Search This Blog

Translate

Search Tool




Feb 25, 2020

Analysis | The Cybersecurity 202: The Justice Department is giving up on an encryption truce with Big Tech


By Joseph Marks


PowerPost Analysis
Analysis Interpretation of the news based on evidence, including data, as well as anticipating how events might unfold based on past events


U.S. Assistant Attorney General for the National Security Division John Demers in 2018 in Washington, DC. (Photo by Zach Gibson/Getty Images)

THE KEY
SAN FRANCISCO – The Justice Department has essentially given up hope that tech companies will voluntarily build into their products a special way for law enforcement to access encrypted communications to help track terrorists and criminals, a top official says.
Instead, the department is focusing on getting legislation that forces companies to cooperate –  and is hoping encryption-limiting laws in Australia and the United Kingdom will ease the path for a similar law in the United States, said John Demers, assistant attorney general for national security.
“If there were a proposal from tech companies or a desire to talk about this issue that wasn't just everybody rehashing their own positionsthen we'd be happy to hear it,” he said. “But we really haven't gotten anywhere in however many years we've been open to talk.”
The shift illustrates how law enforcement believes it now has a political advantage in the debate over warrant-proof encryption – especially in Congress where lawmakers harangued officials from Apple and Facebook over the systems during a Senate Judiciary Committee hearing in December. As committee chairman Lindsey Graham (R-S.C.) warned the companies then: “You’re going to find a way to do this or we’re going to do it for you.”
“I've never seen such a bipartisan appetite for legislation," Demers said of that hearing. "It seems to me that in Congress something has shifted and it's shifted in favor of trying to find some solution to this problem.”
Demers was speaking with reporters ahead of the RSA Conference in San Francisco – one of the top annual gatherings of tech and cybersecurity executives. But there’s no organized plan to lobby any of those leaders on warrant-proof encryption, he said, describing their positions as “dug in.”
That's a sea change from 2016, when the FBI and Justice Department sought to appeal to Big Tech to find a compromise, as prospects for encryption-limiting legislation seemed all but dead. Back then, the momentum seemed to be security experts who argued there’s no way to give police special access to encrypted systems without raising the risk that criminal hackers could also break into those systems.
The FBI stepped back that year from a legal standoff with Apple in which it tried to force the company to help it crack into an encrypted iPhone used by San Bernardino shooter Syed Farook. And two years later the bureau was rocked by internal watchdog reports that found it had rushed to litigation against Apple without exploring other ways to crack into the phone and repeatedly overstated how many cases were foiled by encryption.
Demers pointed to two big changes since then that have given the government’s encryption arguments juice.
First, Congress and the broader public are feeling a lot less sympathetic to big tech companies in the wake of myriad privacy scandals and after Russian operatives co-opted social media to spread disinformation during the 2016 election.
“If you look at what the feeling is about social media companies in Congress today versus what it wasin 2015, it's very different,” he said. “There’s a sense that social media companies ought to have more responsibility for what's happening on their platforms.”
Second, Australia passed a first-of-its-kind law allowing police to force companies to give them access to encrypted communications in 2018 and the United Kingdom passed a more limited law in 2016.
Demers hopes those laws will create a model for how lawmakers in the United States might limit encryption, he said. But he’s also hoping if encryption-limiting laws spread that will knock back one big argument made by U.S. tech companies – that backdoors for law enforcement will mean lost business to companies in countries that aren’t bound by similar laws.
“If their competitors are in these other countries [with encryption-limiting laws]then there's not going to be a competitive disadvantage for American companies,” he said.
Justice officials have also shifted their messaging on encryption, talking less about the danger of terrorists recruiting and planning operations outside law enforcement's view and more about the threat of a surge in child predators sharing illicit images or luring children on social media. There are signs it might be working: the tough-on-tech hearing in December came after Attorney General William P. Barr offered a public plea for Facebook to back off plans to expand encryption on its messaging platforms for these reasons.
Facebook refused to change its plans, saying limiting encryption would damage cybersecurity for all its users.

PINGED, PATCHED, PWNED


President Trump steps off Air Force One after arriving in Charlotte in early February. (Leah Millis/Reuters)
PINGED: The drama over intelligence agency reports about Russia supporting President Trump and Democratic front-runner Sen. Bernie Sanders (I-Vt.) continues. Trump slammed House Intelligence Chairman Adam B. Schiff (D-Calif.) saying that he "set up" the intelligence community with “lies and leaks.” 
Set up by Schiff’s lies & leaks. Same with the Mueller Witch Hunt 3 years ago! https://t.co/uSzupeHXoq
— Donald J. Trump (@realDonaldTrump) February 24, 2020
Democratic Sens. Robert Menendez (N.J.), Sherrod Brown (Ohio) and Minority Leader Charles E. Schumer (N.Y.) also wrote to the Treasury and State Departments urging new sanctions on Russia in light of the reports, per Emma Loop at BuzzFeed.
NEW: Three senior Democratic senators have written to Treasury Sec. Mnuchin & Sec. of State Pompeo urging them "to immediately and forcefully" hit Russia with sanctions in response to reports that the intel community told Congress that Russia is interfering in the 2020 elections. pic.twitter.com/LQ1xy1AQe4
— Emma Loop (@LoopEmma) February 24, 2020

Sen. Bernie Sanders (I-Vt.) speaks at a dinner Monday in Charleston, S.C. (Matt Rourke/AP)
PATCHED: Facebook, meanwhile, came up empty-handed in a probe of whether suspicious content boosting Sanders's presidential bid was linked to Trump supporters or Russia, the Wall Street Journal's Emily Glazer and Dustin Volz report
The company investigated the content after an outside researcher flagged it as suspicious, Facebook spokesman Andy Stone told Emily and Dustin. He also said that the company has not been notified by the intelligence community that Russian actors are boosting Sanders on social media. 
“Had we found a campaign of coordinated inauthentic behavior, we would’ve removed it and announced it publicly, just as we did more than 50 times last year, Stone told Emily and Dustin.
U.S. intelligence officials have briefed Sanders that Russia is attempting to help his presidential campaign to interfere with the 2020 Democratic primary, my colleagues reported last week. But it wasn't immediately clear what form that assistance took and if it involved social media manipulation. U.S. prosecutors previously uncovered a Russian effort in 2016 using social media to boost Sanders's candidacy. 

Richard Grenell. (Thomas Kienzle/AFP/Getty Images)
PWNED: Trump’s pick for acting director of the intelligence community, who is under fire from Democrats who say he’s underqualified and overly-partisan, will also drawn into the efforts to extradite Julian Assange from London, Natasha Bertrand at Politico reports
Lawyers for the WikiLeaks founder plan to argue that Richard Grenell, as U.S. ambassador to Germany, was part of a highly political process to ensure Assange’s extradition and was working under direct orders from Trump, Natasha reports. That included guaranteeing to Ecuadoran officials that Assange would not face the death penalty in the United States if they expelled him from the embassy where he had taken refuge for the past eight years. 
The argument is based on secondhand conversations with Grenell's associate Arthur Schwartz, who texted journalist Cassandra Fairbanks that Grenell took orders from the president. Schwartz has denied implicating Grenell. 
Here’s more on opening arguments in the Assange extradition case from my colleagues William Booth and Karla Adam.

PUBLIC KEY

Sen. Ron Wyden (D-Ore.) wants answers from ShiftState, the cybersecurity firm that audited the Voatz mobile voting app that's come under fire for security flaws, Tim Starks at Politico reports. Wyden wants to know how and why ShiftState gave the system a clean bill of health.
— More cybersecurity news from the public sector:

The legislation does not go far enough to strengthen protections for targets of intelligence wiretaps, privacy advocates say
Ellen Nakashima

“The one area that China has been keen to exploit is at the state level because state governments largely are not aware of the threat it poses to them,” Sen. Marco Rubio said at the report’s release.
Nextgov

Lawmakers scored another win in their fight against TikTok after the Transportation Security Administration barred its employees from using the megapopular video app.
The Hill

PRIVATE KEY

Cybersecurity news from the private sector:

All signs point to an attack exploiting PayPal's Google Pay integration.
ZDNet

A new report warns that the iOS copy/paste function has this risky "exploit" built-in.
Forbes

THE NEW WILD WEST

Cybersecurity news from abroad:

The Prime Minister's office, the Ministry of Foreign Affairs, the National Intelligence Service (EYP) and the Hellenic Police (ELAS) were the targets of an international cyber espionage campaign in April 2019 code-named “Sea Turtle.”
Kathimerini

Mexico's economy ministry detected a cyber attack on some of its servers on...
Reuters

Australia is under an "unprecedented" threat of foreign espionage and ...
Reuters



No comments:

Post a Comment

Note: Only a member of this blog may post a comment.