Coalition Response Letter on Encryption

Rt Hon Priti Patel MP
United Kingdom Secretary of State for the Home Department

William P. Barr
United States Attorney General

Chad F. Wolf
United States Secretary of Homeland Security (Acting)

Hon Peter Dutton MP
Australian Minister for Home Affairs

To Whom it May Concern, The undersigned organizations, security researchers, and companies write to express significant concerns raised by your recent statements against encryption. In both the joint letter to Facebook and the event hosted by the Department of Justice on October 4, you described encrypted communications tools as “lawless spaces,” and requested that companies remove or delay the deployment of end-to-end encryption protections on their consumer messaging services.

Fulfilling this request would endanger the security and privacy of billions of internet users around the world. Strong encryption is essential for national security and public safety, and exceptional access mechanisms—commonly referred to as “backdoors”—would create significant security risks. Finally, while law enforcement agencies have raised concerns about their capabilities in the face of strong encryption, crime-fighting capacity remains robust given that we are in an age where technology generates so much digital information about individuals and their activities.

Strong Encryption is Essential for National Security and Public Safety

Proponents of exceptional access have argued that it is possible to build backdoors into encrypted consumer products that somehow let “good actors” gain surreptitious access to encrypted communications, while simultaneously stopping “bad actors” from intercepting those same communications.

This technology does not exist. To the contrary, technology companies could not give governments backdoor access to encrypted communications without also weakening the security of critical infrastructure, and the devices and services upon which the national security and intelligence communities themselves rely.1

Critical infrastructure runs on consumer products and services, and is protected by the same encryption that is used in the consumer products that proponents of backdoor access seek to undermine. Every day, millions of people connect to critical infrastructure—the power grid, transportation systems, the financial system—via their phones or computers. Employees at these entities often connect to internal sites to manage operations or exchange sensitive information that enables the smooth operation of lifeline services. The same encryption present on smartphones and tablets protects these interactions, and is vital to the security of critical infrastructure.

Moreover, government employees around the world, including at intelligence agencies, rely on consumer devices to communicate sensitive information. In fact, the US National Security Agency (NSA) developed a program called Commercial Solutions for Classified that allows US Department of Defense officials to transmit classified information using commercial encryption solutions.2

Recognizing these serious risks, high ranking officials from national security, intelligence, and cybersecurity agencies have voiced opposition to calls for companies to build exceptional access mechanisms. For example, former NSA and CIA director, Michael Hayden, warned that “​The downsides of a front or back door outweigh the very real public safety concerns,” and Mike McConnell, former director of the NSA and former Director of National Intelligence, urged that “with almost everyone carrying a networked device on his or her person, ubiquitous encryption provides essential security.” Former Secretary of Defense Ash Carter cautioned that “for the Department of Defense data security including encryption is absolutely essential to us. None of our stuff works unless it’s connected…I’m not a believer in back doors.”3 Robert Hannigan, the former Director of the United Kingdom’s GCHQ, responded to a proposed plan to mandate encryption backdoors by saying “Encryption is an overwhelmingly good thing—it keeps us all safe and secure…Building in back doors is a threat to everybody and it’s not a good idea to weaken security for everybody to tackle a minority.”4

Most recently, Jim Baker, former general counsel of the FBI, who served during the San Bernardino investigation and represented the FBI during its litigation against Apple, published an article in ​Lawfare describing his change of opinion on encryption issues. He explained how he now recognizes that “a solution that focuses solely on law enforcement’s concerns will have profound negative implications for the nation across many dimensions. I am unaware of a technical solution that will effectively and simultaneously reconcile all of the societal interests at stake in the encryption debate, such as public safety, cybersecurity and privacy as well as simultaneously fostering innovation and the economic competitiveness of American companies in a global marketplace.”5

All of these officials agree – weakening consumer encryption would unavoidably harm national security, and these concerns have borne out time and again. Major data breaches, such as those at the Office of Personnel Management6, where millions of federal employees’ records were exfiltrated by the Chinese government, and at the Department of Defense7, where 10-20 terabytes of records were leaked, show how vulnerable our data can be. The same is true of data breaches at hotel chains, health insurers, banks, credit reporting agencies, and universities, which affect hundreds of millions of people around the world every year.8 Whether they are national security secrets or individuals' personal records, strong encryption is, by far, the best security solution we have for protecting those data from unauthorized access and exfiltration.

Encryption is also essential to public safety and protecting vulnerable populations. A common, but problematic, argument law enforcement officials make in favor of encryption backdoors is that we must be willing to compromise the privacy and security protections offered by encryption in order to protect public safety. However, this argument fails to acknowledge that encryption, in fact, plays an essential role in protecting​ the public from crimes that cause physical injury and death. For instance, Cindy Southworth, the Executive Vice President at the U.S. National Network to End Domestic Violence (NNEDV), recently cautioned against introducing an exceptional access mechanism for law enforcement, in part, because of how it could threaten the safety of victims of domestic and gender-based violence and stalking. Specifically, she explained that she is ​“a proponent of encryption because it allows victims to control when and how they seek help, and that it is critical for protecting sensitive digital records, which have been stolen by abusers.”9 A recent fact sheet from LGBT Tech and the Internet Society states “without encryption, LGBTQ+ individuals living in or traveling to [countries where being LGBTQ+ is considered a criminal offense] may not be able to safely and comfortably find communities and outlets for self-expression and would be left vulnerable to prosecution and persecution.”10

Beyond protecting national security and physical safety, encryption is also essential to reduction of other types of crime. Mobile devices like smartphones and communications services like email providers and messaging apps are increasingly used by people and businesses as a primary means for accessing and communicating sensitive and proprietary information like financial data, medical records, and intellectual property, in addition to ordinary personal communications. Whether protecting data at rest or in motion, encryption is central to reducing cybercrime, fraud, data breaches, and device theft. As noted in the 2018 report of the Technological Advisory Council (TAC) Mobile Device Theft Prevention (MDTP) Working Group, a decline in mobile device theft coincides with the deployment of the anti-theft and security measures.11” If mobile device security was weakened by an encryption backdoor, the negative consequences to the economy and to data security would be unavoidable.

Exceptional Access Mechanisms Would Create Significant Security Risks

While some encryption opponents defend exceptional access by describing it as a “front door” rather than a “back door,” this semantic argument only obscures the basic facts of their proposal. The outcome is the same, irrespective of terminology: law enforcement is asking companies to build a method of bypassing or weakening normal authentication processes that are essential to the security of encrypted communications. These exceptional access mechanisms for law enforcement agencies would be the same “backdoors” that provide an opportunity for terrorists, criminals, and other parties to gain unauthorized access. This is because technologists cannot build systems that are inherently able to tell when “bad” people use them, just as engineers cannot design sidewalks and highways to crumble underneath the feet of certain people. In both cases there is a chance that they would build something that is unsafe for all users. It is no different in communications infrastructure, and history has shown us that malicious actors will find and exploit vulnerabilities, whether created intentionally for law enforcement or left unintentionally by a software engineer.

Vulnerable populations like journalists ​and activists rely on encryption to protect themselves, their sources, and their communities.12 For example, Chinese intelligence agencies have been exploiting ​a security failing in the encrypted messaging app Telegram to target activists in the recent Hong Kong protests.13 A lack of digital security for these individuals can have real physical consequences. Governments with less respect for human rights take advantage of intentional vulnerabilities to surveil these populations, putting the vulnerable in danger absent the ability to communicate securely. In a recent example, Amnesty International ​supported​ a legal petition to revoke the export license of NSO Group​, a company that has developed spyware products ​suspected of being​ used by law enforcement and/or intelligence agencies to exploit technical vulnerabilities to covertly take control of a person’s phone, and which have been used against a number of human rights activists around the globe.14 Exceptional access demands from countries such as the U.S., UK, and Australia also embolden repressive and authoritarian regimes in their attempts to pressure messaging apps and device manufacturers to build surveillance capabilities into their products and services.

For example, the Government Communications Headquarters (GCHQ), the U.K.’s intelligence agency, proposed an exceptional access mechanism that would involve adding a “ghost” user into encrypted chats so they could see the plaintext of the encrypted conversation.15 This proposal would require messaging providers to add a law enforcement participant into encrypted chats and to suppress normal notifications to users, meaning users would be unaware when a law enforcement participant had been added. Although GCHQ officials claim that “you don’t even have to touch the encryption” to implement their plan, the “ghost” proposal would pose serious threats to cybersecurity.

Among other problems, the “ghost” proposal would undermine authentication systems, so that people could no longer know who they were communicating with.16 The ghost proposal would introduce a security threat to all users of a targeted encrypted messaging application. In order for providers to be able to suppress notifications when a ghost user is added, messaging applications would need to rewrite the software that every user relies on. This means that the development of this new function could create an unintentional vulnerability that affects every single user of that application. Proposals to build backdoors into encrypted devices have shown similar fatal flaws that could result in malicious exploitation of the vulnerability, or otherwise harm non-targeted users.17

The flaws in these proposals highlight another concern with the direction the “going dark” debate has taken. Law enforcement officials advocating for exceptional access have begun suggesting that building such a mechanism would be possible if companies and users would sacrifice just a small percentage of their digital security, going from 99.5% secure to 99% secure.18 This assertion, that exceptional access would result in a miniscule and measurable—and therefore manageable—loss in security, runs counter to a wealth of evidence produced by numerous studies.19

Strong Encryption Will Not Unreasonably Hobble Law Enforcement Investigations

One of the most common justifications cited in support of restrictions on encryption is the overwhelming barriers that it poses to law enforcement investigators. This common claim has repeatedly been shown to be overstated. During the ​Apple v. FBI ​litigation, the FBI claimed that relevant and critical communications data resided on a locked phone that they could not access due to encryption.20 A subsequent Office of Inspector General report detailed that the FBI did not diligently pursue all options for accessing data on the locked phone, and instead chose to sue Apple to compel the company to develop a workaround that would have circumvented the security on all their devices.21 Moreover, press reporting has made it known that after the FBI unlocked the phone by hiring a private contractor, it contained no useful data.22

In addition in 2017, the FBI tried to illustrate the impact of encryption on law enforcement when it told Congress that it had seized 7,800 phones that were inaccessible due to encryption. In 2018, this figure was contradicted when an internal FBI estimate of 1,200 phones became public. The FBI committed to providing a revised number, but has not yet done so.

Moreover, a survey of law enforcement investigators shows that encryption is not the biggest digital evidence challenge they face. In fact, the problem is often much simpler—police officers don’t know what data is available, which provider has it, and how to go about acquiring and making sense of it. According to the Center for Strategic & International Studies, their survey of federal, state, and local law enforcement officials “suggests that challenges in accessing data from service providers—much of which is not encrypted—is the biggest problem that they currently face in terms of their ability to use digital evidence in their cases.”23 In fact, there is an enormous amount of unencrypted data available to law enforcement today that has not been available in the past. For example, encryption typically does not protect metadata, and therefore poses no barrier for law enforcement agents to access information like email addresses, mobile-device location information, IP address, browsing data, and other information that can be extremely valuable to investigators.24

In practice, if companies build law enforcement access mechanisms into encrypted products, some targets of investigations will simply move to using different encrypted services. Thus, while any of the small number of nefarious actors who are targeted by law enforcement will still be able to avail themselves of other services, the vast majority of users who are law-abiding—who may still choose different services—will disproportionately suffer the consequences of degraded security and trust.

As former FBI General Counsel Jim Baker wrote in his recent piece on ​Rethinking Encryption,​ public safety officials should consider protecting cybersecurity an essential part of their mission, and therefore, “​public safety officials should embrace encryption.” We urge you to similarly rethink your calls for exceptional access and to recognize the important role encryption plays in keeping us all safe.

Sincerely,

Civil Society Organizations

Access Now

American Civil Liberties Union

Amnesty International

ARTICLE 19

Association for Computing Machinery U.S. Technology Policy Committee

Blueprint for Free Speech

Center for Democracy & Technology

CETYS Center for Law and Society San Andres University (Buenos Aires, Argentina)

Committee to Protect Journalists

Constitutional Alliance

DATAS | Technology Governance

Defending Rights & Dissent

Derechos Digitales

Demand Progress

Digital Empowerment Foundation (DEF)

Digital Liberty

Digital Rights Watch

EIT

Electronic Frontier Foundation

Electronic Frontiers Australia

Engine

Freedom of the Press Foundation

Future of Privacy Forum

Global Forum for Media Development

Global Partners Digital

Human Rights Watch

Index on Censorship

Information Technology and Innovation Foundation (ITIF)

Instituto Beta para Internet e Democracia

International Civil Liberties Monitoring Group

Internet Society

Internews

IPANDETEC Centroamérica

Irish Council for Civil Liberties

Kenya Human Rights Commission

LGBT Technology Partnership & Institute

Linux Australia

National Association of Data Protection Officers of the Philippines (NADPOP)

New America’s Open Technology Institute

Observatorio de Derecho Informático Argentino (ODIA)

OpenMedia

Open Rights Group

Privacy International

Prostasia Foundation

Ranking Digital Rights

Reporters Without Borders (RSF)

Restore The Fourth

Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC)

S.T.O.P. - The Surveillance Technology Oversight Project TechFreedom

TEDIC - Paraguay

X-Lab

Technology Companies and Trade Associations

ACT | The App Association

BaysNet

Computer & Communications Industry Association

Ensignia P/L

Private Internet Access

Rakuten Viber

Wipro

Security and Policy Experts*

Adam Shostack, author Threat Modeling: Designing for Security

Adam Holland, Project Manager, Berkman Klein Center for Internet & Society

Amie Stepanovich

Aria Shanker

Ben Parkinson, Chief Information Security Advisor, SecureWorx

Bruce Schneier

Cameron Kerry, former General Counsel & Acting Secretary, U.S. Commerce Dept.

Corch, Managing Director, Shogun Cybersecurity

Declan Finlay

Domen Saviɩ, Dravljan D

Garrett Schumacher, MS; Director of Communications and Strategy; Lecturer; Technology, Cybersecurity and Policy Program; University of Colorado Boulder

Hal Abelson, Professor of Computer Science and Engineering, Massachusetts Institute of Technology

Helaine Leggat, Board Member Australian Information Security Association (AISA)

Jabir Jonuzi

James Munro, Cybersecurity Consultant

Jeffrey J. Blatt, Founder, X Ventures

Jon Callas

Kate Carruthers

Katie McAuliffe, Executive Director, Digital Liberty

Mailyn Fidler, Affiliate Researcher, Berkman Klein Center for Internet & Society

Malcolm Gregory

Maon Catzel, ISC2 Associate

Mark Kahn, Former Deputy General Counsel of WhatsApp

Matthew D. Green, Associate Professor, Computer Science Department, Johns Hopkins University

Michael Hardlee, ​Senior Solutions Consultant, Team Lead

Michael Kafoa, MISM CISSP CRISC, Information Security Advisor

Mike Godwin, Trustee, Internet Society

Rafe Hart

Riana Pfefferkorn, Stanford Center for Internet and Society

Dr. Richard Forno, Senior Lecturer, UMBC

Rik Farrow, Editor, USENIX

Robert Marazzato, CISSP

Rob McDowall, Equality Council

Russell Border

Sam Hitchiner

Sascha Meinrath, Director, X-Lab, Palmer Chair in Telecommunications, Penn State University

Simon Smith, eVestigator

Simon Stahn, Adrenalan

Steve Wildman, former FCC Chief Economist

Dr. Suelette Dreyfus, Academic Specialist, School of Computing and Information Systems, University of Melbourne

Sven Herpig, Stiftung Neue Verantwortung (SNV)

Theo Karner

Vikas Raina

*Affiliations provided for identification purposes only

PDF available here.

Members help shape the Committee’s action agenda, author its official Statements and other materials shared with policy makers and the public, and spot emerging issues on which the Committee might engage. Join USTPC today!