US Attorney General William Barr today launched a new front in the feds’ ongoing fight against consumer encryption, railing against the common security practice and lamenting the “victims” in its wake.
“The deployment of warrant-proof encryption is already imposing huge costs on society,” Barr claimed in remarks at a cybersecurity conference held at Fordham University Tuesday morning. Barr added that encryption “seriously degrades” law enforcement’s ability to “detect and prevent a crime before it occurs,” as well as making eventual investigation and prosecution of crime more difficult.
The existence of encryption means “converting the Internet and communications into a law-free zone” that criminals will happily take advantage of to do more crimes, Barr added, likening it to a neighborhood that local cops have abandoned.
The cost of encryption, he said, is measured in “victims” who might have been saved from crime if law enforcement had been able to lawfully intercept communications earlier.
He also accused tech firms of “dogmatic” posturing, saying lawful backdoor access “can be and must be” done, adding, “We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement, without materially weakening the security provided by encryption.”
A long-running battle
In his diatribe, Barr is only picking up where predecessors left off. In 2017, then-deputy AG Rod Rosenstein said in an interview that the tech community’s “absolutist position” on strong encryption impeded law enforcement and was “unreasonable.”
Federal law enforcement has been in a very public encryption face-off with consumer electronics companies, particularly Apple, since 2016.
In December, 2015, a gunman killed and seriously injured dozens of victims in an attack in San Bernardino, California. The FBI ended up in possession of the shooter’s iPhone during the investigation but was unable to unlock the device, as the attacker had been killed and therefore could not be compelled to share his PIN.
The FBI demanded Apple cooperate in unlocking the phone by building a backdoor, and the company effectively told the feds to go pound sand. (The FBI eventually accessed the phone without Apple’s help.)
The relationship between the FBI and companies such as Apple that promote encryption has remained frosty ever since. Last year, an FBI official called Apple “jerks” about encryption, accusing the company of an “evil genius” approach to thwarting law enforcement.
Rosenstein proposed a so-called “responsible encryption” scheme back in 2017, a call Barr echoed.
“I am suggesting that it is well past time for some in the tech community to abandon the posture that a technical solution is not worth exploring and instead turn their considerable talent to developing products that will reconcile good cyber security to the imperative of public safety and national security,” Barr said.
FBI Director Christopher Wray said last year that developing a process for allowing government officials lawful entry into encrypted communications would “entail varying degrees of innovation by the industry,” but he said he didn’t “buy the claim that it’s impossible.”
But no matter how many times government officials try to will such an option into existence, what they claim to want isn’t actually possible. Security experts and product makers have said time and time again that introducing a backdoor—an access portal for a specific entity to gain access through—into an encryption scheme weakens the whole thing.
Apple CEO Tim Cook has repeatedly said consumer privacy is of paramount importance to his company and that it’s in “everyone’s best interest” for everyone to be “blocked out,” with no secret backdoors.
Senator Ron Wyden (D-Ore.) in a 2018 letter to Wray (PDF) said the quest for a way in to encrypted communications amounts to “a flawed policy that would harm America’s security, liberty, and our economy.”
“Building secure software is extremely difficult,” Wyden added, “and vulnerabilities are often introduced inadvertently in the design process. Eliminating these vulnerabilities is a mammoth task, and experts are unified in their opinion that introducing deliberate vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely.”