Posted August 12, 2019, 3:30 PM
Attorney General William Barr is urging tech companies to weaken end-to-end encryption services by creating digital backdoors that will grant law enforcement agencies access to all electronic communication. If Barr gets his way, your emails, text messages, computer files, phone calls — literally everything you do and say online — will be subject to government snooping. Even worse, these digital backdoors will end up making everyone less safe by creating exploits for bad actors and state-sponsored hackers.
Digital backdoors are dangerous. They were dangerous when the NSA tried — and failed — to implement a clipper chip in every computer in 1993. They were dangerous when the FBI tried — and failed — to force Apple to break encryption on iPhones in 2015. And they’re still dangerous today.
Encryption is a basic form of security, like a lock on the front door to your house. Except instead of a key and a deadbolt, encryption relies on complicated math equations to effectively “lock” data away from prying eyes while it is being transferred over the Internet. Once it has been delivered to its proper destination, the recipient can use a key from the provider to “unlock” the data for use.
As our world increasingly relies on digital infrastructure, encryption becomes necessary to protect everything from personal communications and office printers to air traffic control systems and nuclear power plants. Creating digital backdoors into these systems might seem like a good way to ensure that law enforcement officials can gather evidence or prevent crimes from happening … until you realize that law enforcement officials won’t be the only ones using these backdoors.
Troublingly, Attorney General Barr either doesn’t understand the threat that backdoors create, or he doesn’t care. In a recent speech, Barr proclaimed: “We know of no instance where encryption has been defeated by compromise of those provider-maintained keys.” Yet that’s exactly how hackers compromised an Iranian nuclear facility, as well as banks, power grids, and corporations around the world.
Bad actors already use our digital weapons against us. State-sponsored hackers routinely exploit printers, phones, and routers. Voting systems in 39 states were hacked ahead of the 2016 elections. Weaknesses in encryption services can persist for decades, creating security issues in devices and applications that haven’t even been invented yet.
We don’t need to make our society more vulnerable to hacking; we need stronger encryption to be widely adopted in order to protect everyone from sophisticated, 21st century attacks. That’s why Michael Hayden — a retired four-star general who served as Director of the NSA and Director of the CIA — publicly pushed back against Barr’s dangerous plan to undermine the safety of end-to-end encryption.
Barr talks big about safety, but his recommendations put us all at risk for years to come.
In many states across the United States, police officers can search databases of your sensitive personal information, often without even reasonable suspicion that you’ve committed a crime. Predictably, this unfettered access has led to thousands of documented cases of law enforcement officers stalking their romantic interests, snooping on neighbors, and harassing journalists. And don’t forget about all the times that telecoms, social networks, and Silicon Valley giants have exploited your sensitive personal data for their gain … even after being warned by Congress not to do so.
If the Attorney General is concerned that his proposed backdoors might be similarly exploited, he hasn’t mentioned it. In fact, Barr has made no comment regarding the legal conditions under which backdoors should be used, nor has he made recommendations on who should have access to these powerful surveillance tools, or what penalties should be enforced against those who would abuse their authority. Instead, he’s content to move fast and break things. But a broken democracy is hard to fix.
We’ve established that backdoors will make all of us more vulnerable to attacks from hackers, rogue states, government misconduct, and corporate recklessness. But at least they’ll help us catch some bad guys, right?
If criminals, drug cartels, and terrorist networks know that they can’t use commercially-available encryption services without being spied on, then they simply won’t use commercially-available encryption services. After all, it developing encryption algorithms requires only knowledge of math and coding. Breaking encryption for the public will simply force lawbreakers underground while putting the rest of us at risk to countless new threats.
Simply put, there is no way that destroying encryption won’t end in disaster. Encryption saves lives, protects our democracy, and defends against abuse from corporate and government abuse. We should all be terrified about the prospect of our Attorney General forcing tech companies to insert digital backdoors into consumer products.
Congress has considered laws to prevent this sort of authoritarian overreach in the past, and we need them to stop this reckless power grab once and for all. We urge you to visit our website SaveSecurity.org and contact your lawmakers to demand that they save digital security from the Attorney General.