EFF: Pushing Back Against Backdoors: 2018 Year in Review

Pushing Back Against Backdoors: 2018 Year in Review

This wasn’t a great year for those of us whose job it is to defend the use of encryption.

In the United States, we heard law enforcement officials go on about the same “going dark” problem they’ve been citing since the late 90s, but even after all these years, they still can’t get basic facts straight. The National Academy of Sciences was entirely (and unsurprisingly) unhelpful. And in the courts, there was at least some action surrounding encryption, but we don’t know exactly what.

The real movement happened on the other side of the Pacific, so we’ll start there. 

The Land Down Under—Or the Upside Down?

Long-time readers of this blog will know Australia’s fraught history with attempts to regulate encryption…and math. In mid-2017, then-Prime Minister Malcom Turnbull said: “The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia.” He made this laughable claim in the context of a proposed ban on end-to-end encryption in his country. Turnbull was forced from office before his luddite’s dream could become reality, but unfortunately, his dream didn’t fade as quickly as his political fortunes.

Late 2018 saw the Australian Parliament pass the Assistance and Access Act into law, with—as EFF’s Danny O’Brien put it—indecent speed and the barest nod to debate. Based in part on the UK’s Investigatory Powers Act that became law in 2016, the Assistance and Access Act isn’t an outright ban on encryption. Rather, it gives the government the power to issue secret orders to tech companies and individual technologists to re-engineer software and hardware under their control, so that it can be used to spy on their users. Incredibly, and unlike the UK’s Investigatory Powers Act, this includes the power to compel individual network administrators, sysadmins, and open source developers to comply with secret demands, including potentially to force them to keep their cooperation secret from their managers, lawyers, and executive leadership.

Combined with another power claimed by the Australian government—an expanded ability to censor and filter the Internet—we can see a potential dystopic future in the Land Down Under: one where only backdoored communication tools are permitted in Australia, and all other services and protocols will face government-mandated blocking and filtering.

The only silver lining to the encryption situation in Australia is that the government hasn’t attempted to exercise its new powers…yet.

The DOJ Shoots at Messenger, and Misses

In the United States, in EFF’s own backyard in California, the Department of Justice did something to challenge the use of end-to-end encryption. We’re not exactly sure what, but the one thing we do know about the fight is that we won.

According to press reports, the DOJ tried to get a court to order Facebook to do something to enable the wiretapping of encrypted Facebook Messenger voice calls. Because the entire episode occurred under seal, we don’t know the specifics. We know that it involved an investigation into suspected MS-13 gang activity in California’s Central Valley, and the interplay between the Wiretap Act and encrypted VOIP calling. To our knowledge, this hasn’t been done before, and it raises novel questions about modern communication providers’ duties to assist with wiretaps involving encryption.

Despite the mystery surrounding the entire episode, one thing is clear: either Facebook won the court battle, or the DOJ gave up, and the court didn’t end up ordering Facebook to redesign its systems.

But we’re not going to let the DOJ’s (failed) fight remain secret if we can help it. In November, EFF—along with co-counsel at the ACLU and Stanford—moved the court to unseal and release all court orders and related materials in the sealed Messenger case. A hearing has been set for January 2019 and we’ll keep you updated on the results.

The National Academy of Sciences Didn’t Help

In February 2018, after a two-year effort, the National Academy of Sciences (NAS) released a report attempting to move the encryption debate forward by proposing a “framework for decisionmakers.” We were not impressed.

The NAS report collapsed the question of whether the government should mandate encryption backdoors with how the government could accomplish that mandate. The report barely mentioned the benefits of encryption, the civil liberties implications of a ban, or the international implications of U.S. government action in the space.

We wish that the NAS had taken it upon itself not only to inform how to implement a particular backdoor policy but whether to undertake that policy in the first place. 

The FBI Can’t Do Basic Arithmetic

In 2018, we learned that the FBI had been fundamentally misleading not only the public but also Congress in its incessant “going dark” rhetoric. For much of 2018, the Bureau had claimed that encryption prevented it from legally searching the contents of nearly 7,800 devices in 2017. But in May the Washington Post reported that the actual number is far lower.

That’s why EFF submitted a FOIA request for records related to the FBI Director’s talking points about the “7,800” unhackable phones and the FBI’s use of outside vendors to bypass encryption.

Looking Forward(?) to 2019

We’d quite obviously be lying if we told you we knew what was going to happen in the encryption debate in 2019: we’re now two years into the Trump Administration and it has yet to propose any legislation potentially affecting encryption. We’re more than two years since the UK passed its Investigatory Powers Act, and only a matter of weeks since Australia passed its equivalent Assistance and Access Act—but to our knowledge, neither country has attempted to use their new powers. 

Whatever 2019 brings, and wherever those challenges arise, you can be sure we’ll be on the front lines defending your right to use strong encryption without backdoors.

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2018.


DONATE TO EFF

Like what you're reading? Support digital freedom defense today!


Comments

Popular posts from this blog

EFF: No Digital Surveillance of Iranians at the U.S. Border—or Within the U.S.

EFF: Corporate Speech Police Are Not the Answer to Online Hate

Living on the (IT) Edge: Schneider Electric at HPE Discover 2018