EFF: DOJ and FBI Show No Signs of Correcting Past Untruths in Their New Attacks on Encryption

DOJ and FBI Show No Signs of Correcting Past Untruths in Their New Attacks on Encryption

Last week, Attorney General William Barr and FBI Director Christopher Wray chose to spend some of their time giving speeches demonizing encryption and calling for the creation of backdoors to allow the government access to encrypted data. You should not spend any of your time listening to them. 

Don’t be mistaken; the threat to encryption remains high. Australia and the United Kingdom already have laws in place that can enable those governments to undermine encryption, while other countries may follow. And it’s definitely dangerous when senior U.S. law enforcement officials talk about encryption the way Barr and Wray did.

The reason to ignore these speeches is that DOJ and FBI have not proven themselves credible on this issue. Instead, they have a long track record of exaggeration and even false statements in support of their position. That should be a bar to convincing anyone—especially Congress—that government backdoors are a good idea. 

Barr expressed confidence in the tech sector’s “ingenuity” to design a backdoor for law enforcement that will stand up to any unauthorized access, paying no mind to the broad technical and academic consensus in the field that this risk is unavoidable. As the prominent cryptographer and Johns Hopkins University computer science professor Matt Green pointed out on Twitter, the Attorney General made sweeping, impossible-to-support claims that digital security would be largely unaffected by introducing new backdoors. Although Barr paid the barest lip service to the benefits of encryption—two sentences in a 4,000 word speech—he ignored numerous ways encryption protects us all, including preserving not just digital but physical security for the most vulnerable users.

For all of Barr and Wray’s insistence that encryption poses a challenge to law enforcement, you might expect that that would be the one area where they’d have hard facts and statistics to back up their claims, but you’d be wrong. Both officials asserted it’s a massive problem, but they largely relied on impossible-to-fact-check stories and counterfactuals. If the problem is truly as big as they say, why can’t they provide more evidence? One answer is that prior attempts at proof just haven’t held up.

Some prime examples of the government’s false claims about encryption arose out of the 2016 legal confrontation between Apple and the FBI following the San Bernardino attack. Then-FBI Director James Comey and others portrayed the encryption on Apple devices as an unbreakable lock that stood in the way of public safety and national security. In court and in Congress, these officials said they had no means of accessing an encrypted iPhone short of compelling Apple to reengineer its operating system to bypass key security features. But a later special inquiry by the DOJ Office of the Inspector General revealed that technical divisions within the FBI were already working with an outside vendor to unlock the phone even as the government pursued its legal battle with Apple. In other words, Comey’s statements to Congress and the press about the case—as well as sworn court declarations by other FBI officials—were untrue at the time they were made.

Wray, Comey’s successor as FBI Director, has also engaged in considerable overstatement about law enforcement’s troubles with encryption. In congressional testimony and public speeches, Wray repeatedly pointed to almost 8,000 encrypted phones that he said were inaccessible to the FBI in 2017 alone. Last year, the Washington Post reported that this number was inflated due to a “programming error.” EFF filed a Freedom of Information Act request, seeking to understand the true nature of the hindrance encryption posed in these cases, but the government refused to produce any records.

But in their speeches last week, neither Barr nor Wray acknowledged the government’s failure of candor during the Apple case or its aftermath. They didn’t mention the case at all. Instead, they ask us to turn the page and trust anew. You should refuse. Let’s hope Congress does too.

 


Comments

Popular posts from this blog

EFF: No Digital Surveillance of Iranians at the U.S. Border—or Within the U.S.

EFF: Corporate Speech Police Are Not the Answer to Online Hate

Living on the (IT) Edge: Schneider Electric at HPE Discover 2018