Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Attorney General Barr Concedes That Backdoors Degrade Security

August 19, 2019

As RTL readers know, I am a big fan of cybersecurity expert Bruce Schneier who is blunt, quotable, and generally (thank you My Cousin Vinny) "balls-on accurate."

In a recent post, he reported that last month Attorney General William Barr gave a major speech on encryption policy – what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decrease security but asserted that it is worth it.

Schneier thinks this is a major change in government position. Previously, the FBI, the Justice Department and others had claimed that backdoors for law enforcement could be added without any loss of security. They maintained that technologists just need to figure out how — an approach that experts like Schneier have derisively named "nerd harder."

As Schneier says, "With this change, we can finally have a sensible policy conversation. Yes, adding a backdoor increases our collective security because it allows law enforcement to eavesdrop on the bad guys. But adding that backdoor also decreases our collective security because the bad guys can eavesdrop on everyone. This is exactly the policy debate we should be having — not the fake one about whether or not we can have both security and surveillance."

He also says, "Barr makes the point that this is about "consumer cybersecurity" and not "nuclear launch codes." This is true, but it ignores the huge amount of national security-related communications between those two poles. The same consumer communications and computing devices are used by our lawmakers, CEOs, legislators, law enforcement officers, nuclear power plant operators, election officials and so on. There's no longer a difference between consumer tech and government tech — it's all the same tech."

Barr also said: "Further, the burden is not as onerous as some make it out to be. I served for many years as the general counsel of a large telecommunications concern. During my tenure, we dealt with these issues and lived through the passage and implementation of CALEA the Communications Assistance for Law Enforcement Act. CALEA imposes a statutory duty on telecommunications carriers to maintain the capability to provide lawful access to communications over their facilities. Companies bear the cost of compliance but have some flexibility in how they achieve it, and the system has by and large worked. I therefore reserve a heavy dose of skepticism for those who claim that maintaining a mechanism for lawful access would impose an unreasonable burden on tech firms especially the big ones. It is absurd to think that we would preserve lawful access by mandating that physical telecommunications facilities be accessible to law enforcement for the purpose of obtaining content, while allowing tech providers to block law enforcement from obtaining that very content."

Schneier's response is that the telecommunications company was GTE — which became Verizon. Barr ignores that CALEA-enabled phone switches were used to spy on government officials in Greece in 2003 — which seems to have been a National Security Agency operation — and on a variety of people in Italy in 2006. Moreover, in 2012 every CALEA-enabled switch sold to the Defense Department had security vulnerabilities.

The final thing he noticed about Barr's speech is that it is not about iPhones and data at rest. It is about communications — data in transit. The "going dark" debate has bounced back and forth between those two aspects for decades. It seems to be bouncing once again.

That I certainly agree with. And if "data in transit" is compromised through the devices themselves, encryption ceases to matter.

Schneier's final words: "I hope that Barr's latest speech signals that we can finally move on from the fake security vs. privacy debate, and to the real security vs. security debate. I know where I stand on that: As computers continue to permeate every aspect of our lives, society, and critical infrastructure, it is much more important to ensure that they are secure from everybody — even at the cost of law enforcement access — than it is to allow access at the cost of security. Barr is wrong, it kind of is like these systems are protecting nuclear launch codes."

I stand, as I so often do, with Schneier.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Attorney General Barr Concedes That Backdoors Degrade Security

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer