The End of Encryption? NSA & FBI Seek New Backdoors Against Advice from Leading Security Experts

July 08, 2015


Bruce Schneier

security technologist and author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He’s also a fellow at Harvard’s Berkman Center for Internet and Society and a board member of the Electronic Frontier Foundation.

Image Credit: Reuters

FBI Director James Comey is set to testify against encryption before the Senate Intelligence Committee today, as the United States and Britain push for "exceptional access" to encrypted communications. Encryption refers to the scrambling of communications so they cannot be read without the correct key or password. The FBI and GCHQ have said they need access to encrypted communications to track criminals and terrorists. Fourteen of the world’s pre-eminent cryptographers, computer scientists and security specialists have issued a paper arguing there is no way to allow the government such access without endangering all confidential data, as well as the broader communications infrastructure. We speak with one of the authors of the paper, leading security technologist Bruce Schneier.


This is a rush transcript. Copy may not be in its final form.

JUAN GONZÁLEZ: We turn now to look at a major new push by the U.S. and Britain to allow law enforcement agencies to unlock encrypted digital messages. Encryption refers to the scrambling of data sent, for example, via your phone or applications like Facebook so it cannot be read without the correct key or password. The FBI and GCHQ have said they need "exceptional access" to encrypted communications in order to track criminals and stop them from acting. More recently, they’ve said new encryption technologies will prevent them from monitoring the communications of terrorists.

AMY GOODMAN: But in a paper released on Tuesday, 13 of the world’s pre-eminent cryptographers, computer scientists and security specialists argued there is no way to allow the government such access without endangering all confidential data, as well as the broader communications infrastructure.

Today, FBI Director James Comey is set to testify against encryption before the Senate Intelligence Committee. In a blog post on Monday, Comey wrote, quote, "The current ISIL threat ... involves ISIL operators in Syria recruiting and tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment." That’s Comey speaking about encryption. Let’s go to him speaking about it last October.

JAMES COMEY: We’re seeing more and more where we believe significant evidence is on that phone or on that laptop, and we can’t crack the password. If this becomes the norm, I suggest to you that homicide cases could be stalled, suspects walk free, child exploitation not discovered and prosecuted. Justice may be denied because of a locked phone or an encrypted device.

JUAN GONZÁLEZ: Meanwhile, a new report about wiretapping in 2014 that was published last week found that law enforcement personnel at the state and federal level were only hindered by encryption on four wiretaps all year.

AMY GOODMAN: For more, we go to London, where we’re joined by Bruce Schneier, a security technologist and author of the book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He is one of the co-authors of the paper that was released yesterday by encryption experts called "Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications." He’s also a fellow at Harvard’s Berkman Center for Internet and Society and a board member of the Electronic Frontier Foundation.

Bruce, welcome back to Democracy Now! A major paper that you all, the security technologist gurus of the world, have just released. Talk about the significance of what the U.S. and Britain are demanding right now and why you consider it such a threat.

BRUCE SCHNEIER: It’s extraordinary that governments—that free governments are demanding that security be weakened because the government might want to have access. This is the kind of thing that we see out of Russia and China and Syria. But to see it out of Western countries, I think, is extraordinary. What we wanted to do in the paper is say, as technologists, trying to do this will be incredibly damaging. There’s a policy debate going on right now. You talked about Comey talking before the Senate. We want to come together as technologists to try to inform that debate, and that’s why we wrote the report.

JUAN GONZÁLEZ: And why do you say it will be incredibly damaging?

BRUCE SCHNEIER: Because what Comey wants is encryption that he can break with a court order. But as a technologist, I can’t design a computer that operates differently when a certain piece of paper is nearby. If I make a system that can be broken, it can be broken by anybody, not just the FBI. So his requirement for access gives criminals access, gives the Chinese government access. We need encryption for security, for many more reasons than he wants to break it. Trying to break it just makes it weak. We all have less security because of that.

AMY GOODMAN: I want to go back to FBI Director James Comey speaking in October, when he warned against smartphone data encryption.

JAMES COMEY: Encryption is nothing new, but the challenge to law enforcement and national security officials is markedly worse with recent default encryption settings and encrypted devices and networks, all in the name of increased security and privacy. For example, with Apple’s new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default. Shortly after Apple’s announcement, Google announced plans to follow suit with its Android operating system. This means that the companies themselves will not be able to unlock phones, laptops and tablets to reveal photos or documents or email or stored texts or recordings in those instruments.

AMY GOODMAN: That’s FBI Director James Comey. Bruce Schneier, your response?

BRUCE SCHNEIER: So, he said that, and problem is, whenever we hear these arguments, we don’t get any examples. You mentioned the recent report that said encryption only foiled wiretaps in four cases. Comey has not been able to give good examples of iPhones being encrypted. He gave some examples; they were pretty much instantly refuted. So we get a lot of scare stories, but we don’t get actual credible evidence that this is hindering law enforcement.

It turns out we give a lot of data that is not encrypted and can’t be encrypted—Facebook, email, lots of conversations, location data on our cellphone. This is actually the golden age of surveillance. And a lot of this stuff can be used against us. Remember, Apple’s—the photos from Apple’s servers that were stolen and leaked, and these were compromising photos of celebrities. And this is how our data is being stored. The fact that some stuff is being put on phones, some communications are secure, that’s not a hindrance to him. He says it is, but it’s scare stories.

And we heard these scare stories before. In the mid-'90s, we had this exact same debate. And most of the group of us that wrote the report we released yesterday released a report in the mid-'90s saying the same things. Here we are 20 years later, and there hasn’t been a problem. So I don’t see a problem, and I’m afraid the solution is damaging.

JUAN GONZÁLEZ: And, Bruce, there seems to be more attention to the issue of the potential isolated group of terrorists being able to take advantage of the Internet, and not all of the companies that, on a daily basis, are being breached in one way or another. Consumers are going crazy with their private information being grabbed by all kinds of other folks that are able to penetrate systems, so that the emphasis, it seems to me, should be on more encryption, more protection for consumers on the Internet, and not the government being able to access everything.

BRUCE SCHNEIER: I mean, that’s exactly right. We’re concerned about criminals. We’re concerned about Chinese nationals, other countries. We’re concerned about the security of our data, and encryption is a valuable tool. To deliberately weaken that at the behest of the FBI or the U.K. government, I think, is a really crazy trade-off. It doesn’t make us safer; it makes us more at risk.

JUAN GONZÁLEZ: And you’re speaking to us from the U.K. What is David Cameron proposing for the United Kingdom?

BRUCE SCHNEIER: Cameron is proposing something even more extreme. He’s made statements saying that secure encryption should be illegal. Now, that, I think, would be incredibly damaging. It’s also unworkable. I mean, if he wants to make that so, he has to seize my computer, my laptop, when I enter the country. He’s not going to do that. That will destroy tourism. But the noise here is even more extreme, that it should be a crime to use secure encryption. I think it really should be the opposite, that not using it, you should be liable for damages.

AMY GOODMAN: Can you talk, Bruce Schneier, about the backdoors that exist, and especially for a completely lay audience around the world, what we should be concerned about right now, now and also what Britain and the U.S. are considering, what Comey will be testifying about today?

BRUCE SCHNEIER: It’s an interesting question, because while encryption is a very powerful too and very strong, computer security is very weak. We, as scientists, don’t know how to build secure computers. So I can protect the encryption of your phone, but I can’t stop someone from hacking into it. And if you look at what the NSA does, what the Chinese government does, what criminals do, they hack into devices. And that’s something that we’re still very much at risk at. The big breaches you’re seeing are not breaches of encryption. They’re hacking. We know the FBI does hacking.

And a lot of us on the group believe that lawful hacking is the solution to Comey’s problem. Don’t break encryption for everybody, but hack into the computers of just the suspects you want to eavesdrop on. That’s more powerful. That’s something we can’t really prevent. And that gives you, the FBI, the U.K. government, the access you need. And that is both a problem and a solution. We do need to get better at it. I mean, all the breaches you’re seeing show how bad it is, whether it’s Office of Personnel Management; whether it’s a cyberweapons arms manufacturer in Italy, Hacking Team, last week; whether it’s Target or Home Depot or any bank. You know, these are all breaches of computer security from these flaws.

JUAN GONZÁLEZ: Well, I wanted to ask you about one of those, another story in the news. Leaked documents appear to show an Italy-based private spyware company known as the Hacking Team was selling its products to U.S. law enforcement agencies and repressive governments around the world. The Hacking Team sells software which lets users seize remote control of another person’s computer. Its customers include the FBI, the Drug Enforcement Administration and the U.S. Army, as well as foreign governments including Ethiopia, Sudan, Saudi Arabia and Bahrain. The documents were published to the company’s own Twitter feed following an apparent breach.

BRUCE SCHNEIER: So this is an amazing story. Hacking Team is a company—it’s a cyberweapons arms manufacturer—that sells both to the U.S. government and to repressive regimes all over the world. Hacking Team has been responsible for people dying. I have no doubt about that. And what happened is, some hacker decided to publish all of their documents. We learned some extraordinary things, like the company has secret access into the products it sold to all these countries and didn’t tell them. The company has problems. I mean, it’s one thing to have dissatisfied customers. Hacking Team has dissatisfied customers with hit squads. This is going to be bad. This is a company that I believe has behaved immorally. So I’m really kind of happy to see them on the ropes here.

AMY GOODMAN: I wanted to ask you about Edward Snowden. The person we were just talking about in the last segment, the former attorney general, Eric Holder, interestingly, after Eric Holder stepped down, he just recently said that he thinks the possibility exists for the Justice Department to cut a deal with NSA whistleblower Edward Snowden, allowing him to return to United States. I wanted to get your response to that and also how Edward Snowden’s revelations, now in political asylum in Russia, have informed your work, Bruce.

BRUCE SCHNEIER: You know, the data that Snowden revealed via the reporters has been nothing short of amazing. We’ve learned a lot about how the NSA works, the justifications behind what they do, the things they do. And by extension, we’ve learned what other countries do, as well. Right? The NSA is not made of magic. These are the same things Russia and China and Israel and France and other countries do. So we’re learning a lot about nation-state surveillance. And that teaches us how to make things more secure. At the same time, we’ve had this great political debate in the United States about what are the limits of U.S. surveillance. There’s been less of a debate in the U.K., but there has been some, as well. So Snowden has done two things, from my perspective: He’s shown citizens what the government is doing in their name, and he’s shown technologists what the capabilities of attack are, so we can build better defensive capabilities.

AMY GOODMAN: Do you think he should be allowed to come back into the United States? And do you think he should be able to live as a free man?

BRUCE SCHNEIER: I mean, I certainly think he should. But this is—that’s very much a political decision. I’m a technologist. I think it’s still very—the emotions are very raw in the intelligence community. He did betray them. And I don’t know how many years have to pass before it doesn’t sting anymore, how many people have to retire. I think it would be great if he could return as a free man, but I don’t know.

AMY GOODMAN: Bruce, we want to thank you very much for being with us. Bruce Schneier, security technologist, author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, one of a group of 14 of the world’s pre-eminent cryptographers and computer scientists who have presented a paper challenging what the U.S. government and the British government want to do about encryption. We’ll continue to follow this story, of course.

This is Democracy Now! When we come back, though, we’re going to Gaza City. It is the first anniversary of the Israeli assault on Gaza. Stay with us.

The original content of this program is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. Please attribute legal copies of this work to Some of the work(s) that this program incorporates, however, may be separately licensed. For further information or additional permissions, contact us.

Email icon redDaily News Digest