DOJ Using The FOSTA Playbook To Attack Encryption

Politics

from the watch-out dept

For years now, the various DOJ folks pushing to break encryption have whined and complained that the tech industry won’t even consider having an adult conversation about encryption. This, of course, has never been true. Indeed, in just the past few weeks we’ve highlighted two separate examples of attempts to bring together law enforcement folks and technology/cryptography experts to see if there are legitimate ways to move the conversation forward. That first one came up with an interesting and useful framework for judging any conversation about “lawful access” to encrypted communications, while the second demonstrated just how much various tech companies have been doing over the years — in particular in helping law enforcement deal with the issue of child abuse.

And what do they get for all that? First, a horrific article in the NY Times that accurately highlights the awfulness of child sexual abuse online… but oddly frames the efforts that various tech companies have put into helping law enforcement as… evidence of not caring about the problem. And, of course, suggests that encryption is part of the problem:

After years of uneven monitoring of the material, several major tech companies, including Facebook and Google, stepped up surveillance of their platforms. In interviews, executives with some companies pointed to the voluntary monitoring and the spike in reports as indications of their commitment to addressing the problem.

But police records and emails, as well as interviews with nearly three dozen local, state and federal law enforcement officials, show that some tech companies still fall short. It can take weeks or months for them to respond to questions from the authorities, if they respond at all. Sometimes they respond only to say they have no records, even for reports they initiated.

And when tech companies cooperate fully, encryption and anonymization can create digital hiding places for perpetrators. Facebook announced in March plans to encrypt Messenger, which last year was responsible for nearly 12 million of the 18.4 million worldwide reports of child sexual abuse material, according to people familiar with the reports. Reports to the authorities typically contain more than one image, and last year encompassed the record 45 million photos and videos, according to the National Center for Missing and Exploited Children.

This is following the FOSTA/SESTA game plan. Highlight legitimately horrific examples of horrible things that people have done (in FOSTA’s case, sex trafficking; here child porn). Then, follow it up by blaming the internet platforms and technology even if those platforms have actively helped law enforcement over and over again. Encryption is repeatedly suggested as truly evil.

Increasingly, criminals are using advanced technologies like encryption to stay ahead of the police.

“Advanced technologies”? And then:

Offenders can cover their tracks by connecting to virtual private networks, which mask their locations; deploying encryption techniques, which can hide their messages and make their hard drives impenetrable; and posting on the dark web, which is inaccessible to conventional browsers.

And again:

Tips included tutorials on how to encrypt and share material without being detected by the authorities.

Yes, encryption can be used to hide bad stuff. No doubt about it. However, it also protects the privacy and security of everyone else as well. There are real tradeoffs here to be discussed — and we shouldn’t forget that one element in that discussion is that law enforcement does have other tools to track down and find those involved in child porn. That encryption blocks some evidence does not mean there are not other ways for them to collect evidence — as we’ve seen in many other cases.

But, given that Attorney General William Barr has been on an anti-encryption kick lately, as has FBI Director Chris Wray, it shouldn’t be a huge surprise that they’ve teamed up for a DOJ “symposium” more or less building on the NY Times article (for which the DOJ appears to have been a major source), in which there appears to be an an entirely one-sided lineup of speakers to discuss the scary sounding:

Lawless Spaces: Warrant-Proof Encryption and Its Impact On Child Exploitation Cases

Barr is speaking, as is Wray. So is Deputy Attorney General Jeffrey Rosen, who also spent the summer trashing encryption. There are also two foreign speakers. There’s Peter Dutton, the Home Affairs Minister from Australia, who lead that country’s efforts to backdoor encryption with a bunch of ridiculously misleading claims about how companies that offer encryption should be blamed for anyone using it for illegal activity. Then there’s the UK’s Home Secretary, Priti Patel, who we had just mentioned earlier this week for her statements that encryption “empowers criminals.”

There does not appear to be a single cryptographer on the program. There does not appear to be a single technologist on the program. There does not appear to be anyone who can provide even the slightest counterweight to the idea that encryption is just a tool for criminals. Contrast this to the sessions we talked about at the opening of this piece. The Carnegie Endowment and Stanford each actually invited people from a variety of different viewpoints and made sure to have actual experts involved. The DOJ is not doing that. This is pure theater as part of a public relations campaign to undermine the encryption that keeps us all safe.

Yes, you can point out very real and horrifying examples of people abusing just about any technology. But in a sane world, you then start looking at the actual size of the problem, the actual risks, the alternative approaches, and the costs and benefits associated with all of them. Not a single person on the DOJ’s list of speakers seems equipped to do that. Given that we’ve quoted each and every one of them right here on Techdirt staking out an extreme anti-encryption standpoint over and over again, suggests that, unlike the tech industry, which has held and participated in various discussions, the DOJ just wants to set up scare mongering stories in the press before pushing for legislation that will destroy encryption and put us all at risk. For our safety.

As you’ll recall, AG Barr himself had ominously warned that if the tech industry didn’t “engage” then eventually there would be some sort of “incident” to “galvanize public opinion” against encryption:

Obviously, the Department would like to engage with the private sector in exploring solutions that will provide lawful access. While we remain open to a cooperative approach, the time to achieve that may be limited. Key countries, including important allies, have been moving toward legislative and regulatory solutions. I think it is prudent to anticipate that a major incident may well occur at any time that will galvanize public opinion on these issues.

Well, the industry was willing to engage and explain the costs of undermining encryption. But rather than understand that, it now looks like Barr is working overtime to manufacture that “major incident” to galvanize public opinion against their own security. It’s a shame the NY Times decided to help.

Filed Under: child porn, chris wray, doj, encryption, fosta, going dark, moral panic, peter dutton, priti patel, william barr
Companies: facebook, google, ny times