Breaking encryption in the name of public safety

by Caroline Bottger

US lawmakers are planning to introduce legislation to Congress that would make tech companies liable for the content their users post online. Called the Eliminating Abuse and Rampant Neglect of Interactive Technologies Act of 2019 or “EARN IT” Act, the bill demands that companies comply with a list of 15 best practices, or risk being held liable for what their users post. Currently, tech companies are protected from this liability under Section 230 of the Communications Decency Act.

The tech industry fears that this would be used to break encryption, a security method that keeps data sent over the internet readable only by the sender and the recipient; law enforcement says that encryption greatly hinders investigations into online crime, hate speech, and extremism.

The drawbacks of encryption are coming into the global spotlight as communication and crime move into the digital sphere. The “Five Eyes” group, an intelligence-sharing group comprising the US, UK, Canada, Australia, and New Zealand, concentrated on the barriers presented by encryption in their 2019 meeting: UK Home Secretary Priti Patel said in a press statement, “The Five Eyes are united that tech firms should not develop their systems and services, including end-to-end encryption, in ways that empower criminals or put vulnerable people at risk.”

One member country already made moves to break encryption in the name of public safety: Australia passed an anti-encryption law in 2018, which would “establish frameworks for voluntary and mandatory assistance to law enforcement and intelligence agencies in relation to encryption technologies”. Privacy advocates in the country are pushing for amendments on the grounds of potential human rights abuses.

Police departments are already trying to get around encryption without the help of laws. The New York Police Department has spent $10 million on a lab that breaks Apple and Google encryption by using an algorithm to guess passcodes on phones — a technique called ‘brute-forcing.’ Manhattan District Attorney Cyrus Vance said, “You entrust us [law enforcement] with this responsibility to protect the public. At the same time, they [Apple and Google] have taken away one of our best sources of information.”

Elsewhere around the world, more extreme measures are being taken. The Indian government passed a law that requires tech companies like Facebook and YouTube to trace a post within 72 hours of a government request, “no warrant or judicial order required.” India has historically taken a much harsher approach to ensuring public security through restricting the reach of technology: in August 2019, the government cut off internet access for Kashmir, a semi autonomous state with 8 million people.

Alternatives to WhatsApp and iMessage have been on the sidelines for years, and this latest news is pushing them into the mainstream. Encrypted messaging app Signal received a cash infusion of $50 million — from WhatsApp co-founder Brian Acton — and can delete messages after sending.

Caroline Bottger is a freelance writer who writes on issues of technology, privacy, and security. 
The information and opinions reflected in this post have been gathered from news outlets around the web and do not reflect those of Patriot One Technologies. Likewise, representation of any person, technology, company or political view or opinion in this post should not be interpreted as an endorsement by Patriot One Technologies.
Many of the articles within the media pages of the website are 3rd party in origin and have been included for informative purposes only. Decisions to include articles are solely based on the timely nature of the storyline as it applies to the security industry in general and to the proliferation of threats to public safety in particular. The inclusion of these articles does not imply that PATRIOT ONE its management, agents or employees endorses any statements expressed. The public is advised to fully investigate any contentious claims or assertions prior to arriving at any conclusions. Any hyperlinks included in these articles does not imply that PATRIOT ONE monitors or endorses these websites. Accordingly, PATRIOT ONE accepts no responsibility for such websites. Additional information regarding exclusions and liability limitations are outlined here.