AG Barr rails against encryption — but security experts have heard it before

Security experts have heard Barr's message before and expect to hear again, particularly now that some major tech companies have embraced encryption.
Image: William Barr
U.S. Attorney General William Barr addresses the International Conference on Cyber Security, hosted by the FBI and Fordham University, at Fordham University in New York on July 23, 2019.Richard Drew / AP

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
SUBSCRIBE
By Cyrus Farivar

On Tuesday, Attorney General William Barr had an ominous message for the American public: so-called “warrant-proof” strong encryption that law enforcement can’t access imposes an unacceptably high risk to the country.

“These costs will grow exponentially as deployment of warrant-proof encryption accelerates and criminals are emboldened by their ability to evade detection,” he said at a cybersecurity conference in New York City.

Barr’s words echoed those of government officials going back more than 25 years who have called for the government’s ability to bust through strong encryption, which can make data held on a cellphone or computer almost unreadable to anyone who does not possess the password to decrypt it.

It’s a message security experts have heard before and expect to hear again, particularly now that some major tech companies have embraced encryption as a way to promise security to consumers who are starting to take privacy seriously. Facebook recently announced that it would expand its use of encryption in its apps. Secure messaging apps like Signal have become considerably more sophisticated and easier to use.

“This is the groundhog day on encryption policy that I’ve come to expect,” said Matt Blaze, a computer science professor at Georgetown University.

Barr’s complaints — and those of Justice Department officials going back to the 1990s — centered on what it means for government investigators. He did not offer a specific way that the government should go about, either technically or legally, defeating encryption.

Byers Market Newsletter

Get breaking news and insider analysis on the rapidly changing world of media and technology right to your inbox.

“It allows criminals to operate with impunity, hiding their activities under an impenetrable cloak of secrecy. As you know, some refer to this eclipsing of the government’s investigative capabilities as ‘going dark,’” he said. “While encryption protects against cyberattacks, deploying it in warrant-proof form jeopardizes public safety more generally. The net effect is to reduce the overall security of society.”

His words are similar to what the Clinton White House wrote in an April 1993 press release, which noted that “encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists.”

At that time, the administration was proposing a device known as the “Clipper Chip,” which aimed to allow the government access to encrypted data in certain situations. But the plan was quickly torpedoed when Blaze, then a young AT&T researcher, found considerable flaws in the chip’s design that allowed an attacker to essentially skip over the government-mandated encryption system, thereby defeating its entire purpose.

The Clipper Chip problem illuminated what security experts have long argued is an inherent issue with the government’s push for ways to break encryption — allowing the government to have a method to gain what would otherwise be a near-impenetrable digital lock also means that potential hackers and other miscreants would have a way in.

“Sophisticated criminals will continue to have access to encryption even if the law is changed,” said Riana Pfefferkorn, the associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society. Clint Watts, a fellow at the Foreign Policy Research Institute and a former FBI special agent, said that his colleagues in law enforcement have been concerned about this issue going back at least a decade.

But he noted that public opinion was decidedly swayed away from the government in 2016, when federal prosecutors went to the mat against Apple as a way to compel it to break its own encryption in the wake of the San Bernardino, California, terrorist shooting.

In that incident, Department of Justice officials ultimately said that a private company stepped in and was able to crack the device, sidestepping the legal question. In the wake of that case, major tech firms have been much more vocal about resisting government pressure, and encouraging members of Congress to not change the status quo.

“They’ve really pushed it so that no congressman wants to put their head up,” Watts said.

Meantime, Barr’s position is not universally accepted in those who still and formerly graced the halls of power.

In fact, Gen. Michael Hayden, who previously served as the head of the CIA and the National Security Agency, publicly disagreed with Barr’s remarks.

In response to a news story about Barr’s statements that Americans should accept the security risks of back doors, Hayden tweeted: “Not really.”