After some attempts to backdoor encryption, led by Senators Dianne Feinstein (CA) and Richard Burr (NC), who are also the top ranking members of the Senate Intelligence Committee, the Senate staff has been approved to use the Signal messenger. Signal is currently considered by most experts as the most secure way to communicate due to its open source nature, use of end-to-end encryption, and self-destructing messages.
Early last year, Senators Feinstein and Burr co-sponsored a bill that would have compelled companies to provide encrypted data when requested by the U.S. government. Security experts reacted negatively to the bill, saying that it would end up forcing software vendors to avoid encryption altogether, resulting in a net loss to public safety.
After the bill was made public, Senator Ron Wyden (OR), who is also a member of the Senate Intelligence Committee, promised to filibuster the bill. Since then, the bill seems to have been forgotten, although it could still show up later if the senators who supported it find a good opportunity to promote it.
Senate Adopts Signal, HTTPS
Recently, the Senate adopted HTTPS encryption for the entire senate.gov domain, two years after the White House required that all new federal websites adopt it. This year, the General Services Administration also announced that it will automatically enforce HTTPS encryption by preloading them in modern browsers (with the browser vendors’ accord). That means no downgrade (to HTTP) or man-in-the-middle attacks should be possible.
In a recent letter, Senator Ron Wyden (OR) praised the Senate for adopting HTTPS, as well as for approving the use of the open source Signal private messenger. Signal uses state-of-the-art encryption and is developed by prominent cryptographers and privacy activists.
The Signal encryption protocol has also been implemented by apps such as WhatsApp, Facebook Messenger (Secret Conversations), and Google’s Allo (Incognito mode), but the first one may not guarantee security in all scenarios, while the rest don’t enable end-to-end encryption by default.
Feinstein’s own staff has been exposed previously to a hack from the CIA, and we have to imagine that rival nations constantly try to hack into U.S. government systems. Therefore, a good encryption protocol and a well-written application such as the Signal messenger may be necessary to preserve the confidentiality of communications between Senate members and their staff.
As the Senate and other arms of the government start using end-to-end encryption, their members may be less likely to want to ban tools using it in the future, which should be good news for people who care about their own privacy.
Privacy Enhancing Technologies
Senator Wyden recently recommended government agencies adopt other “privacy enhancing technologies” (PETs) such as differential privacy, which was implemented by Apple last year, and multi-party computation. Both are cryptographic mechanisms that allow services vendors to compute on private data without infringing on the users’ privacy.
“As the Commission on Evidence-Based Policymaking works to finalize its conclusions and recommendations to Congress, I write to remind the commission that new government databases, even if they are created for well-intended purposes, can both threaten the liberty of Americans and create an irresistible target for criminal hackers and foreign governments,” Wyden wrote to the Commission on Evidence-Based Policymaking.
“For that reason, I strongly urge the commission to recommend that privacy enhancing technologies (PETs), such as secure multi-party computation (MPC) and differential privacy, must be utilized by agencies and organizations that seek to draw public policy related insights from the private data of Americans,” he added.