS 1.0/1.1 end-of-life countdown heads into the danger zone - The Daily Swig - February 6th, 2020
- How Would a US Ban on End to End Encryption Affect Cryptocurrency? - Bitcoinist - February 5th, 2020
- Officials Ask Public to Weigh in on Encrypting Police Calls - Government Technology - February 5th, 2020
- Bluefin and FroogalPay Partner to Provide PCI-Validated Point-to-Point Encryption (P2PE) - Benzinga - February 5th, 2020
- Facebook to allow parents to monitor their kids' chat messages - Sussex Express - February 5th, 2020