Report: Warnings about Encryption ‘Back Doors’ Vindicated

Report: Warnings about Encryption ‘Back Doors’ Vindicated

The House Homeland Security Committee released a report Wednesday acknowledging what the technology industry has been telling the federal government for more than a year: It’s impossible to give law enforcement a “back door” to encryption technologies without giving bad actors the same access to people’s phones and other devices. The “Going Dark, Going Forward: A Primer on the Encryption Debate” report is the product of more than 100 meetings and briefings that the committee held over the past year with privacy and civil liberties experts, the technology, computer science, and cryptology industries, as well as law enforcement and the intelligence community.

“As a result of our robust investigation, the Committee staff has come to understand that there is no silver bullet regarding encryption and ‘going dark,’” said the report’s authors.

The report covers “end-to-end” encryption technologies: Encryption transmits messages by scrambling them into a series of digits, which are then unscrambled by the use of a key. End-to-end encryption means no one but the people communicating have access to this key, not even the company that owns the communication tool. In other words, only those people can read the messages, which the FBI fears will result in “going dark”—that is, law enforcement will be unable to collect crucial information about potential terrorists.

The report reframes the problems surrounding encryption. Rather than “privacy versus security”—that is, encryption pits law enforcement’s need to access electronic data against individuals’ right to have their personal matters free from being surveyed by the state—the real issue is “security versus security,” according to the report. Creating a means to law enforcement to get access to the data stored in Google or Apple phones “would naturally be exploited by the bad guys—and not just benefit the good guys,” the authors said.

The report contradicts what Obama administration and law enforcement officials have been telling the public for years. Spurred on by a number of recent high-profile terrorist attacks here and abroad, FBI Director James Comey wants technology companies to insert special “back doors”—or security flaws—into encryption software that would allow only law enforcement officials to bypass the encryption and access the data. In March, President Obama chided the industry for its defiant response to Comey’s demands, adding that critics of the government’s views were “fetishizing our phones above every other value.”

The debate leaves technology experts frustrated. They believe that federal government officials do not understand the problems involved in letting law enforcement bypass encryption. Susan Landau, a cyber security expert, has called the idea of a back door “magical thinking,” while Guardian technology reporter Cory Doctorow wrote that “any politician caught spouting off about back doors is unfit for office anywhere but Hogwarts.” Creating a back door for the “good guys” would create that same door for “bad guys”—hackers, identity thieves, foreign governments, and others, just as the House report now acknowledges.

Encryption may not be as great of a security threat as law enforcement officials believe. Although the November 2015 Paris terror attacks were initially reported to have been planned using encrypted apps, it turned out the attackers used burners—prepaid and quickly disposable cell phones that are difficult to track. After turning the San Bernardino shooting and the FBI’s inability to access one of the shooter’s iPhones into a case for weakening encryption, the FBI found another way into the phone and found nothing of value.

Federal officials’ claims are also undercut by a report released on Thursday by the Administrative Office of U.S. Courts that found that the number of government wiretaps that ran up against encryption fell from 22 in 2014 to seven in 2015, even though the number of wiretaps increased.