A group of Republican senators are making yet another attempt to ban end-to-end encryption in messaging services, which would make illegal Apple’s Messages and FaceTime services, as well as a wide range of other message apps like WhatsApp, Signal and Telegram.
No surprise, either, that they are again demonstrating that they don’t understand how end-to-end encryption works …
Three senators have proposed the Lawful Access to Encrypted Data Act.
Senate Judiciary Committee Chairman Lindsey Graham (R-South Carolina) and U.S. Senators Tom Cotton (R-Arkansas) and Marsha Blackburn (R-Tennessee) today introduced the Lawful Access to Encrypted Data Act, a bill to bolster national security interests and better protect communities across the country by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior.
“Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations. My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations,” said Graham.
The claim is, of course, nonsense. Tech companies do not ‘refuse’ to assist law enforcement. Apple cooperates with numerous law enforcement investigations, including handing over complete copies of iCloud backups.
Many service providers and device manufacturers continue refusing to cooperate with law enforcement to help recover encrypted data, even when presented with a lawful warrant supported by probable cause.
Again, no. The don’t provide access to end-to-end encrypted messages because they can’t. That is, literally, the whole point of end-to-end encryption: it protects privacy by ensuring that only the parties involved in the communication can decrypt the contents.
The bill also makes it sound like it is adding a new safeguard.
The bill would require service providers and device manufacturers to provide assistance to law enforcement when access to encrypted devices or data is necessary – but only after a court issues a warrant, based on probable cause that a crime has occurred, authorizing law enforcement to search and seize the data.
It isn’t: that’s the exact legal position today.
It’s not the first time senators have tried to outlaw strong encryption. The first such attempt in the US was made back in 2016, following Apple’s refusal to create a backdoor into iOS to unlock an iPhone 5C used by one of the San Bernardino shooters. The FBI later accessed the phone using a commercial company.
Three years later, in 2019, the Trump administration proposed making another attempt to ban end-to-end encryption. Later the same year, the Senate Judiciary Committee again threatened legal action against companies using strong encryption. Other governments around the world have proposed the same thing, demonstrating exactly the same failure to grasp how end-to-end encryption works.
Technically, there would be one way to break end-to-end encryption, known as ‘the ghost proposal.’ This would require Apple and other companies to deceive their customers by creating fake devices linked to their Apple IDs. However, as we’ve pointed out before, if messaging services did this, they would no longer be using end-to-end encryption.
It takes advantage of the way that Apple allows you to begin an iMessage conversation on your iPhone then continue it on your iPad or Mac. Apple could effectively create a fake virtual device, authenticated as you, which would receive all your messages.
However, that would only be possible because it would break authentication of participants in the chat, which is a key component of end-to-end encrypted messaging. If you take an end-to-end encrypted messaging service and compromise the authentication process, you no longer have an end-to-end encrypted messaging service. The whole point of end-to-end encryption is that only authorized participants can decrypt it.
CNET reports that Apple didn’t respond to a request for comment.
FTC: We use income earning auto affiliate links. More.