MCViewPoint

Opinion from a Libertarian ViewPoint

Posts Tagged ‘encryption’

Justice Department Attempts To Blame Encryption for Terrorist Attack Feds Failed To See Coming – Reason.com

Posted by M. C. on May 21, 2020

That’s the reason why Wray and Barr keep appealing directly to lawmakers (some of whom are sadly too amenable) and aren’t really trying to win over the public. They know full well that encryption backdoors and other security vulnerabilities can and are already used for malicious purposes by criminals and oppressive governments. They don’t care, as long as they get access, too.

https://reason.com/2020/05/19/justice-department-attempts-to-blame-encryption-for-terrorist-attack-feds-failed-to-see-coming/

When a Saudi Arabian man named Mohammed Saeed Alshamrani opened fire at the Naval Air Station in Pensacola, Florida, in December 2019, killing three and injuring eight, the FBI assumed (correctly) it was an act of terrorism.

Alshamrani, who was 21 and a lieutenant in the Royal Saudi Air Force, was at a training program sponsored by the Pentagon in an agreement with Saudi Arabia. A subsequent investigation by both the United States and Saudi Arabia would show that Alshamrani may have been radicalized by Al Qaeda as far back as 2015 and had been tweeting out angry comments against the United States and Israel prior to the attack. That information started coming to light less than a week after the attack, raising questions about whether the American government had done a bad job vetting Alshamrani before letting him into the United States to train.

But Alshamrani also had two iPhones that were locked (which the FBI couldn’t get access to upon his death), so instead of focusing on what intelligence failures allowed for Alshamrani to enter the United States, the Justice Department is instead continuing its attack on encryption. Immediately after the attack, FBI got a warrant to search Alshamrani’s phones andthey approached Apple, asking for help breaking into them. Apple reportedly gave the FBI access to data that the man had stored on his iCloud, but as has been their practice for years now, their encryption system doesn’t give Apple the ability to bypass it and the company would not assist in breaking into the phones.

This has been a sticking point between Apple (and other tech companies) and the Justice Department for years now. Strong encryption is vital to protecting everybody’s data privacy from criminals and any other bad actors with malicious intent (like authoritarian governments and spies). Criminals and terrorists, of course, can also use encryption to prevent their conversations and plans from being detected by police who might stop them. Any tool can be used for good and bad purposes.

This fight is back in the news this week because the Justice Department revealed on Monday that it had finally managed to break into Alshamrani’s phone without Apple’s help. This should be good news, but it’s clear that the FBI and Department of Justice have decided that they’re going to continue using this case to try to attack end-to-end encryption and attempt to force tech companies to install virtual backdoors that allow government officials to bypass security protections.

On Monday, Attorney General William Barr briefly summarized what they’ve learned from Alshamrani’s phone:

  • Alshamrani and his Al Qaeda in the Arabian Peninsula (AQAP) associates communicated using end-to-end encrypted apps, with warrant-proof encryption, deliberately in order to evade law enforcement.
  • Alshamrani’s preparations began years ago. He had been radicalized by 2015, and having connected and associated with AQAP operatives, joined the Royal Saudi Air Force in order to carry out a “special operation.”
  • In the months before the 2019 attack, while in the United States, Alshamrani had specific conversations with overseas AQAP associates about plans and tactics. In fact, he even conferred with his AQAP associates up until the night before the attack.

Note that the first item is obvious, and the second item was actually uncovered early on in the investigation. The third item, intended to serve as a justification for attacking encryption, is more of an indication of an intelligence failure. The press release from the Justice Department makes it clear that Alshamrani was not on the FBI’s radar prior to the attack and there’s no sign they had been trying to get access to his phone data until after the attack. The Justice Department observes in the release, “The phonescontained important, previously-unknown information that definitively established Alshamrani’s significant ties to Al Qaeda in the Arabian Peninsula (AQAP), not only before the attack, but before he even arrived in the United States. The FBI now has a clearer understanding of Alshamrani’s associations and activities in the years, months, and days leading up to the attack.”

So even though the federal government was unsuccessful in noticing Alshamrani’s radicalization that happened four years ago, before he ever came to America, the problem is now that they couldn’t get into his phone after the deed was done.

Both Barr and FBI Director Chris Wray continue to use these edge cases to demand that Congress force companies like Apple to cooperate with the feds and let them bypass encryption.

“If not for our FBI’s ingenuity, some luck, and hours upon hours of time and resources, this information would have remained undiscovered,” Barr said in the statement. “The bottom line: our national security cannot remain in the hands of big corporations who put dollars over lawful access and public safety. The time has come for a legislative solution.”

It has been a long-running strategy for the Justice Department to treat Apple’s extremely valuable and important encryption tools as just some marketing gimmick to win over customers.

In a speech yesterday, Barr and Wray continued the assault. Barr said:

Apple’s desire to provide privacy for its customers is understandable, but not at all costs. Under our nation’s long-established constitutional principles, where a court authorizes a search for evidence of a crime, an individual’s privacy interests must yield to the broader needs of public safety. There is no reason why companies like Apple cannot design their consumer products and apps to allow for court-authorized access by law enforcement while maintaining very high standards of data security. Striking this balance should not be left to corporate boardrooms. It is a decision to be made by the American people through their representatives.

Let’s circle back to my observation above that a tool can be used for either good purposes or bad. That’s the Justice Department’s own argument, right? People are using encryption to hide crimes. Except, suddenly, when the Justice Department wants a key to bypass the encryption, suddenly it’s possible to create a tool that can only be used by the “right” people.

That’s not how encryption backdoors work. And as it has reminded us all every time this stupid argument rears its head, Apple responded yesterday with the same message. End-to-end encryption protects us because there aren’t backdoors. Apple responded (via The Verge):

It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor—one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers. There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.

Customers count on Apple to keep their information secure and one of the ways in which we do so is by using strong encryption across our devices and servers. We sell the same iPhone everywhere, we don’t store customers’ passcodes and we don’t have the capacity to unlock passcode-protected devices. In data centers, we deploy strong hardware and software security protections to keep information safe and to ensure there are no backdoors into our systems. All of these practices apply equally to our operations in every country in the world.

That’s the reason why Wray and Barr keep appealing directly to lawmakers (some of whom are sadly too amenable) and aren’t really trying to win over the public. They know full well that encryption backdoors and other security vulnerabilities can and are already used for malicious purposes by criminals and oppressive governments. They don’t care, as long as they get access, too.

 

Be seeing you

 

 

Posted in Uncategorized | Tagged: , , , , , , | Leave a Comment »

Without encryption, we will lose all privacy. This is our new battleground

Posted by M. C. on October 16, 2019

The US, UK and Australia are taking on Facebook in a bid to undermine the only method that protects our personal information

Edward Snowden is a US surveillance whistleblower

In every country of the world, the security of computers keeps the lights on, the shelves stocked, the dams closed, and transportation running. For more than half a decade, the vulnerability of our computers and computer networks has been ranked the number one risk in the US Intelligence Community’s Worldwide Threat Assessment – that’s higher than terrorism, higher than war. Your bank balance, the local hospital’s equipment, and the 2020 US presidential election, among many, many other things, all depend on computer safety.

And yet, in the midst of the greatest computer security crisis in history, the US government, along with the governments of the UK and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world’s information: encryption. Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe.

In the simplest terms, encryption is a method of protecting information, the primary way to keep digital communications safe. Every email you write, every keyword you type into a search box – every embarrassing thing you do online – is transmitted across an increasingly hostile internet. Earlier this month the US, alongside the UK and Australia, called on Facebook to create a “backdoor”, or fatal flaw, into its encrypted messaging apps, which would allow anyone with the key to that backdoor unlimited access to private communications. So far, Facebook has resisted this.

If internet traffic is unencrypted, any government, company, or criminal that happens to notice it can – and, in fact, does – steal a copy of it, secretly recording your information for ever. If, however, you encrypt this traffic, your information cannot be read: only those who have a special decryption key can unlock it.

I know a little about this, because for a time I operated part of the US National Security Agency’s global system of mass surveillance. In June 2013 I worked with journalists to reveal that system to a scandalised world. Without encryption I could not have written the story of how it all happened – my book Permanent Record – and got the manuscript safely across borders that I myself can’t cross. More importantly, encryption helps everyone from reporters, dissidents, activists, NGO workers and whistleblowers, to doctors, lawyers and politicians, to do their work – not just in the world’s most dangerous and repressive countries, but in every single country.

When I came forward in 2013, the US government wasn’t just passively surveilling internet traffic as it crossed the network, but had also found ways to co-opt and, at times, infiltrate the internal networks of major American tech companies. At the time, only a small fraction of web traffic was encrypted: six years later, Facebook, Google and Apple have made encryption-by-default a central part of their products, with the result that today close to 80% of web traffic is encrypted. Even the former director of US national intelligence, James Clapper, credits the revelation of mass surveillance with significantly advancing the commercial adoption of encryption. The internet is more secure as a result. Too secure, in the opinion of some governments.

Donald Trump’s attorney general, William Barr, who authorised one of the earliest mass surveillance programmes without reviewing whether it was legal, is now signalling an intention to halt – or even roll back – the progress of the last six years. WhatsApp, the messaging service owned by Facebook, already uses end-to-end encryption (E2EE): in March the company announced its intention to incorporate E2EE into its other messaging apps – Facebook Messenger and Instagram – as well. Now Barr is launching a public campaign to prevent Facebook from climbing this next rung on the ladder of digital security. This began with an open letter co-signed by Barr, UK home secretary Priti Patel, Australia’s minister for home affairs and the US secretary of homeland security, demanding Facebook abandon its encryption proposals.

If Barr’s campaign is successful, the communications of billions will remain frozen in a state of permanent insecurity: users will be vulnerable by design. And those communications will be vulnerable not only to investigators in the US, UK and Australia, but also to the intelligence agencies of China, Russia and Saudi Arabia – not to mention hackers around the world.

End-to-end encrypted communication systems are designed so that messages can be read only by the sender and their intended recipients, even if the encrypted – meaning locked – messages themselves are stored by an untrusted third party, for example, a social media company such as Facebook.

The central improvement E2EE provides over older security systems is in ensuring the keys that unlock any given message are only ever stored on the specific devices at the end-points of a communication – for example the phones of the sender or receiver of the message – rather than the middlemen who own the various internet platforms enabling it. Since E2EE keys aren’t held by these intermediary service providers, they can no longer be stolen in the event of the massive corporate data breaches that are so common today, providing an essential security benefit. In short, E2EE enables companies such as Facebook, Google or Apple to protect their users from their scrutiny: by ensuring they no longer hold the keys to our most private conversations, these corporations become less of an all-seeing eye than a blindfolded courier.

It is striking that when a company as potentially dangerous as Facebook appears to be at least publicly willing to implement technology that makes users safer by limiting its own power, it is the US government that cries foul. This is because the government would suddenly become less able to treat Facebook as a convenient trove of private lives.

To justify its opposition to encryption, the US government has, as is traditional, invoked the spectre of the web’s darkest forces. Without total access to the complete history of every person’s activity on Facebook, the government claims it would be unable to investigate terrorists, drug dealers money launderers and the perpetrators of child abuse – bad actors who, in reality, prefer not to plan their crimes on public platforms, especially not on US-based ones that employ some of the most sophisticated automatic filters and reporting methods available.

The true explanation for why the US, UK and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power: E2EE gives control to individuals and the devices they use to send, receive and encrypt communications, not to the companies and carriers that route them. This, then, would require government surveillance to become more targeted and methodical, rather than indiscriminate and universal.

What this shift jeopardises is strictly nations’ ability to spy on populations at mass scale, at least in a manner that requires little more than paperwork. By limiting the amount of personal records and intensely private communications held by companies, governments are returning to classic methods of investigation that are both effective and rights-respecting, in lieu of total surveillance. In this outcome we remain not only safe, but free.

Edward Snowden is former CIA officer and whistleblower, and author of Permanent Record. He is president of the board of directors of the Freedom of the Press Foundation

Be seeing you

granny

Did Granny hear a CLICK?

Posted in Uncategorized | Tagged: , , , , , | 3 Comments »