Members of the United States Senate Judiciary Committee have, yet again, demanded the impossible - companies utilize strong encryption that allows the government to snoop on the traffic flowing through it. Specifically, Lindsey Graham used the specter of child pornography as the reason on why law enforcement need to be able to spy on everyone’s online activity instead of doing their job in a way that doesn’t trample civil rights and the expectation of personal privacy.
At a U.S. Senate Judiciary Committee hearing, Democrats and Republicans presented a rare united front as they invoked child abuse and mass shooting cases in which encryption has blocked access to key evidence and stymied investigations.
“You’re going to find a way to do this or we’re going to go do it for you,” said Senator Lindsey Graham. “We’re not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion.”
First, I’ll bet you serious money that organized networks of child abusers are not organizing on Facebook or Apple (the two named corporations that showed up before Congress). They’re predominently operating on darknet, like I2P or Tor networks. Both of which are incredibly important projects for protecting anonymous use of the Internet. I annually donate to the Tor Project. As an interesting aside, I’m also willing to bet that the elected officials who believe that breaking corporate use of strong encryption is going to make any meaningful difference at combatting the horrific people who abuse children, I’m also willing to bet that they don’t know that their constituents tax dollars funded the creation of the Tor network through DARPA and the United States Office of Naval Research.
Secondly, backdooring encryption, to my understanding, is typically attempted through creating a predictable path of probability through the encryption. This is similar to doors in buildings where every door has a different key, but there is a master key that works on all the doors. If the door to a single person’s office is lost, only that door’s security is compromised. But if whoever holds the master key loses it - all doors are vulnerable. Even if the good guys are actually behaving like good guys 100% of the time with that master encryption key, which no American trusts their government well enough to truly believe that,
if law enforcement when law enforcement loses control that key, all channels of communication that use that encryption are up for grabs to whoever has that key.
Third, the erosion of personal privacy rights through the fantasy idea of creating an encryption that both does its job and allows only “the good guys” in in this country is unnecessary for law enforcement to do its job. Case in point, take this WIRED article from Lily Hay Newman: How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown. A key take away:
Similarly, the investigation does not seem to have hinged on access to Son or other users’ digital communications other than emails. At the beginning of the month, the Department of Justice urged Facebook in a letter from US attorney general William Barr not to add end-to-end encryption to its Messenger service. In a “Lawful Access Summit” event, the department specifically cited child exploitation investigations as an area where access to digital communication platforms like Messenger is absolutely vital. While there’s no doubt truth in that, Wednesday’s massive crackdown indicates that it may not always be the case in practice.
“This appears to be an example of a high-level investigation with major impact that was not hindered by encrypted communications,” says Andrew Crocker, a staff attorney at the nonprofit Electronic Frontier Foundation, a digital rights group. “In these sorts of investigations, law enforcement’s challenge is usually identifying operators and users of a site, which is a different problem than accessing the contents of communications. In this case and others, the government has relied on various techniques to successfully identify site operators and seize the server, giving them a window into user activity. And no form of end-to-end encryption will prevent police from reading communications if they have access to one of the ‘ends.’”
Fourth, I have no faith that if Congress drafts up a stupid bill like Australia’s, that it will include due process considerations that when a warrant is sought that it can only be used for investigations into child pornography or child abuse networks. It’ll be written broad and immediately used for everything, like the United States’ immortal PATRIOT Act.
“Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia,” [Australian Prime Minister Malcom Turnbull] said.