US Attorney General William Barr believes that encrypted messages should be accessible to law enforcement.
The statement was made at the International Conference on Cyber Security keynote address in New York today. "Obviously, the Department would like to engage with the private sector in exploring solutions that will provide lawful access. While we remain open to a cooperative approach, the time to achieve that may be limited," Barr said.
One company Barr likely had in mind was Apple, who refused to comply with a government request to unlock the iPhone 5c of San Bernadino shooter Syed Farook in 2015. Farook killed 14 people in San Bernardino, California.
Apple's iPhone 5c was encrypted and the government was unable to access it at first without requesting Apple unlock it. Apple CEO Tim Cook responded at the time by saying that it would not write a master key for its iPhones that could get into the hands of anyone, including black hat hackers (that is, hackers who hack for fun, not security reasons).
Encrypted messages are becoming a problem for law enforcement, as it seeks to do its job and catch criminals. Attorney General Barr cited other examples in his keynote address, such as a Mexican cartel who brought large amounts of fentanyl from Asia to Mexico, then the US. The Mexican cartel hid its drug activities by using Facebook-owned WhatsApp, an encrypted messaging service that prevented the government from using wiretaps. WhatsApp added encryption to its service in 2016.
Barr said that drug cartels and terrorists are taking advantage of these encrypted services to communicate with other criminals and harm innocent lives. And encrypted messaging services are, implicit within Barr's statements though not explicitly said by him, "aiding and abetting the enemy."
Attorney General Barr makes a point about encrypted messaging services: they do hide the contents of users, making it easy for criminals to schedule drug or human trafficking without the eyes of the federal government upon them. Law enforcement is literally "in the dark" in encrypted messaging services because they have no way of knowing what criminals are planning next. Law enforcement wants to go after the "bad guys" and catch them in their illegal activities, and that's a noble cause.
And yet, what life teaches is that "power corrupts, and absolutely power corrupts absolutely." For law enforcement to receive access to encrypted messages eliminates the significance of the messages being encrypted in the first place. Why encrypt messages if law enforcement has access to encrypted messages anyway?
And if law enforcement has access, why not grant access to employers, wireless carriers, and the federal government? Why stop at granting law enforcement access? How encrypted would encrypted messages be if law enforcement has access to them?
Barr wants to catch criminals, but opening up encrypted messages, in general, opens them up to everyone on everyone, including law-abiding citizens. Encrypted messages are kept protected to protect everyone. Even criminals deserve protections, despite their criminal activities. One would say that to catch one criminal via encrypted messages is worthwhile, but is it, at the expense of millions of law-abiding citizens who aren't doing anything wrong?
Additionally, if encrypted messages become easily accessible by law enforcement, is there any indication that criminals will stop their activities? Not at all. According to Facebook Chief Operating Office (COO) Sheryl Sandberg, decrypting WhatsApp messages would only drive criminals to other encrypted services such as Telegram or Signal and allow them to continue their activities.
WhatsApp joined Apple, Google, Microsoft, and 44 others in opposing the UK's GCHQ request for ghost protocol. The ghost protocol would allow carriers, service providers, and law enforcement to have access to private group chats and calls. WhatsApp would be forced to send these private messages to law enforcement in real time.
Tech companies should cooperate with law enforcement, as much as possible. But when it comes to encrypted messages, there has to be a line drawn between finding info on criminals and putting law-abiding, unsuspecting citizens at risk. In an internet age where mobile users find themselves "hacked" into every day, is catching one criminal worth subjecting everyone else to the invasion of their mobile privacy?
This is not to say that Americans don't have a sense of justice. They do. They believe that criminals should pay for their crimes. But they also believe that the innocent should not suffer because the guilty do. Barr's statements show the effectiveness of un-encrypting messages to reduce crime, but one must also consider the impact on non-criminal citizens. Tech companies like Apple and others have to consider not only the criminals but also their law-abiding consumer bases because they are in the consumer space. Whereas law enforcement sees one side, tech companies see many.
It's easy for Barr to tell tech companies to cooperate with law enforcement. He doesn't have to live life in their shoes, in their space, and face consumers who just want to know their data is protected. Sometimes, it takes getting out of the castle to see what life is truly like "at the gate."