FBI Director Christopher Wray once again hammered home his opposition on end-to-end encryption on Tuesday, suggesting that there are "solutions" for letting law enforcement bypass security measures without exposing consumers.
"It can't be a sustainable end state for there to be an entirely unfettered space that's utterly beyond law enforcement for criminals to hide," Wray said at the RSA Conference in San Francisco, quoted by Gizmodo. "We have to figure out a way to deal with this problem."
Wray mentioned that long-running talks between the U.S. government and tech companies are still ongoing, but was quiet on details.
"I'm hearing increasingly that there are solutions," he said.
He may be building on the views of people like U.S. Deputy Attorney General Rod Rosenstein, who in 2017 promoted the idea of "responsible encryption," using examples like centralized security keys — such as the ones Apple uses to comply with warrants for iCloud data — and sanctioned key recovery methods when someone forgets the password to an encrypted computer.
Those systems are potentially vulnerable to hacking or phishing, however. End-to-end encryption is the most secure form of online communication available, as its design allows only senders and recipients to decipher transmitted contents. Even platform holders like Apple and Facebook are unable to read messages unless they're archived somewhere less secure. As a result, government officials like Wray, Rosenstein and executive assistant FBI director Amy Hess have regularly complained about communications "going dark" to law enforcement and spy agencies.
Apple typically complies with police warrants and National Security Agency requests, but in 2016 famously fought the FBI and Justice Department over demands for a backdoor into the iPhone of San Bernardino shooter Syed Rizwan Farook. The company argued that it couldn't be compelled to write new code, and that doing so would fundamentally weaken the security of iOS. The DOJ's case ultimately fizzled when it turned to a third-party service that successfully cracked Farook's iPhone 5c.
Partly because of the Farook incident, critics have been skeptical of the "going dark" threat, suggesting that there are often alternatives to intercepting services like iMessage and WhatsApp. Apple and like-minded parties have contended that encryption is essential not just for general privacy, but keeping people safe from hackers and mass surveillance, particularly in countries where leaders may imprison or murder dissenters.
In February, Apple and a collection of trade groups, NGOs, and other tech companies submitted comments opposing an Australian law passed in December which demands businesses help the government access encrypted messages. The view is that the law is too vague, and could be used to demand weakened encryption not just in Australia but eventually in any country within the "Five Eyes" network — Australia, Canada, New Zealand, the UK and the U.S. Those countries regularly collaborate on intelligence matters, and the network recently claimed that "privacy is not an absolute," with the further assertion that it would aim to access encrypted data through legislation.
The U.K.'s GCHQ intelligence agency even recently proposed adding government agents as silent participants in group chats, something opponents have said could be even worse than weakened encryption, since it could be very quickly turned to mass surveillance or exploitation by hackers.
43 Comments
This proves that end-to-end encryption is still a right way to protect our data.
Getting so sick of the political elite trying to wrestle away rights from people to gain power and using fear mongoring, outlier cases to scare us into believing that we should go along.
Freedom is inherently dangerous, and only the ignorant sheeple of this country actually believe that we can legislate evil away.
“I prefer dangerous freedom over peaceful slavery.” - Thomas Jefferson
Idiots all.
There are lots of ways for criminals to have secure communication between themselves that the police will NEVER be able to intercept. This is just another bullshit ploy to get access to our data.
Ug. Loud and clear: "My data, not yours."