The Crypto Wars a Blast From the Past is Back

The FBI has reignited an old flame over the past year. On Wednesday, July 8th, FBI Director James Comey will appear before two congressional hearings about cryptography.

James Comey will testify in front of the Senate Judiciary Committee and the Senate Intelligence Committee. His main objective will be to garner support to enact new legislation to weaken encryption. This comes at the same time that that David Cameron in the UK is pushing for similar measures.

Crypto Wars: Round 1

After a serious debate, known as the Crypto Wars, that raged in the US for 6 years in the 1990’s, cryptography was presumed safe. The debate centered around outdated export laws that prevented encryption from being sold or otherwise exported overseas. This was because up until that point encryption was seen as a mostly military endeavor.

In the late 90’s, a bill that sought to end the Crypto Wars was introduced. After having been through several proposed drafts, the SAFE Act (Security And Freedom through Encryption Act) gained widespread support. Its goal was “to affirm the rights of United States persons to use and sell encryption and to relax export controls on encryption.”

Members of the Armed Services Committee in the House of Representatives supported this bill by saying:

If we thought controlling encryption exports worked towards [protecting national security], we would be its strongest proponents. Unfortunately, export controls on encryption software simply disadvantages the United States software industry.

Shortly thereafter, the Clinton Administration- the same one that fought to keep the encryption export regulations- reversed its stance on the subject. It did nearly everything the SAFE Act promised to do by relaxing export regulations on retail encryption. And with that, the bill faded away into darkness.

And so ended the Crypto Wars.

Crypto Wars: Reloaded

Now, 15 years later, we find ourselves in the midst of the same debate, complete with the same talking points used in the 90’s crypto war. What Comey will ask for, just as David Cameron is proposing to UK’s Parliament this fall, is for companies to create backdoors that will allow the government to gain access to encrypted information whenever they want.

The need for this new measure, according to Director Comey, falls under the veil of ISIS. James Comey will use examples like the announcements made by Google and Apple to offer default encryption on their smartphones to say that terrorists can now communicate freely. This, much like the NSA’s fictitious reasoning behind its programs, is that terrorists regularly use these to thwart investigations.

However, this is not the case. According to the Federal Courts Report on Wiretapping in 2014, not only did the number of encrypted communications decrease from 2013, encryption only prevented the federal government from getting information in two cases all last year.

This non-sequitur is almost as outrageous as Chicago’s Chief of Police saying, “Apple will become the phone of choice for the pedophile. The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”

To further the point that FBI Director James Comey is grasping at straws, we can look at the recent incident in Garland Texas, where two Muslim shooters were killed before even getting inside the building that was holding a Muhammad cartoon contest.

James Comey said the FBI had been tracking one of the men (Elton Simpson) for months and, “This is the ‘going dark’ problem in living color. There are Elton Simpsons out there that I have not found and I cannot see.”

Except it was local law enforcement, not FBI surveillance, that stopped the gunmen. The FBI sent an email to Garland Police only hours before the incident saying that one of the shooters was “interested in the event”: but as The Intercept reports,

The local police never got the FBI’s email, and if they had, Garland’s Police Chief Bates told NPR, the response would not have been any different: “Please note that the contents of that email would not have prevented the shooting nor would it have changed the law enforcement response in any fashion.”

But Look at These Shiny Things

Nevertheless, James Comey plans to make a point of this. As the EFF points out, he will make use of some previously well established-and well argued against- talking points.

  1. “Backdoors or weakened ecnryption won’t create security risks.”  You only have to look at the past few months in hacking news to know that this isn’t the case. In June, the OPM had extremely sensitive information on 4 million federal employees stolen. Just this past Sunday, July 5th, a company that creates hacking tools, Hacking Team, was infiltrated and had their digital property, among other things, leaked online. The IRS had 100,000 or more taxpayers’ information stolen. There is even evidence that the St. Louis Cardinals ‘hacked’ into the Houston Astros’  database! If we- if the government- can’t keep our information secure now, how in the world will we be able to do it with weakened encryption or encryption with backdoors?
  2. “Companies can create backdoors that only allow the ‘good guys’ in.” This is a myth that David Cameron seems to believe in as well. This is simply not true. Any weakness in security can be exploited by the government as easily as it can be exploited by a malicious hacker.
  3. “Backdoors will stop the ‘bad guys’.”  This again, is another myth. Even if encryption is weakened in the US, companies from countries all over the world will still be able to offer full-fledged encryption. This, “comprise[es] a wide source of material almost impossible to censor” according to the EFF. It’s simply unrealistic to expect this.

Listen to what Director Comey has to say, then read this article about newly leaked information about NSA’s X-KEYSCORE.

Yea Right, Probably Not

The likelihood of this passing seems grim, although nothing is outside the realm of possibility. It’s still best to gear up for another round of crypto war. There are, however, bipartisan efforts fighting against this kind of legislation. Last month, the House of Representatives voted on an appropriations amendment bill to defund any government attempts to require encryption backdoors.

Encryption in the UK has a more uncertain future. Several years ago, David Cameron introduced the Draft Communications Bill, which is affectionately known unofficially as the Snoopers’ Charter. It failed then, but now there is a different atmosphere in the Parliament. A conservative majority plans to bring a new draft of the Snoopers’ Charter to vote this fall.

What do you think about creating backdoors in encryption? Do you think that encryption will reach a point- or has already reached a point- where it significantly impedes the government’s ability to effectively fight terrorism? If creating a backdoor or weakening encryption is not feasible or acceptable, is there an alternative that would make both sides happy?

feature image courtesy of Ryan Somma via flickr

No need to encrypt this message!