AG Barr says consumers should accept security risks of encryption backdoors
U.S. attorney general William Barr has said consumers should accept the risks that encryption backdoors pose to their personal cybersecurity to ensure law enforcement can access encrypted communications.
In a speech Tuesday in New York, the U.S. attorney general parroted much of the same rhetoric from his predecessors and other senior staff at the Justice Department, calling on tech companies to do more to assist federal authorities gain access to devices with a lawful order.
Encrypted messaging has taken off in recent years, making its way to Apple products, Facebook, Instagram, and WhatsApp, a response from Silicon Valley in response to the abuse of access by the intelligence services in the wake of the Edward Snowden revelations in 2013. But law enforcement says encryption thwarts their access to communications they claim they need to prosecute criminals.
The government calls this “going dark” because they cannot see into encrypted communications, remains a key talking point by the authorities. Security experts have long said there is no secure way to create “backdoor” access to encrypted communications for law enforcement without potentially allowing malicious hackers to also gain access to people’s private communications.
In remarks, Barr said the “significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society.”
He suggested that the “residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product.”
“Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,” he said.
The risk, he said, was acceptable because “we are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications,” and “not talking about protecting the nation’s nuclear launch codes.”
The attorney general said it was “untenable” that devices offer uncrackable encryption while offering zero access to law enforcement.
Barr is the latest in a stream of attorney generals to decry an inability by law enforcement to access encrypted communications, despite pushback from the tech companies.
The U.S. is far from alone in calling on tech companies to give law enforcement access.
Earlier this year U.K. authorities proposed a new backdoor mechanism, the so-called “ghost protocol,” which would give law enforcement access to encrypted communications as though they were part of a private conversation. Apple, Google, Microsoft and WhatsApp rejected the proposal.
The FBI inadvertently undermined its “going dark” argument last year when it admitted the number of encrypted device it claimed it couldn’t gain access to was overestimated by thousands.
FBI director Christopher Wray said the number of devices it couldn’t gain access to was less than a quarter of the claimed 7,800 phones and tablets.
Barr did not rule out pushing legislation to force tech companies to build backdoors.