• Tag Archives EFF
  • Fancy New Terms, Same Old Backdoors: The Encryption Debate in 2019

    Almost every week, we hear about another corporate data breach or government attack on privacy. For anyone who wants real privacy online, encryption is the essential component.

    Governments around the world keep trying to break encryption, seeking to enhance the power of their law enforcement agencies. They’ve tried for years to require companies to build backdoors into encrypted software and devices, which would enable them to listen in on potentially any digital conversation. The FBI has coined a phrase, “going dark,” that it has used since the late ’90s to describe their “problem”—the lack of an omnipresent, all-powerful surveillance tool.

    But encryption with special access for a select group isn’t some kind of superpower—it’s just broken encryption. The same security flaws used by U.S. police will be used by oppressive regimes and criminal syndicates.

    The only innovation in 2019 has been rhetorical—anti-encryption authorities are determined not to call a backdoor a backdoor. Instead, we saw a proposal from UK intelligence agency GCHQ to add “ghost” listeners to encrypted messaging applications. Later in the year, we saw a revival of the idea of “key escrow,” a discredited idea about how to square the circle on encryption.

    Other approaches included ideas like “client-side scanning,” which is also sometimes called “endpoint filtering” or “local processing.” This array of terms describes a system where a messaging application maintains end-to-end encryption, but when users upload images or other content, it can be first checked locally against a set of “hashes” or fingerprints for contraband. These strategies have been proposed as solutions to the problem of child exploitation images, a problem that the DOJ highlighted frequently in the latter half of 2019, trying to reframe the use of encryption as enabling criminal behavior.

    The promise of end-to-end encryption is, ultimately, a simple value proposition: it’s the idea that no one but you and your intended recipients can read your messages. There’s no amount of wordsmithing that can get around that. It’s high time to start convening conferences and panels of experts to research and publish ideas about how effective law enforcement can co-exist with tools for privacy and strong encryption, rather than trying to break them.

    Keeping Promises on Encryption

    Government pressure hasn’t caused tech companies to abandon encryption, at least not yet. In March, Facebook CEO Mark Zuckerberg publicly embraced end-to-end encryption for all of Facebook’s messaging products. That sounds great, in theory, but the proof is in the pudding—we still don’t know how Facebook might seek to monetize an end-to-end encrypted service. There are also policy and competition concerns about the company’s intention to merge WhatsApp, Instagram, and Facebook Messenger.

    But those policy concerns might be rendered moot if the company backpedals under the glare of increasing government demands. In October, top law enforcement officials in the U.S., U.K., and Australia called on Zuckerberg to simply stop his plan to encrypt the merged messenger products. Again waving the flag of child safety, law enforcement agencies in these three countries made clear their ultimate goal: access to every conversation, on every digital device. Civil society hasn’t been silent. We joined together with more than 100 other NGOs to write our own letter urging Facebook to proceed with its plans. In December, Facebook itself signaled it won’t bow to that pressure.

    The stakes couldn’t be higher. Whichever way the social media giant moves on encryption, other companies are sure to follow.

    Source: Fancy New Terms, Same Old Backdoors: The Encryption Debate in 2019 | Electronic Frontier Foundation

  • NSA Internet Surveillance Under Section 702 Violates the First Amendment

    The First Amendment is too often overlooked in discussions of the National Security Agency’s vast surveillance authorities. But as Congress considers whether to reauthorize Section 702 of FISA this winter, we must remember that it’s not just our Fourth Amendment rights to privacy that are in the crosshairs, but also our First Amendment rights. These rights to anonymously speak, associate, access information, and engage in political activism are the bedrock of our democracy, and they’re endangered by the NSA’s pervasive surveillance.

    The NSA uses Section 702 to justify ongoing programs to siphon off copies of vast amounts of our communications directly from the Internet backbone as well as require system-wide searches across the information collected by major Internet companies like Google, Facebook, and Apple.

    So how does the First Amendment come to apply to mass surveillance? To understand this, we need to begin with a little history of the civil rights movement.

    As part of the backlash to the Supreme Court’s ruling striking down segregation in schools, the Attorney General of Alabama, John Patterson, brought a lawsuit against a leading civil rights organization, the National Association for the Advancement of Colored People (NAACP). The lawsuit alleged that the NAACP violated a state law requiring “foreign corporations” to file certain paperwork and get approval before practicing business in Alabama. The NAACP is a nonprofit membership organization; it didn’t file the paperwork because it believed it was exempt. While the NAACP fought the suit, the state issued a subpoena demanding detailed records from the NAACP, including membership lists and bank records. The NAACP refused to surrender its membership lists, fearing retaliatory consequences for its members. Because of this refusal, the court fined the NAACP $10,000, which after five days was raised to $100,000. The NAACP con