DOJ Back To Pushing For Legislation Targeting Encryption (original) (raw)

from the CLIPPER-CHIP-2K18 dept

The New York Times is reporting that the War on Encryption continues, with a renewed push for legislation the Justice Department couldn’t talk Obama into.

Federal law enforcement officials are renewing a push for a legal mandate that tech companies build tools into smartphones and other devices that would allow access to encrypted data in criminal investigations.

F.B.I. and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such “extraordinary access” to encrypted devices, according to people familiar with the talks.

[…]

Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms.

FBI Director Chris Wray still has yet to hand over his list of agreeable security experts to Sen. Ron Wyden. Wray continues to assert there’s a way to solve the “going dark” problem that won’t involve make device encryption less secure, but every suggestion he offers involves making device encryption less secure. There are a few techies looking for solutions, and that small group may be who Wray believes can talk legislators into prepping a mandated access bill.

A National Academy of Sciences committee completed an 18-month study of the encryption debate, publishing a report last month. While it largely described challenges to solving the problem, one section cited presentations by several technologists who are developing potential approaches.

They included Ray Ozzie, a former chief software architect at Microsoft; Stefan Savage, a computer science professor at the University of California, San Diego; and Ernie Brickell, a former chief security officer at Intel.

The solutions presented by this group are more of the same: key escrow, weakened encryption, or technological assistance mandates. None of these work out particularly well for customers, as each options provides additional attack vectors for criminals, not just law enforcement. So, even if Wray hopes to rely on more sympathetic tech experts, he’s still going to run into the same facts: you cannot provide access to law enforcement without increasing the chance of access by criminals and state-sponsored hackers.

It appears the DOJ isn’t interested in letting the perfect be the enemy of the good. And why should it? It won’t be affected by mandated access and/or weakened encryption. Those affected most will be members of the general public, and they simply don’t matter when the FBI’s agitating for destroying the encryption the public relies on to keep their devices and communications secure.

[O]ne Justice Department official familiar with the deliberations contended that it might not be necessary to come up with a foolproof system, arguing that a solution that would work for ordinary, less-savvy criminals was still worth pursuing.

Take a long look at that statement. This is the DOJ saying it’s willing to sacrifice the security of millions of Americans to make sure it can round up the nation’s least intelligent criminals. This isn’t a balance anyone outside of the FBI’s inner circle will be happy with. Wray and others routinely claim encryption is preventing them from solving serious crimes and hunting down dangerous criminals, but when all is said and done, it will apparently be satisfied locking up the most inept suspects.

Filed Under: backdoors, doj, encryption, fbi, going dark, legislation, responsible encryption