SAN FRANCISCO A Justice Department official hinted on Monday that a yearslong fight over encrypted communications could become part of a sweeping investigation of big tech companies.
While a department spokesman declined to discuss specifics, a speech Monday by the deputy attorney general, Jeffrey A. Rosen, pointed toward heightened interest in technology called end-to-end encryption, which makes it nearly impossible for law enforcement and spy agencies to get access to peoples digital communications.
Law enforcement and technologists have been arguing over encryption controls for more than two decades. On one side are privacy advocates and tech bosses like Apples chief executive, Timothy D. Cook, who believe people should be able to have online communications free of snooping. On the other side are law enforcement and some lawmakers, who believe tough encryption makes it impossible to track child predators, terrorists and other criminals.
Attorney General William P. Barr, joined by his British and Australian counterparts, recently pressed Facebooks chief executive, Mark Zuckerberg, to abandon plans to embed end-to-end encryption in services like Messenger and Instagram. WhatsApp, which is owned by Facebook, already provides that tougher encryption.
Companies should not deliberately design their systems to preclude any form of access to content even for preventing or investigating the most serious crimes, Mr. Barr wrote in a letter last month.
Here is an explanation of the technology and the stakes.
End-to-end encryption scrambles messages in such a way that they can be deciphered only by the sender and the intended recipient. As the label implies, end-to-end encryption takes place on either end of a communication. A message is encrypted on a senders device, sent to the recipients device in an unreadable format, then decoded for the recipient.
There are several ways to do this, but the most popular works like this: A program on your device mathematically generates two cryptographic keys a public key and a private key.
The public key can be shared with anyone who wants to encrypt a message to you. The private key, or secret key, decrypts messages sent to you and never leaves your device. Think of it as a locked mailbox. Anyone with a public key can put something in your box and lock it, but only you have the private key to unlock it.
A more common form of encryption, known as transport layer encryption, relies on a third party, like a tech company, to encrypt messages as they move across the web.
With this type of encryption, law enforcement and intelligence agencies can get access to encrypted messages by presenting technology companies with a warrant or national security letter. The sender and recipient would not have to know about it.
End-to-end encryption ensures that no one can eavesdrop on the contents of a message while it is in transit. It forces spies or snoops to go directly to the sender or recipient to read the content of the encrypted message. Or they must hack directly into the senders or recipients device, something that can be harder to do at scale and makes mass surveillance much more difficult.
Privacy activists, libertarians, security experts and human rights activists argue that end-to-end encryption steers governments away from mass surveillance and toward a more targeted, constitutional form of intelligence gathering. But intelligence and law enforcement agencies argue that end-to-end encryption makes it much harder to track terrorists, pedophiles and human traffickers.
When Mr. Zuckerberg announced in March that Facebook would move all three of its messaging services to end-to-end encryption, he acknowledged the risk it presented for truly terrible things like child exploitation.
Encryption is a powerful tool for privacy, but that includes the privacy of people doing bad things, he said.
The debate over end-to-end encryption has had several iterations, beginning in the 1990s with the spread of Pretty Good Privacy, or PGP, software, an end-to-end encryption scheme designed by a programmer named Phil Zimmermann. As a result, the Clinton administration proposed a Clipper Chip, a back door for law enforcement and security agencies.
But the Clipper Chip provoked a backlash from a coalition of unlikely bedfellows, including the American Civil Liberties Union; the televangelist Pat Robertson; and Senators John Kerry, the Massachusetts Democrat, and John Ashcroft, the Missouri Republican. The White House backed down in 1996.
End-to-end encryption gained more traction in 2013, after data leaked by the former National Security Agency contractor Edward J. Snowden appeared to show the extent to which the N.S.A. and other intelligence and law enforcement agencies were gaining access to users communications through companies like Yahoo, Microsoft, Google and Facebook without their knowledge.
Encrypted messaging apps like Signal and Wicker gained in popularity, and tech giants like Apple and Facebook started wrapping user data in end-to-end encryption.
Google, which pledged to add an end-to-end encryption option for Gmail users several years ago, has not made this the default option for email. But the company does offer a video-calling app, Duo, that is end-to-end encrypted.
As more communications moved to these end-to-end encrypted services, law enforcement and intelligence services around the world started to complain about datas going dark.
Government agencies have tried to force technology companies to roll back end-to-end encryption, or build back doors, like the Clipper Chip of the 1990s, into their encrypted products to facilitate government surveillance.
In the most aggressive of these efforts, the F.B.I. tried in 2016 to compel Apple in federal court to unlock the iPhone of one of the attackers in the 2015 mass shooting in San Bernardino, Calif.
Mr. Cook of Apple called the F.B.I.s effort the software equivalent of cancer. He said complying with the request would open the door to more invasive government interception down the road.
Maybe its an operating system for surveillance, maybe the ability for the law enforcement to turn on the camera, Mr. Cook told ABC News. I dont know where it stops.
Privacy activists and security experts noted that any back door created for United States law enforcement agencies would inevitably become a target for foreign adversaries, cybercriminals and terrorists.
Alex Stamos, the chief security officer of Yahoo at the time, likened the creation of an encryption back door to drilling a hole in the windshield. By trying to provide an entry point for one government, you end up cracking the structural integrity of the entire encryption shield.
The F.B.I. eventually backed down. Instead of forcing Apple to create a back door, the agency said it had paid an outside party to hack into the phone of the San Bernardino gunman.
Governments have stepped up their calls for an encryption back door.
Last year, Australian lawmakers passed a bill requiring technology companies to provide law enforcement and security agencies with access to encrypted communications. The bill gave the government the ability to get a court order allowing it to secretly order technology companies and technologists to re-engineer software and hardware so that it can be used to spy on users.
Australias law is based on Britains 2016 Investigatory Powers Act, which compels British companies to hand over the keys to unscramble encrypted data to law enforcement agencies. The Australian law could apply to overseas companies like Facebook and Apple.
Australias new law applies to network administrators, developers and other tech employees, forcing them to comply with secret government demands without notifying their employers.
Other governments are also considering new encryption laws. In India, Facebooks biggest market, officials told the countrys Supreme Court in October that Indian law requires Facebook to decrypt messages and supply them to law enforcement upon request.
They cant come into the country and say, We will establish a non-decryptable system, Indias attorney general, K.K. Venugopal, told the court, referring to Facebook and other big tech platforms. Indias Supreme Court has said it will reconvene on the issue in January.
- The Senate Judiciary Committee Wants Everyone to Know It's Concerned About Encryption - EFF - December 14th, 2019
- The Defense Department Says It Needs the Encryption the FBI Wants to Break - Free - December 14th, 2019
- Congress wants to regulate encryption for big tech - The Burn-In - December 14th, 2019
- Facebook says it won't break end-to-end encryption - TechRadar - December 14th, 2019
- Encryption spat sees backdoor back-and-forth between tech firms, Congress - TelecomTV - December 14th, 2019
- Michael Hayden Ran The NSA And CIA: Now Warns That Encryption Backdoors Will Harm American Security & Tech Leadership - Techdirt - December 14th, 2019
- Large, diverse coalition of civil society groups tell the US, UK and Australian governments not to ban working encryption - Boing Boing - December 14th, 2019
- U.S. Attorney Justin Herdman of Ohio says agents need access encrypted devices, apps for the sake of public s - cleveland.com - December 14th, 2019
- Google makes it safer to text on Android phones, but end-to-end encryption is still MIA - PCWorld - December 14th, 2019
- Priti Patel bids to create end-to-end encryption apps' back door - The National - December 14th, 2019
- Encryption can't put tech giants beyond the reach of the law, Minister says - The Age - December 14th, 2019
- Chrome 79 includes anti-phishing and hacked password protection - Naked Security - December 14th, 2019
- Hardware Encryption Technology Market : Analysis and In-depth study on market Size Trends, Emerging Growth Factors and Forecasts to 2027 - Downey... - December 14th, 2019
- Encryption back on the congressional agenda - Politico - December 9th, 2019
- Police radios blocked from the public in southeast Denver metro area - The Denver Post - December 9th, 2019
- Encryption Software Market Innovations, And Top Companies - Forecast To 2029| Microsoft, Sophos Ltd., Check Point Software Technologies Ltd. -... - December 9th, 2019
- Did You Hear That? Securing Communications in 2019 | Insight for the Connected Enterprise - No Jitter - December 9th, 2019
- 'Government broke their promise': Labor seeks to amend encryption legislation - Sydney Morning Herald - December 9th, 2019
- Global Hardware-based Full Disk Encryption Market 2019 Innovation and Technological Developments, Industry Analysis & Outlook 2023 - Weekly News... - December 9th, 2019
- Privacy vs public safety - the pros and cons of encryption - World Economic Forum - December 8th, 2019
- 80% of all Android apps encrypt traffic by default - We Live Security - December 8th, 2019
- Keybase moves to stop onslaught of spammers on encrypted message platform - Ars Technica - December 8th, 2019
- Labor says it will fix encryption laws it voted for last year - ZDNet - December 8th, 2019
- Nick Clegg to be summoned to Parliament to give evidence on Facebook encryption - Sunriseread - December 8th, 2019
- This startup just solves the data privacy problem by making it possible to search encrypted data in the cloud - TechStartups.com - December 8th, 2019
- Encryption Software Market to Discern Magnified Growth During 2017-2027 - Weekly Spy - December 8th, 2019
- Millions of Private Text Messages Have Been Exposed: Here's How to Encrypt Messages on iPhone and Android - Tech Times - December 8th, 2019
- Biometric Data Encryption Device Market : Analysis and In-depth study on market Size Trends, Emerging Growth Factors and Forecasts to 2018 to 2028 -... - December 8th, 2019
- Certbot Leaves Beta with the Release of 1.0 - EFF - December 8th, 2019
- Terrific News for Android OS Users 80% Android apps encrypting traffic by default - Digital Information World - December 8th, 2019
- Hawk Security Limited Began Selling a Hardware-Protected External SSD Drive with Aes 256 XTS Military Grade Encryption - AiThority - December 8th, 2019
- Data security is falling behind as over half of FIs experience data breaches - IBS Intelligence - December 8th, 2019
- Email Encryption Market 2019, Trend, CAGR Status, Growth, Analysis and Forecast to 2025 - VaporBlash - December 8th, 2019
- Encryption Software Market 2019 Size, CAGR Status, Key Players, Growth Analysis and Forecast to 2026 - The Market Publicist - December 2nd, 2019
- Global Encryption Software Market Industry Analysis and Forecast (2018-2026) - Daily Research Stack - December 2nd, 2019
- Fortinet took 18 months to strip software of flawed crypto cipher and keys - The Daily Swig - December 1st, 2019
- Mobile Encryption Market Competitive Research And Precise Outlook 2019 To 2025 - The Market Publicist - December 1st, 2019
- NordPass: Get rid of password stress. Forever. - EE Journal - December 1st, 2019
- Apple patents anti-snooping technology that would stop police from tracking locations and messages - Stock Daily Dish - December 1st, 2019
- Encryption Software Market Research Report by Geographical Analysis and Forecast 2017-2027 - Kentucky Reports - November 28th, 2019
- Encryption Key Management Software Market : Industry Research, Growth Trends And Opportunities For The Forecast Period 2019-2029 - News Description - November 28th, 2019
- iStorage cloudAshur is named: Security Innovation of the Year at the UK IT Industry Awards 2019 - ResponseSource - November 28th, 2019
- Database Encryption Market Analysis Report by Product Type, Industry Application and Future Technology 2025 (International Business Machines... - November 28th, 2019
- The IT Guide to Enforcing Full Disk Encryption Windows Edition - Security Boulevard - November 28th, 2019
- Why The FBI's Former Top Lawyer Now Embraces Encryption - Law360 - November 28th, 2019
- Big Boom in Cloud Encryption Market over 2019-2026 with CipherCloud Inc., Hytrust Inc., Gemalto NV, IBM Corporation and more - Market Expert - November 28th, 2019
- Encrypted Flash Drives Market Size, Growth, Global Industry Analysis, Share, Segments and Forecast 2019-2024 - Space Market Research - November 28th, 2019
- Encryption Software Market 2019 Global Industry Status, Segment by Region, Type and Future Forecast To 2026 - Financial News - November 28th, 2019
- FBI worried about criminals having unfettered access to encryption technology - KTVI Fox 2 St. Louis - November 23rd, 2019
- Think of the children: FBI sought Interpol statement against end-to-end crypto - Ars Technica - November 23rd, 2019
- Global Hardware-based Full Disk Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report... - November 23rd, 2019
- Moniker makes a statement with The Encryption EP - The Untz - November 23rd, 2019
- Global Mobile Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report 2019-2024 - BeetleVersion - November 23rd, 2019
- NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - BleepingComputer - November 23rd, 2019
- Encryption Key Management Software Market Research Report: Market Analysis on the Future Growth Prospects and Market Trends Adopted by the... - November 23rd, 2019
- Microsoft Windows 10 To Natively Support DNS Over HTTPS Encryption And Obfuscation Technique Making Internet Traffic Monitoring Near Impossible -... - November 23rd, 2019
- Import EFS File Encryption Certificate and Key (PFX file) in Windows 10 - TWCN Tech News - November 23rd, 2019
- What Is Homomorphic Encryption? And Why Is It So Transformative? - Forbes - November 19th, 2019
- FBI Recruits Interpol to Condemn End-to-End Encryption - WebProNews - November 19th, 2019
- Is encryption to blame for WhatsApp snooping? - Livemint - November 19th, 2019
- BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups in the field - Security Boulevard - November 19th, 2019
- Astonishing Growth in Global encryption software market size was valued at USD 2.98 billion in 2018. It is projected to post a CAGR of 16.8% from 2019... - November 19th, 2019
- Encryption Software Market Overview, Latest Analysis and Future Forecast 2019 2025 - Markets Gazette 24 - November 19th, 2019
- With end-to-end encryption, we wouldn't be able to listen in even if we wanted to, says Facebook's Stan Chudnovsky - Mumbrella Asia - November 19th, 2019
- Microsoft Jumps on the DoH Train Company to Introduce Encrypted DNS - Computer Business Review - November 19th, 2019
- Global Mobile Encryption Technology Market 2018 Manufacturers, Types and Application, Analysis History and Forecast 2025 - Galus Australis - November 19th, 2019
- Hardware Encryption Market Growth Forecast Analysis by Top Manufacturers, Regions, Product Types and Application (2019 - 2026) - News Obtain - November 19th, 2019
- The Best Encryption Software for 2019 | PCMag.com - October 21st, 2019
- What is data encryption? - October 19th, 2019
- USB Enforced Encryption - Endpoint Protector - October 19th, 2019
- Authenticated encryption - Crypto++ Wiki - October 19th, 2019
- Tinder's Lack of Encryption Lets Strangers Spy on Your ... - October 19th, 2019
- 'Without Encryption, We Will Lose All Privacy': Snowden ... - October 18th, 2019
- Security pros reiterate warning against encryption backdoors - October 18th, 2019
- Encryption - servicepro.wiki - October 18th, 2019
- Mozy Encryption - October 18th, 2019
- Optical Encryption Market Size, Share, Trends and Forecast ... - October 18th, 2019
- MySQL Enterprise Transparent Data Encryption (TDE) - October 18th, 2019
- What is Encryption? - Definition from WhatIs.com - October 17th, 2019
- How to Set Up BitLocker Encryption on Windows - October 2nd, 2019