Even the Defense Department is now pointing out that the government’s quest to weaken encryption lies somewhere between counterproductive and downright harmful.
Attorney General Bill Barr and Senate Judiciary Committee Chair Lindsey Graham have been on a tear lately in a bid to undermine encryption standards. Those efforts culminated in a hearing this week whose primary purpose appears to have been to demonize encryption by falsely proclaiming it “poses a risk to public safety.”
Many staffers at both the Department of Justice and FBI have joined the festivities, arguing that encryption enables all manner of nefarious behavior, from human trafficking to child exploitation as they push for the inclusion of law enforcement backdoors in everything from routers to smartphones.
Actual security experts—and tech giants like Facebook and Apple—have long highlighted the foolishness of such efforts. Encryption aids everybody, they’ll note, protecting consumers, activists, and criminals alike. Embed backdoors in encryption and network gear, they’ve warned, and you’re undermining an essential security tool, putting everybody at risk.
“We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in,” Apple’s director of user privacy, Erik Neuenschwander told hearing attendees.
While vast segments of government have embraced the recent war on encryption, some government officials seem to understand the benefits of retaining strong encryption. This week, Representative Ro Khanna forwarded a letter to Lindsay Graham from the Defense Department's Chief Information Officer Dana Deasy.
In the letter, first reported by Techdirt, Deasy notes that all DOD issued unclassified mobile devices are required to be password protected using strong passwords, and that any data-in-transit on DOD issued mobile devices be encrypted via VPN.
“The importance of strong encryption and VPNs for our mobile workforce is imperative,” Deasy wrote.
“As the use of mobile devices continues to expand, it is imperative that innovative security techniques, such as advanced encryption algorithms, are constantly maintained and improved to protect DoD information and resources,” he said. “The Department believes maintaining a domestic climate for state of the art security and encryption is critical to the protection of our national security.”
There’s endless examples of governments, organizations, and corporations attempting to undermine encryption standards for both surveillance and profit. Comcast, for example, has worked to undermine recent efforts to encrypt Domain Name Server (DNS) traffic because doing so would threaten the company’s efforts to monetize user behavior online.
Facebook sent a letter this week to Bill Barr, in which the company made it clear that it would not backdoor its encrypted messaging apps at the government’s request.
“Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere,” Facebook wrote.
But while cybersecurity experts and tech giants spent the week warning that weakening encryption harms everyone, a bipartisan coalition of lawmakers remain stubbornly impervious to the argument.
Democratic Senator Dick Durbin largely mirrored Graham’s rhetoric at this week’s hearings, insisting the latest war on encryption was about ensuring big tech companies weren’t “beyond the reach of the law.” “We’re talking about our government protecting our citizens,” he insisted, seemingly oblivious that eroding encryption would likely have the exact opposite impact.
The Justice Department has argued for years that by including strong encryption on their networks and in their products, Silicon Valley giants are undermining the government’s quest to rein in criminals. But security experts, and now the DOD, have made it abundantly clear that encryption protects everybody, not just the worst segments of society.
So far, politicians like Graham have made it abundantly clear they’re not listening, insisting that if tech companies don’t set about backdooring their products and weakening encryption, there will soon be hell to pay.
“My advice to you is to get on with it, because this time next year, if we haven’t found a way that you can live with, we will impose our will on you,” Graham said.