Bookmarked Rethinking Encryption (Lawfare)

We all need to deal with reality. And in my experience, that’s what the people who have dedicated their lives to protecting all of us—such as the employees of the FBI—usually do best. How else do you stop the bad guys but by living in reality and aggressively taking the fight to them based on an accurate assessment of the facts? I am most certainly not advocating surrender, but public safety officials need to take a different approach to encryption as a way to more effectively thwart our adversaries, protect the American people and uphold the Constitution in light of the existential cybersecurity threat that society faces. If law enforcement doesn’t want to embrace encryption as I have suggested here, then it needs to find other ways to protect the nation from existential cyber threats because, so far, it has failed to do so effectively.

Jim Baker takes a deep dive into the world or security, encryption and zero-trust networks. He touches on the current confusion over the law, that the government can request access, but there is nothing to say that such access should not be encrypted:

Put differently, the legal problem for law enforcement is not the Fourth Amendment. Investigators and prosecutors can and do obtain warrants to authorize searches, seizures and surveillance of encrypted digital evidence. The problem is that there is no law that clearly empowers governmental actors to obtain court orders to compel third parties (such as equipment manufacturers and service providers) to configure their systems to allow the government to obtain the plain text (i.e., decrypted) contents of, for example, an Android or iPhone or messages sent via iMessage or WhatsApp. In other words, under current law, the most the government can do with respect to encrypted systems where the manufacturer or service provider does not hold the encryption keys is to demand that companies provide it with an encrypted blob for which they have no mechanism to decrypt.

One suggested workaround is better use of metadata to support crime enforcement:

If, in fact, governments more aggressively support encryption, they will have to focus even more on collecting and analyzing noncontent metadata, increasingly aided by advanced data analytics driven by machine learning and other artificial intelligence tools. I know full well that obtaining noncontent metadata, while useful, is not the same as collecting the full content of communications and documents. It is hard to use metadata, for example, to prove criminal intent or to understand exactly what a spy or a terrorist is plotting. But we are in a world where content is increasingly unavailable and there is a wealth of metadata. So, the government should focus on collecting the right data and developing or buying top-notch analytical tools. In doing so, of course, it needs to make sure that such metadata collection and analysis is consistent with the Fourth Amendment. Admittedly, that will be more complicated in light of the U.S. Supreme Court’s decision in Carpenter v. United States. And it will be harder to do all this in the face of efforts by some companies to further anonymize public internet metadata. Nevertheless, this is where law enforcement finds itself since it has not persuaded Congress to act.

However, what this all highlights is that every country has a different set of rules, therefore this is a debate that needs to be had in a number of places.

Listened Security vs privacy – who wins? Chips with Everything podcast from the Guardian

Ministers from several countries have written an open letter to the Facebook CEO, Mark Zuckerberg, asking him not to fully encrypt all of the company’s messaging services. This week, Jordan Erica Webber talks to The Guardian’s tech reporter Julia Carrie Wong and security expert Alan Woodward about the implications of restricting end-to-end encryption

Jordan Erica Webber unpacks the push by some governments to limit end-to-end encryption and the impact this would have on privacy and security. Cory Doctorow also discusses this on the Bitcoin Podcast, while Edwina Stott explores this topic on the Future Tense Podcast.
Bookmarked Australia’s war on encryption: the sweeping new powers rushed into law by Paul Karp (the Guardian)

Australia has made itself a global guinea pig in testing a regime to crack encrypted communication

Paul Karp discusses the new digital laws that have been passed meaning that providers can now be asked to provide access to users.

While a law enforcement agency may only be targeting one criminal suspect, that does not mean a technological trap will not harm others.

Danny O’Brien from EFF also provides context on this change.

Tristan Greene argues that it will kill the Australian tech scene:

Another way of putting it: Australia‘s tech scene will soon be located on the Wayback Machine.