Keep yourself secure online, but don't use encryption to do it, the federal government says.
Image: Kenny Louie/Flickr
Tuesday, the federal government continued its offensive against default consumer encryption enabled by Apple and Google and anonymity tools like Tor, saying that greater privacy and security has created a "zone of lawlessness" that law enforcement is having trouble cracking.
Leslie Caldwell, an assistant attorney general at the Justice Department, said that the department is "very concerned" by the Google's and Apple's decision to automatically encrypt all data on Android and iOS devices. Her comments aren't entirely surprising, considering that FBI Director James Comey previously said that the agency would push Congress to make automatic encryption illegal, and President Obama has also expressed concern with the development.
The problem that privacy and security advocates have pointed out is that the US government doesn't really seem to understand what it's asking for. Caldwell was being interviewed as a part of the annual State of the Net Conference in Washington, DC. One minute, she was vilifying encryption; the next, she was sending a message to the country's citizens and companies that they need to be "more conscious of cybersecurity."
"They need to be assuming they are vulnerable, assuming their data can be taken," she said.
"We have made some advances in our ability to penetrate the Tor network"
End-to-end encryption is one of the absolute best ways to protect data, and the security of its users is the main reason why Google and Apple decided to make it default on their smartphones.
The move has been extremely controversial with the government, because it makes data too safe, Caldwell argued.
"We understand the value of encryption and the importance of security," she said. "But we're very concerned they not lead to the creation of what I would call a 'zone of lawlessness,' where there's evidence that we could have lawful access through a court order that we're prohibited from getting because of a company's technological choices."
She said that she hopes Apple and Google will consider building in back doors that will allow the companies to decrypt the phones if they are physically mailed back to the manufacturer.
The companies would then send information "relevant to [the] investigation" to law enforcement. As it stands, Apple currently has no way of decrypting phones—only the user can.
Many experts have argued that such backdoors would defeat the purpose of encrypting data on the phone in the first place—if there are various ways of decrypting something against a user's will, then is it ever truly encrypted?
"When the government calls for reduced security on smartphones, or worse yet, seeks technological backdoors into our devices, we are being asked to expose our personal data to criminals," Nuala O'Connor of the Center for Democracy and Technology wrote soon after Comey's comments in October. "Any backdoor the government can walk through to uncover evidence will eventually be used by malicious actors to exploit our personal information."
Encryption isn't the only internet tool under the government's crosshairs, however. Caldwell said that the anonymization of cyber criminals is at least as big of a problem for the government, and suggested that most people who use Tor and other anonymity tools are criminals.
"Tor obviously was created with good intentions, but it's a huge problem for law enforcement," she said. "There are a lot of online supermarkets where you can do anything from purchase heroin to buy guns to hire somebody to kill somebody, there are murder for hire sites. We understand 80 percent of traffic on the Tor network involves child pornography."
The NSA, Justice Department, and other law enforcement agencies have spent much of the last several years attempting to crack Tor, and the recent raid of Silk Road 2 and other dark net markets suggests they've had some success.
"We have made some advances in our ability to penetrate the Tor network, but it's still a real challenge," Caldwell said. "The international nature of the internet is already a huge challenge. When you add in the Tor network, that makes it more of a challenge. Someone may be sitting in Romania engaging in child exploitation activity making its way to the United States, and it's difficult to locate those people. It's even more difficult to find them and bring them to justice."
She's not wrong that tools like Tor and encryption can, in certain cases, make law enforcement's job more difficult. But she's also ignoring the fact that, with proper encryption, law enforcement is much less likely to have to deal with the types of botnets, malware, and hackers that it says it has an obligation to stop.
Technology has certainly changed the law enforcement landscape, as she said—but that doesn't mean every anonymity and cryptographic tool is making us all less safe.