en
Back to the list

Public Safety vs Personal Privacy: US Regulators Target Encrypted Messengers

source-logo  beincrypto.com 21 October 2020 12:00, UTC

Once again privacy and security is held in the balance as law enforcement asks to extend its judicial powers in order to gain access to end-to-end encrypted information. The important question remains — is protecting users data more or less important than protecting innocents or hunting down terrorists? When posed like that, the issue could be perceived as a statement.

On Oct. 11, the United States Department of Justice (DOJ), Office of Public Affairs, issued an international statement asking industry encryption developers to implement backdoor features in their end-to-end encryption applications to supplement law enforcement agencies in their investigations.

This is nothing new. Just last year the director of the Federal Bureau of Investigation (FBI), Christopher Wray, gave a speech addressing this sensitive issue, saying:

“User-controlled default encryption is a real challenge for law enforcement. Our agents continue to encounter criminals, from street drug-dealers to foreign spies, who relish the ability to hide on encrypted devices and inside encrypted messaging platforms. They’re attracted to these technologies, for the common-sense reason that they think it helps them do their harm with impunity, and without detection.”

Current end-to-end encryption technology apparently inhibits law enforcement from being able to access content connected to serious crimes that involve the technology, which include child exploitation and abuse, violence, as well as crimes that impair the integrity of national security such as terrorist propaganda and attacks.

The concerns arose after proposals were made to affix end-to-end encryption features across mainstream messaging services. By design, a move like this would prevent law enforcement agencies from being able to carry out their investigations into serious criminal offences that could jeopardize public safety and undermine the national security interest, where the scope of justice otherwise has the authority to do so.

According to the United Nations Children’s Fund, one in every three Internet users is a child. Furthermore, the potential threat scope broadens when the statement published in October 2019 by the National Center for Missing and Exploited Children (NCMEC) is taken into consideration:

“If end-to-end encryption is implemented without a solution in place to safeguard children the [National Center for Missing and Exploited Children] estimates that more than half of its CyberTipline reports will vanish.”

This apparently means that online predators would be able to continue their pursuits and proliferate child exploitive material on the Internet on account of the inability of law enforcement to decrypt communications between criminal suspects.

On Dec. 11, 2019, the following joint statement was given by the US and European Union:

“[…] the use of warrant-proof encryption by terrorists and other criminals – including those who engage in online child sexual exploitation – compromises the ability of law enforcement agencies to protect victims and the public at large.”

The worst case scenario actually already happened. According to the statement, in 2018, Facebook Messenger was liable for close to 12 million of the 18.4 million international reports of child sexual abuse material that was sent to the NCMEC.

The fact of the matter is that these reports face the risk of fading away, because the tools law enforcement use for detecting child sexual abuse can not gather information when messengers implement encryption by default.

Is encryption causing criminals to get away?

In his speech, Wray shared the story of a cyber tip that was received by the FBI along with state and local officers, which came from a town in New England. The tip suggested that a nine-year-old girl was being sexually abused, and that the abuser was utilizing a particular app, which allowed him to anonymously distribute pictures of what he was doing to the girl.

Law enforcement was able to contact the company that produced the app and, by following legal procedures, was able to obtain information that allowed them to locate the girl in under 24 hours.

Now, imagine this hypothetical scenario: you are a special agent of the FBI’s Child Exploitation and Human Trafficking Task Forces (CEHTTFs) and you’ve been investigating another case involving a darknet human trafficking ring.

You’ve seen the website. You’ve been analyzing financial transactions. You posed as a prospective buyer on a private end-to-end encrypted messenger used by the suspect and have communicated with who you believe is the leader of the trafficking ring. But you can not seem to catch a break because every little detail in this criminal organization is protected under lock and key.

Whatever the crime may be, the reach of law enforcement can only go so far. Without a viable solution provided by the makers of end-to-end encryption technology, the barriers will remain as long as this technological barrier remains in place.

Perhaps the issue is not whether or not law enforcement should have backdoor access into protected messaging systems, but whether or not the communication of law abiding citizens will be protected and not siphoned off without users’ consent further up the bureaucratic ladder.

Following this same vein of thought, it is curious to note that nearly a year before the December 2015 San Bernardino shooting took place — which led to the court battle between Apple and the FBI for their refusal to unlock the shooters phone, iPhone — Tim Cook, the chief executive officer of Apple Inc, accompanied by Bruce Sewell, Apple’s top lawyer, met with former attorney general Eric Holder and Jim Cole, then the deputy attorney general, where the FBI agents explained that they were “interested in getting access to phones on a mass basis.”

However, seemingly conflicting with the above statement, last year, Attorney General William P. Barr told the Lawful Access Summit: “It is also said that the Government is seeking a secretive ‘backdoor’ to everyone’s communications and data. That is false.”

He expounded by telling the Summit that the government is asking that some “responsible party” retain access to the encryption keys and not necessarily the Government itself, so “when we can demonstrate a lawful basis – probable cause that crimes are being committed – law enforcement is able to gain access.”

The other side of the privacy vs. security debate

The possibility of overreaching governmental powers and silent encroachments has ever been a pervading topic of discussion since the very founding of the US. As the topic of privacy versus security continues, Karen Gullo, the spokesperson for the Electronic Frontier Foundation (EFF), issued strong opposition to the idea of law enforcement obtaining the power it seeks, telling BeInCrypto:

“This is more of the same terrible ideas we’ve heard from the DOJ and the FBI about backdoors to encryption. Neither agency is credible on this issue. They have a long track record of exaggeration and even false statements in support of their position. The [Attorney General] has claimed that the tech sector will design a backdoor for law enforcement that will stand up to any unauthorized access, ignoring the broad technical and academic consensus in the field that this risk is unavoidable. Encryption with special access for select entities is just broken encryption — security backdoors for law enforcement will be used by oppressive regimes and criminal syndicates, putting everyone’s security at risk.”

Last year, professor Matt Green, a cryptographer and science professor at John Hopkins University, indicated on Twitter that the claims made by Barr were broad and baseless allegations after Barr asserted that digital security would mostly be unaffected equipping backdoor access into encryption software.

The EFF explained that the hard facts and statistics to support these allegations are largely nonexistent and false. An example of this arose back in 2016 during the legal conflict between Apple and the FBI following the December 2015 San Bernardino shooting.

The FBI vs Apple controversy revisited

James Comey, who was the FBI director at the time, others included, portrayed their views regarding the encryption on Apple devices as a lock that can not be broken and stood in opposition to public safety and national security. During court proceedings and in Congress, these officials said they had no way to access an encrypted iPhone without pressuring Apple to reengineer its iOS operating system in order to circumvent its security features.

However, it was later discovered that the FBI was double-dipping. After a special inquiry was made by the DOJ Office of the Inspector General, it was exposed that technical divisions within the FBI were already collaborating with a vendor outside of Apple to unlock the phone anyways, even while the government continued its legal battle with Apple, making the statements made by Comey to Congress, the press, in addition to sworn declarations made by other FBI officials in court, patently false at during the time the statements were made.

The EFF asserted that Wray had also made ample overstatements over law enforcement’s difficulty when faced with encryption, singling out that on multiple occasions during congressional testimony and public speeches, he indicated that there were 8,000 encrypted cell phones that the FBI were unable to access in 2017 alone.

Just last year, the Washington Post revisited this testimony, reporting that the number of phones he stated were inaccessible to law enforcement was exaggerated because of a “programming error.”

Lastly, the EFF sought to clarify this discrepancy by filing a Freedom of Information Act request, attempting to better understand the exact nature of how encryption interferes in these criminal investigations.

However, the government evaded the petition by refusing to produce any records.

According to the EFF, Barr scantily offered praise regarding the benefits of encryption, which has become a vital tool in protecting digital information in both cyberspace and in the physical domain, especially for the most vulnerable users such as journalists and activists who face retaliation, censorship and possible imprisonment by abusive and overreaching governments.

The 4th Amendment re-examined

Perhaps the most daunting task in the battle between the extent of privacy as it relates to the scope of security is how the 4th Amendment of the US Constitution should be interpreted, because anytime the limits of civil liberties experience an adjustment, it causes waves. These rights are fundamental pillars of a free society, and the fear of encroachment.

Anytime there’s a liberty interest at stake relating to issues of this nature, it is the burden of the government to clarify how broadening governmental powers can still have a place in the current constitutional framework, or if it needs to be re-interpreted in order to confront new challenges in an an ever changing technological era.

Barr addressed this issue at the Lawful Access Summit, explaining that the 4th Amendment makes a distinction between an “individual citizen’s interest in conducting certain affairs in private and the general public’s interest in subjecting possible criminal activity to investigation.”

He continued by breaking down the elements defined in the amendment: “[O]n one hand, by securing for each individual a private enclave around his ‘person, house, papers, and effects’ – a ‘zone’ bounded by the individual’s own reasonable expectations of privacy. So long as the individual acts within this ‘zone of privacy,’ his activities are shielded from unreasonable Government investigation.”

However, there is a stipulation involved in order for the integrity of this condition to be maintained: under certain circumstances, the public has a lawful obligation to gain access to a person’s area of privacy when public safety is compromised, and when these conditions are met, it defines the circumstances under which the government may lawfully set aside an individual’s privacy zone and gain access.

“When the Government has probable cause to believe that evidence of a crime is within an individual’s zone of privacy, the Government is entitled to search for or seize the evidence, and the search usually must be preceded by a judicial determination that ‘probable cause’ exists and be authorized by a warrant,” said Barr.

As Internet-based crimes continue to proliferate, and as criminals continue to lean towards warrant-stopping end-to-end encryption services, law enforcement agencies are increasingly finding themselves in a precarious position that has privacy advocates and encryption users worried that this could be the end of digital privacy and the beginning of an age of digital transparency.

Having a resolution to this magnitude would cause end-to-end encryption users to have to enter into a “trust dependant relationship” with the companies as well as the government agencies existing on the periphery to never broach the scope of their investigative responsibilities for the purpose of mass data collecting, and so destroy the trust between users and government.

What does this mean for dissident journalists, activists and free thinkers who utilize such technologies while living under the rule of an oppressive dystopian government that is prone to retaliate against individuals who hold to such fundamental basic rights such as freedom of speech?

Once mankind is at last living in such an era of digital transparency, it is not without a level of certainty that new innovations will apparently arise, and the powers that will be tasked with the challenge to confront those technologies, too.

beincrypto.com