Cybersecurity & Tech Surveillance & Privacy

Thoughts on Encryption and Going Dark: Counterpart

Susan Landau
Wednesday, July 15, 2015, 3:27 PM

In his thoughtful piece on arguments regarding the broad use of encryption to secure communications and devices, not surprisingly Ben puts forth some ideas with which I disagree. Hence, to his part II, I provide this counterpart. 

Published by The Lawfare Institute
in Cooperation With

In his thoughtful piece on arguments regarding the broad use of encryption to secure communications and devices, not surprisingly Ben puts forth some ideas with which I disagree. Hence, to his part II, I provide this counterpart.

The first issue with which I take exception is that in a world of ubiquitous end-to-end encryption, communications would be dark to law enforcement and national security. In the world of attacks from various nation states against the US and allies, would that it were so. It is not. Devices — laptops, phones, any object running complex software — have flaws. When there are such vulnerabilities, there is room for attack, for downloading a wiretap against the device and tapping the communications before those communications are encrypted. This is a solution that Steve Bellovin, Matt Blaze, Sandy Clark, and I have written about here and here. More importantly, it is a technique that the FBI has repeatedly employed since at least 2007; NSA has also been using this technique.

Of course, such a targeted solution does not come cheap. But that is as it should be. Given the extent to which our economy is based on intellectual property, securing the many — broad availability of strong end-to-end encryption of communications — at the price of more expensive targeted efforts for government investigators — is the right balance. I'm surprised that at this point there is really further discussion on the issue.

Going further into his part II article, Ben raises the question of whether exceptional access would create an insecure Internet. Let's be clear on this issue. We already have an insecure Internet. Those of us who care about security are very careful about which apps and systems we use (that's a different story). In order to work around that insecurity, one uses tools to secure information. One is end-to-end encryption to secure communications. Another is encryption to secure data at rest. In our report, we argue that exceptional access would imperil solutions to secure communications and devices. Nowhere do we claim that exceptional access would create an insecure Internet (we already have one of those). Rather we argue that exceptional access would imperil attempts to secure comms and data, as indeed previous attempts through CALEA and the European Telecommunications Standards Institute for lawful access did. In our report, we discuss examples of vulnerabilities — and actual breaches — that arose from such lawful access architectures; I do not repeat those examples here.

So our argument is not about making the Internet secure — which we'd be delighted to see happen but were not directly addressing in our report — but about securing communications and devices. Requiring security solutions to include exceptional access creates insecurity. That was our point, and remains our point.

Ben goes on to discuss encrypted devices, particularly phones. Deputy Attorney General Sally Yates presented a kidnapping example — young girl leaves home, enters van outside her house, disappear; only clues are in a locked phone. Let's ignore for now the fact that young girls never leave behind their phones and instead take the example at face value. The example is quite reminiscent of claims FBI Director Louis Freeh made in the Crypto Wars twenty years ago, where the emphasis also included kidnappings. No member of Congress wants to vote in favor of lifting encryption controls only to later find out that a child in their district had been kidnapped and if only the FBI had been able to listen in to the encrypted communications ...

Kidnappings are a federal crime, which means the FBI has data. In the 1990s, there were about 450 kidnappings annually, of which wiretaps were used in an average of 4-6 cases each year. Why so few? First of all, law enforcement didn't typically know who had done the kidnapping, so wiretapping was of little use. And if law enforcement did listen in to the family's phone, that didn't constitute a wiretap, either legally or technically. The use of encryption would not have posed a problem in such investigations.

In short, kidnappings were not the serious problem that the FBI Director was claiming (they were, of course, to the affected family; that's a different issue). They certainly didn't constitute the kinds of numbers that made sense on which to base national policy (I'll remind the Lawfare readership that the Crypto Wars did impede the development of security solutions).

The use of wiretaps in kidnapping cases has increased. But there are several reasons for this. One is that everyone, including kids, have phones. The other is that, as the Polly Klaas Foundation reports, "You may not realize that each year over 200,000 children are kidnapped by a family member. This is many more children than are kidnapped by strangers." When one looks at the kidnapping numbers from this perspective — and yes, some non-custodial parents do do dreadful things to their children — the import of the kidnapping numbers change.

What's needed now are facts. We hear from law enforcement that evidence resides on locked phones; for example, District Attorney Cyrus Vance mentioned that his office had encountered 74 locked iPhones in the course of doing investigations. But the Electronic Frontier Foundation reported that this was in the course of one hundred thousand investigations over a year (or less than 1% of cases). Unlocked phones have proved a boon to investigators in the last decade, but that doesn't necessarily mean that access to this investigative tool must be protected at all costs. There are almost always other ways of getting the data. After all, how did police function in the pre-smartphone era? And, while some data may rely solely on the phone, much of it is backed up to the cloud even when the user believes otherwise. Finally, it is worth nothing that while some data (e.g., notes to yourself) may be only on the phone, other information had to be transmitted to you. In other words, there is very little data that is on the phone and not available elsewhere.

As we observe in our report, exceptional access to phone data means exceptional access not only to US investigators, but also to law enforcement around the world (such requirements may occur in some locations regardless of US laws). Exceptional access means that the data is not secure.

We have always balanced the needs of society with the needs of the government to provide security. The FBI has been making the Going Dark argument publicly for almost five years, and within government for longer than that. Despite Deputy Attorney General Yates's hypothetical and District Attorney Vance's numbers, law enforcement has not made its case. We are seeking to balance society's needs for securing data — a national-security concern — with government's need to conduct investigations pursuant to legal authority. Prevention of criminal activity, which is what securing communications and devices help to accomplish, is crucial. Our report showed the security risks involved in mandating "exceptional access." The other side's case, currently argued through anecdata, is not proved — and carries great risks to everyone's security were we to go forward with their proposals.

Susan Landau is Bridge Professor in The Fletcher School and Tufts School of Engineering, Department of Computer Science, Tufts University, and is founding director of Tufts MS program in Cybersecurity and Public Policy. Landau has testified before Congress and briefed U.S. and European policymakers on encryption, surveillance, and cybersecurity issues.

Subscribe to Lawfare