On Tuesday, Attorney General William Barr delivered a keynote address in which he resumed the call for companies to find technical solutions to allow law enforcement to access encrypted communications and data.
"By enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield, the deployment of warrant-proof encryption is already imposing huge costs on society," Barr said to an audience at the International Conference on Cyber Security in New York. Barr then pointed to several oft-repeated and criticised potential solutions, such as creating a second set of keys that law enforcement could use to access a locked phone.
Somehow in his 4,172 word speech, Barr failed to mention that law enforcement has another option, one which they don't have to wait around for, but use all the time: hacking.
While Barr described potential ways to tackle "encrypted phones so they can be unlocked pursuant to a warrant," he didn't mention that local cops around the country have access to GrayKey, a relatively cheap tool that can unlock iPhones. Cellebrite, another company focused on opening up phones and bypassing their encryption, recently announced its own device can unlock any iPhone. That news came before Monday's release of iOS 12.4; it's not immediately clear if those tools can crack devices running that iteration of Apple's operating system, but the cycle is so often the same: law enforcement are able to use tools or services to unlock phones; operating systems thwart those attempts; then the tools catch up again.
Do you know anything else about law enforcement hacking? We'd love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org.
Barr also spoke about accessing encrypted communications in apps such as WhatsApp. Here, one possible solution Barr highlighted was tech companies silently adding a law enforcement recipient to a conversation. But the FBI and other law enforcement agencies have previously purchased software for remotely hacking phones, giving them the ability to listen in on app-based messages or calls. The FBI spent $775,000 on tools from surveillance company Hacking Team. Today many of these tools are explicitly marketed to agencies in order to access communications before they're encrypted. And over a decade ago the Bureau used hacking to circumvent encryption used by suspects.
Naturally, Barr and others may want more persistent access to encrypted data and communications. A backdoor or weakened encryption may be easier than using a hacking tool, which may or may not work depending on the target, their operating system, and the capabilities of the tool at that point in time. There is also the cost of hacking. Although physical access devices such as GrayKey are now pretty cheap, remote hacking of mobile phones is expensive.
But it's disingenuous to have a debate around something as significant as introducing new approaches to tackling the Going Dark issue without even mentioning the tools that police around the country are using everyday just fine.
Subscribe to our new cybersecurity podcast, CYBER.