Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)
Attorney general says encryption in apps is hurting investigations by allowing criminals to hide communications, but offers no clear path forward. Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)
Attorney General William Barr sought to reopen a debate on Tuesday over whether technology companies such as Apple Inc. and Facebook Inc. should be required to provide law-enforcement agencies with a way to break the encryption on devices and apps used by terrorists, drug cartels and other criminal suspects.
Mr. Barr, in a speech dedicated almost exclusively to discussing the issue, said “warrant-proof” encryption was “enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield.”
The remarks, delivered to a sympathetic crowd of mostly law-enforcement officials at the International Conference on Cyber Security at Fordham University, amount to Mr. Barr’s first significant foray into a decades-old encryption debate that has pitted technology companies and most cybersecurity experts against federal efforts to mandate a requirement that technology allows access to encrypted communications.
“I am here today to tell you that, as we use encryption to improve cybersecurity, we must ensure that we retain society’s ability to gain lawful access to data and communications when needed to respond to criminal activity,” Mr. Barr said, according to prepared remarks. “While we should not hesitate to deploy encryption to protect ourselves from cybercriminals, this should not be done in a way that eviscerates society’s ability to defend itself against all these other types of criminals.”
Governments want access to user data to solve crimes and track potential threats. Tech companies, fearful that this access could be misused for spying or exploited by hackers, continue to build products that are so securely encrypted that the companies themselves are sometimes unable to access the data on them. And many of them are resisting any efforts to weaken their encryption capabilities.
Mr. Barr’s speech didn’t propose a solution or offer substantially different arguments that are likely to break a logjam in Washington. Republicans and Democrats have largely agreed there isn’t a technical way forward to mandate access to encrypted technology without incurring significant costs overall to cybersecurity—a view shared by most tech companies and most cybersecurity experts.
But the speech was unusually detailed, summarizing some technical proposals and past cases that balanced privacy and law-enforcement imperatives. Mr. Barr at points offered sharp rhetoric and specific examples, such as a Mexican drug cartel’s use of Facebook’s encrypted WhatsApp messenger platform for “the specific purpose of coordinating the murders of Mexico-based police officials,” Mr. Barr said.
A Facebook spokesman declined to comment on the speech, but pointed to a company blog post from last year that acknowledged the difficulty surrounding the encryption debate. The post said that “cybersecurity experts have repeatedly proven that it’s impossible to create any backdoor that couldn’t be discovered—and exploited—by bad actors,” reflecting the predominant view in Silicon Valley.
Apple declined to comment on the remarks.
While Mr. Barr offered examples in which he said encryption thwarted criminal investigations, he didn’t provide updated statistics about the overall extent of the problem. The FBI suffered a setback last year when it revealed it had accidentally inflated public statistics about the number of encrypted devices investigators were unable to break open, and officials have not provided an updated metric since then.
Mr. Barr sought to convince technology companies to work toward a compromise with law-enforcement agencies, lest they are forced to deal with hastily passed laws in the wake of a crisis. “Given the frequency with which these situations are now arising, it is only a matter of time before a sensational case crystalizes the issue for the public,” Mr. Barr said.
Many officials at the FBI and Justice Department believed they had found such a case in 2016, when the U.S. government asked Apple to create a software update that would break the privacy protections of the iPhone to gain access to a phone used in a terrorist attack in San Bernardino, Calif. Apple refused to comply.
The National Security Council convened a deputies meeting from various federal agencies last month to consider options on how to move forward on the encryption issue, but the meeting ended without any clear resolution on how to proceed, according to people briefed on it.
A U.S. official said Mr. Barr’s speech wasn’t attempting to provide a specific solution, but reflected consensus within the Trump administration that a solution must be found to combat the proliferating use of too-tough-to-crack encryption. Critics contend that the FBI and contractors that specialize in bypassing encryption have the tools necessary to get into many devices they want to unlock.
Sen. Ron Wyden (D., Ore.), a longtime privacy advocate who has vocally opposed government efforts to weaken encryption, called it an “outrageous, wrongheaded and dangerous proposal.” Speaking from the floor of the Senate, Mr. Wyden said Mr. Barr had “raised a tired, debunked plan to blow a hole in one of the most important security features protecting Americans’ digital lives.”
Mr. Barr has also been working to draft an op-ed article about the encryption issue that would be signed by other senior officials across the Trump administration, but officials at other agencies had concerns about some of the language, according to people familiar with those plans. A Justice Department spokeswoman said officials continued to work on the article and have had several cabinet members say they would sign it.