U.S. Attorney General (AG) William Barr is making the same request of technology companies as his predecessor, AG Rod Rosenstein, as well as former FBI Director James Comey have made: that they implement encryption backdoors that allow law enforcement to “detect crimes before they happen.”
“As we use encryption to improve cybersecurity, we must ensure that we retain society’s ability to gain lawful access to data and communications when needed to respond to criminal activity,” Barr said during a keynote address at the International Conference on Cybersecurity in New York City, according to The New York Times.
Barr added that this approach should fit tech companies' business models.
“Our societal response to advances in technology that affect the balance between individual privacy and public safety always has been — and always should be — a two-way street,” he said.
Exploring Encryption Backdoors
Barr and his predecessors have said that companies must stop making “warrant-proof encryption,” as noted by the Wall Street Journal. However, in the past, officials form the U.S. Department of Justice (DOJ) have implied or even directly said that the encryption backdoors would require a warrant.
In practice, if encryption backdoors were accepted by technology companies, it's possible that some could offer law enforcement various degrees of direct and warrant-less access, which would be more in line with the idea of attempting to “detect crimes before they happen.”
A warrant usually implies that a crime has already happened. Detecting crime before it happens implies direct access to data and mass surveillance, while phishing for crimes with automated detection tools that may take into account various text keywords, online behavior, etc -- a type of action called “fishing expeditions.”
It's also worth noting that while encryption may protect data in some cases (only a handful of applications use end-to-end encryption that keeps data private between sender and receiver), the move to the cloud, GPS-enabled devices and generally performing more and more personal activities online has led to an explosion of data that law enforcement can access today -- with or without a warrant. Contrastingly, there are many situation where is encryption is used, law enforcement can, in fact, use warrants to gain access to the data.
Generally speaking, the only mainstream app that uses end-to-end encryption by default is Signal. iMessage and WhatsApp also do so, but their makers state that the apps could allow law enforcement to invisibly snoop on specific users, due to flawed designs.
And when it comes to smartphone encryption, that's also protected with a client-side encryption key, which means it’s not up to the companies to decrypt it but to the owners of the devices.
There's no direct evidence proving that the AG’s call for encryption backdoors and the DOJ's big tech antitrust review announced this week are connected. However, Barr has at least helped to reinvigorate the encryption issue at the same time that related companies are being investigated.