Wray uses Jan 6 to push war on encryption

Wray uses Jan 6 to push war on encryption

FBI Director Chris Wray testified during a Senate Homeland Security and Governmental Affairs Committee hearing on March 2nd. While questions ranged from the absurd (Sen. Blackburn demanding to know if the FBI is tracking Antifa) to the racist (shifting to MS-13, China, Libya and Syria), the focus was on the January 6 right-wing coup attempt at the Capitol.

It was the first time Wray has appeared publicly since January 6. He discussed the scope of the investigation: More than 300 arrests by the FBI and “partner agencies” and hundreds of ongoing investigations into the death of Brian Sicknick and other events of the day. The FBI, he says, has received more than 270,000 digital media tips, while he encouraged people to keep up the post-9/11 “if you see something, say something” approach of spying on their (now digital) neighbors.

Wray boosts the war on encryption

It’s been well established that January 6 was plotted in the open on Facebook, Twitter, Gab, Parler and other platforms. Despite this – and the 270,000 digital media tips the FBI has received – Wray used his testimony to further boost the US government’s war on encryption, demanding law enforcement access to our private communications.

His written statement provided to the Committee demands “lawful access” to data.

We are deeply concerned with the threat end-to-end and user-only-access encryption pose to our ability to fulfill the FBI’s duty of protecting the American people from every manner of federal crime, from cyber-attacks and violence against children to drug trafficking and organized crime. We believe Americans deserve security in every walk of life – in their data, their streets, their businesses, and their communities.
End-to-end and user-only-access encryption erode that security against every danger the FBI combats.

Written testimony of FBI Director Chris Wray to the Senate Homeland Security and Governmental Affairs committee

He then uses the example of the plotted kidnapping of Michigan governor Gretchen Whitmer last year, while in the next sentence admitting that other methods – “human source reporting” – resulted in their arrest.

Wray is not the first high-level government official to call for weakening of encryption. His predecessor James Comey said in 2016 that Americans have never had “absolute privacy,” which “changes something at the center of our country that is really important.” That “important” thing is the ability of the government to violate our Fourth Amendment rights.

Twice-former Attorney General Bill Barr has also furthered this idea. In 2019, he called for tech companies to get rid of the “impenetrable digital shield” of encryption. As Tech for the People wrote on the EARN-IT Act last year, “Barr wants to make encryption so weak that it doesn’t actually protect from all but the most casual attackers. The national security state already works day and night to break encryption and gather data.”

In fact, none of this is particularly striking. The war on encryption is one prong in the move to enhance surveillance in the US and around the world. As Tech for the People wrote on January 18th:

In the wake of the storming of the US Capitol building and attempt to interrupt the certification of Joe Biden as the 46th President, a predictable refrain has been repeated amongst politicians and law enforcement. “We need new anti-terrorism laws,” they say. “We need to more freedom to surveil people,” they shout.

Mass surveillance opportunism: Oppose new civil liberties crackdowns

You can’t ban math

Encryption is essentially complicated mathematics. Computers can do this math at blazing speeds. Right now, you’re looking at this page on an encrypted connection. No one on your WiFi network can see what page you’re on, or what the content of the page. Your banking app is encrypted, your passwords are stored in an encrypted format on websites, messages you send through Signal are encrypted.

Not all encryption schemes are the same: there are many types of and ways to implement the idea of encryption. They develop methods with various tradeoffs: speed vs difficulty to crack, for example. There are two ways encryption can be broken: First, as computers become faster, old methods can become more easily defeated. Cryptographers develop new, more secure methods. Second, a backdoor can be inserted into the algorithm: a hidden way to decrypt an encrypted message.

Encryption is only math, a combination of numbers and formulas. You cannot ban encryption.

We’ve been here before

It’s believed that the NSA engineered a backdoor into an encryption method known as DUAL_EC_DRBG, a standard that had been approved by the National Institute of Standards and Technology in 2006. The flaws in DUAL_EC_DRBG, revealed by two Microsoft employees at a conference in 2007 but which didn’t get much attention until 2013, were bad enough that leading security companies rescinded recommendations to use the algorithm.

Commercial movies on DVDs were encrypted starting in 1996 with the Content Scramble System, or CSS. In order to decrypt the content of the DVD, player manufacturers had to purchase information on how CSS worked. They would not provide this information for free, or license it to open source DVD player applications. In 1999, three people (Jon Lech Johansen and two who are still anonymous) released a program called DeCSS that cracked the encryption key.

With the advent of Blu-Ray and HD-DVD technology, the MPAA moved to a system by the Advanced Access Content Licensing Administrator (AACS LA). The new encryption scheme required a special key to decrypt the content of discs. The key was cracked in 2006 and released on a number of websites, allowing open source, free player applications to be written. The MPAA and AACS LA immediately went to court to stop the distribution of the special license key. It became known as an illegal number, which could get one arrested or sued for distributing at the time.

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

The AACS encryption key.

It’s not unreasonable for someone to use that number elsewhere. You can’t ban a number, and you can’t ban math.

The future of the encryption debate

While the government can’t ban math, it can pass laws to require that software and hardware have encryption that’s either easily reversible, or to use methods with a backdoor. Under the guise of fighting terrorism or child exploitation, these restrictions will impact the safety and security of all who are under these restrictions.

As the DUAL_EC_DRGB situation shows, it’s not impossible to discover flaws in encryption algorithms. The question is, who discovers them and how do they use that knowledge? State actors already spend tremendous resources on this task – as do shady criminal groups. If an encryption scheme can be reversed or broken, anyone with the knowledge of how to do so will be able to view data encrypted with that scheme.

The debate in the war on encryption must be re-centered. Our privacy is at stake!