What Senators Ignore When They Threaten Encryption
If anyone’s wondered where the Senate Judiciary Committee stands on the question of encryption, yesterday’s hearing on the subject left no room for ambiguity: The committee members have little tolerance for it, and they threatened to pass legislation mandating workarounds.
“It ain’t complicated for me. You’re going to find a way to do this or we’re going to do it for you,” Senator Lindsey Graham (R-S.C.), chair of the committee, told representatives from Facebook and Apple in attendance (apparently reversing a change of heart he had in 2016). “You’re either the solution or you’re the problem.”
The debate: whether tech companies should be allowed to deploy strong, end-to-end encryption across their products.
The case for it: The feature protects people’s data and communications from being intercepted or otherwise obtained. Any loophole in the system could be exploited by hackers, spies, and repressive political regimes.
The case against it: Encryption creates a potential sanctuary for criminals and terrorists to hide incriminating evidence about their nefarious activities. Law enforcement needs access to decrypted data for its investigations.
For this latest iteration of the so-called Crypto Wars, the Justice Department has been refining its arguments. A few years ago, the Federal Bureau of Investigation emphasized the threat of terrorism as the agency battled to force Apple to unlock the iPhone of a mass shooter in San Bernardino, Calif. Now the Feds appear to be zeroing in on the dangers of child exploitation and sex trafficking enabled by encryption.
In an October letter, Attorney General William Barr and his British and Australian counterparts asked Facebook CEO Mark Zuckerberg to halt the rollout of encryption across its apps. The heads of Facebook’s WhatsApp and Messenger divisions replied this week saying they would not delay encryption’s adoption. Adding so-called encryption backdoors, they said, would make people’s private messages “less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.”
Tech companies might not have a choice. The message from Capitol Hill was clear: Figure out how to meet our demands, or prepare to face legislation.
My take: If Washington rams through anti-encryption policy, American businesses will find themselves at an economic disadvantage. Consumers will consider their products weaker and less trustworthy than ones with greater protections offered by competitors abroad. Although the prospect of passing anti-encryption laws appears remote despite senators’ rhetoric, the risk is real.
Thomas Rid, a Johns Hopkins professor and authority on cybersecurity matters, put it well on Twitter.
Any policy that gets passed will have enormous ramifications.
On the other line. Government officials and cybersecurity experts are criticizing President Donald Trump's habit of using an insecure cellphone to conduct private phone calls. They warn that the line is likely being tapped by foreign adversaries, such as Chinese and Russian intelligence agencies.
Tit for tat. A new government agency, the U.S. International Development Finance Corporation, is expected to put $60 billion toward helping developing countries purchase telecom equipment made by firms other than China's Huawei and ZTE. American officials have warned the Chinese companies' products pose a security risk. Meanwhile, Beijing has ordered that all foreign-made computers be removed from government offices within three years, delivering a blow to companies such as Dell, HP, and Microsoft.
Intel inside. Security researchers have discovered a vulnerability in Intel computer chips, dubbed "Plundervolt," that lets attackers steal secret information. The researchers have demonstrated they can obtain sensitive cryptographic and biometric data by fiddling with the devices' power supplies. Intel pushed out a firmware update on Tuesday to prevent attacks.
Avast ye, matey. Web browsers Mozilla and Opera removed extensions from the Czech cybersecurity firm Avast after Wladimir Palant, creator of the popular adblocker Adblock Plus, called them "spyware" and said they were harvesting people's data. Avast's recently appointed CEO, Ondrej Vlcek, tells Forbes there is no privacy scandal here. He says the company sells people's web browsing habits in an anonymized form to marketers.
Neighborhood watch. Gizmodo has cast doubt on the Amazon-owned camera company Ring's privacy safeguards by finding out the potential locations of tens of thousands of its installed cameras. The blog analyzed network traffic from the firm's crime-reporting app, Neighbors, which seems to have revealed hidden coordinates of the devices.
On your mark. A Facebook contractor took thousands of dollars in bribes to reactivate banned accounts from a shady affiliate marketer called Ads Inc., BuzzFeed reports. Facebook says the Austin, Texas-based worker, who identified in chats as "Ryan," no longer works at the company. "This behavior is absolutely prohibited under our policies," a spokesperson said.
License plate: THIEF.
Starting in 2008, U.S. national security leaders helped the United Arab Emirates build a secret spy unit, a Reuters investigation uncovers. The Americans involved say they had good intentions: helping an ally combat terrorism. But the group has been implicated in human rights violations, targeting journalists, political dissidents...and even FIFA, the World Cup soccer organization.
In the years after 9/11, former U.S. counterterrorism czar Richard Clarke warned Congress that the country needed more expansive spying powers to prevent another catastrophe. Five years after leaving government, he shopped the same idea to an enthusiastic partner: an Arab monarchy with deep pockets.
In 2008, Clarke went to work as a consultant guiding the United Arab Emirates as it created a cyber surveillance capability that would utilize top American intelligence contractors to help monitor threats against the tiny nation. The secret unit Clarke helped create had an ominous acronym: DREAD.
Three Charged in $722 Million Cryptocurrency ‘Ponzi Scheme’ by Bob Van Voris
Upwork CEO Is Stepping Down Amid Depressed Stock Price by Alyssa Newcomb
This Year’s Hottest Job Involves Artificial Intelligence by Jonathan Vanian
Electric-Powered Commercial Airplane Makes History by Dan Catchpole
No, Humanities Degrees Don’t Mean Low Salaries by Gwen Moran
SoftBank Cuts the Leash on Troubled Dog-Walking Startup Wag by Polina Marinova
ONE MORE THING
What has William Gibson been up to? The 71-year-old sci-fi author and coiner of the term "cyberspace" is still writing novels. His next one, Agency, is due out next month. A New Yorker profile examines the futurist pioneer's life, process, and fixation with the present-day. You will also learn the meaning of "F.Q.," an acronym I will intentionally leave undefined here. (This is a family-friendly newsletter, after all.)