Oct 10, 2019

The Justice Department just made the encryption debate harder to solve

Illustration of a hand holding a hammer that is breaking a text message bubble.

Illustration: Aïda Amer/Axios

Experts fear that the Department of Justice's latest argument against warrant-proof encryption, which emphasizes protecting children and focuses on the use of encrypted messengers, may make it harder than ever to resolve the encryption debate.

The big picture: The DOJ's new plea for extraordinary access to encrypted data, put forward at a summit last week, moves the debate toward systems that are harder to secure and uses cases that are exponentially costlier to address.

Background: For years, the DOJ has argued that the key reason for tech companies to implement weaker encryption algorithms was that strong encryption helps hide evidence critical to fighting terrorists. The metric the DOJ used to make this point was how many cellphones it was unable to break into to obtain this and other evidence.

  • That changed last week when Attorney General William Barr and his counterparts in Australia and the U.K. started emphasizing a different metric and a different topic. In a letter to Facebook and a subsequent conference, Barr emphasized that the key reason for tech firms to weaken encryption was to stymie child exploitation operations run through messaging apps.

The main encryption controversy — whether tech firms should design encryption to let users control who can see their data, or allow law enforcement to access data without user permission — hasn't changed.

  • Cryptographers and security experts still believe that weakening security to give authorities access to data will make it easier for everyone else, including bad actors, to access that data, too.

But, but, but: The focus on messaging apps and child exploitation adds a new wrinkle.

  • Johns Hopkins associate professor Matthew Green notes that it's harder to safely weaken encryption on chat apps than on physical phones.
  • "If China wants to decrypt everyone in the Senate’s phones," he told Codebook, "they need to physically obtain all the phones." But chat messages can be obtained remotely — they pass through the internet to reach their target.

A recent report from the Carnegie Endowment for International Peace noted a variety of other reasons that the debate should focus on phones rather than messaging apps, including chat apps that continuously change encryption keys, a valuable tool that is tough to maintain while extending access to law enforcement.

  • "[I[f good-faith debate on all sides can’t lead to more constructive discussions in this area, then there are likely none elsewhere," the report concluded.

And child exploitation is a more sprawling problem to address, in technical terms.

  • The DOJ touted Facebook as a company that was able to provide investigators with massive amounts of tips regarding illegal images being shared on the platform.
  • But there's a big difference between assisting terrorism investigations with occasional access to specific phones and assisting child exploitation investigations by building massive image analysis networks.
  • That would require platforms to invest in costly bulk surveillance systems that will inevitably rely on advanced artificial intelligence to analyze every image — and will also need humans to double-check the work.
  • Some, like Facebook, already have a version of that in place to flag illegal content on their unencrypted platforms. But messaging apps that haven't had to screen content in the past would be starting from scratch.
Go deeper