Head Of Federal Prosecutors’ Association Latest To Ask For Broken Encryption
After hearing consecutive FBI directors (James Comey, Chris Wray) drone on and on about how device and communication encryption are nudging us ever closer to the criminal apocalypse, it's kind of refreshing to hear from someone else equally as misguided.
An op-ed written by Steven Wasserman recently appeared at The Hill. Wasserman opens his piece by suggesting a recent Senate Committee hearing about the prevalence of CSAM (child sexual abuse material) contained a disturbing lack of anti-encryption agitprop.
That's why Wasserman is here, apparently. The head of the National Association of Assistant US Attorneys starts with a slight hat tip towards encryption's security advantages before hinting that no one should be allowed to implement it.
Social media companies are increasingly adopting end-to-end encryption to provide better privacy protection to users. Indeed, law enforcement has praised end-to-end encryption to prevent identity fraud and theft. But too often the technology translates to a complete lock-out of law enforcement.
A company can effectively block law enforcement from obtaining evidence, even by court-ordered wiretap or search warrant. This obscures law enforcement's ability to prevent and prosecute crimes - particularly those crimes that are frequently committed on social media and messaging apps, such as child sexual exploitation, terrorism-related offenses and drug trafficking.
Wasserman then quotes the single tech company exec to speak out against encryption during the Senate CSAM hearing: Discord CEO Jason Citron, who stated his platform would not be deploying end-to-end encryption because so many of its users are minors.
We don't believe we can fulfill our safety obligations if the text messages of teens are fully encrypted because encryption would block our ability to investigate a serious situation, and when appropriate report to law enforcement."
Like lots of things, encryption is a personal choice. Some messaging services offer it. Some don't. Users are free to utilize the services they want to. Plenty of other information is collected and retained by tech companies, even those deploying end-to-end encryption, so law enforcement still has plenty of options when it comes to hunting down criminals.
Of course, the head of the prosecutors' association claims there's really only one option: approaching tech companies directly to force them to hand over communications and data. All other options are ignored.
Previously, Meta had been one of the largest reporters of CSAM material online. But likeGoogle and Apple, who previously routinely provided law enforcement access to data on mobile phones when under a court-ordered search warrant, the move toward encryption has locked out law enforcement.
Meta's response? According to itssafety strategy, [L]aw enforcement may still be able to obtain this content directly from users or their devices." Essentially, Meta expects law enforcement to request data on criminal activity from the criminals themselves.
Um. So? I mean, that's how law enforcement has traditionally worked. While it may be able to obtain some records from third parties, the most incriminating evidence is often found in suspects' homes, cars, or other personal effects. Just because it's easier to gather communications in bulk from a service provider doesn't mean all other options are too burdensome to consider.
This argument makes about as much sense as claiming county offices should allow cops to search private residences because the office holding the property records was served with a warrant. That cops are forced to seek warrants targeting properties directly is just more evidence the county office would rather protect criminals than ask cops to do their jobs.
Device encryption can be broken. End-to-end encrypted communications can be shared with law enforcement by anyone included in the conversation. Backups of images and other messaging detritus are often backed up to cloud servers whose contents aren't encrypted. Informants and undercover investigators are often able to infiltrate conversations otherwise invisible to the outside world.
Wasserman's summary paragraph is every bit as disconnected from this reality as the rest of his op-ed.
Congress must stand up to big tech's efforts to lock out law enforcement. Companies cannot take profits without taking accountability, and these tech companies must be held responsible for the technology they create and the expanded opportunities for crime activity that has blossomed as a result.
LOL. The accountability of cops and prosecutors is often inversely proportional to the amount of power they have. The same goes for Congress. To pretend it's only the private sector that's capable of outpacing accountability is ridiculous.
Fortunately, Ryan Polk - the senior policy adviser at the Internet Society - was allowed to publish a response to Wasserman's handwringing.
In anop-edon Feb. 22, Steven Wasserman, the national president of the National Association of Assistant US Attorneys (NAAUSA),called on Congress to force tech companies to give foreign adversaries and criminals access to the encrypted data of American citizens.
While of course Wasserman did not phrase it that way, the result would be exactly that. There is no way to provide law enforcement access to encrypted data" without creating security vulnerabilities that will leave everyone less safe.
Which is exactly the way these arguments should be phrased by those seeking to undermine encryption. Even the UK government - which has long-desired broken encryption - was told by its own advisory board that creating encryption backdoors was far more likely to harm children than protect them.
But those arguing against encryption are never intellectually (or factually!) honest. Instead, they talk about CSAM and terrorism while ignoring the persistent threat weakened encryption would create - something that would affect the millions of Americans who have never once broken a law (at least not deliberately...).
And then there's this bit of irony: the only people likely to be affected by encryption bans or encryption weakening are the people law enforcement isn't actively trying to track down.
Undermining end-to-end encryption in the United States will not make it suddenly go away. Criminals will simply move to options from jurisdictions outside the United States, or even develop their own end-to-end encrypted systems. Non-criminals are unlikely to do so, creating a situation where criminals continue to enjoy the benefits of end-to-end encryption while their victims cannot.
This is actually how the terrorists will win. Not because Meta is slapping E2EE on its messaging platform, but because everyone in areas where encryption is undermined won't have the same communication protections the terrorists do.
Polk closes out his response by calling on Congress to ignore alarmists like Wasserman and continue to protect encryption. Fortunately, despite there being plenty of law-and-order types roaming Capitol Hill at the moment, very few are actually willing to seriously consider legislation that would create backdoors or otherwise undermine encryption. But all it takes is one tragedy worth exploiting to pave over this impasse. And when that happens, hopefully we'll still have enough people in office capable of seeing through the weak arguments made by opponents of protective measures that protect everyone, rather than just those in power.