Yesterday, the House Oversight Committee held a hearing over this whole stupid kerfuffle about mobile encryption. If you don’t recall, back in the fall, both Apple and Google said they would start encrypting data on mobile devices by default, leading to an immediate freakout by law enforcement types, launching a near exact replica of the cryptowars of the 1990s.
While many who lived through the first round had hoped this would die a quick death, every week or so, we see someone else in law enforcement demonizing encryption, without seeming to recognize how ridiculous they sound. There was quite a bit of that in the hearing yesterday, which you can sit and watch in its entirety if you’d like:
Thankfully, there were folks like cryptographer Matt Blaze and cybersecurity policy expert Kevin Bankston on hand to make it clear how ridiculous all of this is — but it didn’t stop law enforcement from making their usual claims. The most ridiculous, without a doubt, was Daniel Conley, the District Attorney from Suffolk County, Massachusetts, whose opening remarks were so ridiculous that it’s tough to read them without loudly guffawing. It’s full of the usual “but bad guys — terrorists, kidnappers, child porn people — use this” arguments, along with the usual “law enforcement needs access” stuff. And he blames Apple and Google for using a “hypothetical” situation as reason to encrypt:
Apple and Google are using an unreasonable, hypothetical narrative of government intrusion as the rationale for the new encryption software, ignoring altogether the facts as I’ve just explained them. And taking it to a dangerous extreme in these new operating systems, they’ve made legitimate evidence stored on handheld devices inaccessible to anyone, even with a warrant issued by an impartial judge. For over 200 years, American jurisprudence has refined the balancing test that weighs the individual’s rights against those of society, and with one fell swoop Apple and Google has upended it. They have created spaces not merely beyond the reach of law enforcement agencies, but beyond the reach of our courts and our laws, and therefore our society.
The idea that anything in mobile encryption “upends” anything is ridiculous. First, we’ve had encryption tools for both computers and mobile devices for quite some time. Apple and Google making them more explicit hardly upends anything. Second, note the implicit (and totally incorrect) assumption that historically law enforcement has always had access to all your communications. That’s not true. People have always been able to talk in person, or they’ve been able to communicate in code. Or destroy communications after making them. There have always been “spaces” that are “beyond the reach of law enforcement.”
But to someone so blind as to be unaware of all of this, Conley thinks this is somehow “new”:
I can think of no other example of a tool or technology that is specifically designed and allowed to exist completely beyond the legitimate reach of law enforcement, our courts, our Congress, and thus, the people. Not safe deposit boxes, not telephones, not automobiles, not homes. Even if the technology existed, would we allow architects to design buildings that would keep police and firefighters out under any and all circumstances? The inherent risk of such a thing is obvious so the answer is no. So too are the inherent risks of what Apple and Google have devised with these operating systems that will provide no means of access to anyone, anywhere, anytime, under any circumstance.
As Chris Soghoian pointed out, just because Conley can’t think of any such technology, it doesn’t mean it doesn’t exist. Take the shredder for example. Or fire.
During the hearing, Conley continued to show just how far out of his depth he was. Rep. Blake Farenthold (right after quizzing the FBI on why it removed its recommendation on mobile encryption from its website — using the screenshot and highlighting I made), asked the entire panel:
Is there anybody on the panel believes we can build a technically secure backdoor with a golden key — raise your hand?
No one did — neither DA Conley nor the FBI’s Amy Hess:
But, just a few minutes later, Conley underscored his near absolute cluelessness by effectively arguing “if we can put a man on the moon, we can make backdoor encryption that doesn’t put people at risk.” Farenthold catalogs a variety of reasons why backdoor encryption is ridiculously stupid — and even highlights how every other country is going to demand their own backdoors as well — and asks if anyone on the panel has any solutions. Conley then raises his hand and volunteers the following bit of insanity:
I’m no expert. I’m probably the least technologically savvy guy in this room, maybe. But, there are a lot of great minds in the United States. I’m trying to figure out a way to balance the interests here. It’s not an either/or situation. Dr. Blaze said he’s a computer scientist. I’m sure he’s brilliant. But, geeze, I hate to hear talk like ‘that cannot be done.’ I mean, think about if Jack Kennedy said ‘we can’t go to the moon. That cannot be done.’ [smirks] He said something else. ‘We’re gonna get there in the next decade.’ So I would say to the computer science community, let’s get the best minds in the United States on this. We can balance the interests here.
No, really. Watch it here:
As Julian Sanchez notes, this response is “all the technical experts are wrong because AMERICA FUCK YEAH.”
This is why it’s kind of ridiculous that we continue to let technologically clueless people lead these debates. There are things that are difficult (getting to the moon) and things that are impossible (arguing we only let “good people” go to the moon.) There are reasons for that. This isn’t about technologists not working hard enough on this problem. This is a fundamental reality in that creating backdoors weakens the infrastructure absolutely. That’s a fact. Not a condition of poor engineering practices.
And, really, this idea of “getting the best minds” in the computer science community to work on this, I say please don’t. That’s like asking the best minds in increasing food production to stop all their work and spend months trying to research how to make it rain apples from clouds in the sky. It’s not just counterproductive and impossible, but it takes away from the very real and important work they are doing on a daily basis, including protecting us from people who actually are trying to do us harm. That a law enforcement official is actively asking for computer scientists and cybersecurity experts to stop focusing on protecting people and, instead, to help undermine the safety of the public, is quite incredible. How does someone like Conley stay in his job while publicly advocating for putting the American people in more danger like that?