Skip to main content

Senators once more try to ban end-to-end encryption; still don’t understand it

A group of Republican senators are making yet another attempt to ban end-to-end encryption in messaging services, which would make illegal Apple’s Messages and FaceTime services, as well as a wide range of other message apps like WhatsApp, Signal and Telegram.

No surprise, either, that they are again demonstrating that they don’t understand how end-to-end encryption works …

Three senators have proposed the Lawful Access to Encrypted Data Act.

Senate Judiciary Committee Chairman Lindsey Graham (R-South Carolina) and U.S. Senators Tom Cotton (R-Arkansas) and Marsha Blackburn (R-Tennessee) today introduced the Lawful Access to Encrypted Data Act, a bill to bolster national security interests and better protect communities across the country by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior.

“Terrorists and criminals routinely use technology, whether smartphones, apps, or other means, to coordinate and communicate their daily activities. In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations. My position is clear: After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations,” said Graham.

The claim is, of course, nonsense. Tech companies do not ‘refuse’ to assist law enforcement. Apple cooperates with numerous law enforcement investigations, including handing over complete copies of iCloud backups.

Many service providers and device manufacturers continue refusing to cooperate with law enforcement to help recover encrypted data, even when presented with a lawful warrant supported by probable cause.

Again, no. The don’t provide access to end-to-end encrypted messages because they can’t. That is, literally, the whole point of end-to-end encryption: it protects privacy by ensuring that only the parties involved in the communication can decrypt the contents.

The bill also makes it sound like it is adding a new safeguard.

The bill would require service providers and device manufacturers to provide assistance to law enforcement when access to encrypted devices or data is necessary – but only after a court issues a warrant, based on probable cause that a crime has occurred, authorizing law enforcement to search and seize the data.  

It isn’t: that’s the exact legal position today.

It’s not the first time senators have tried to outlaw strong encryption. The first such attempt in the US was made back in 2016, following Apple’s refusal to create a backdoor into iOS to unlock an iPhone 5C used by one of the San Bernardino shooters. The FBI later accessed the phone using a commercial company.

Three years later, in 2019, the Trump administration proposed making another attempt to ban end-to-end encryption. Later the same year, the Senate Judiciary Committee again threatened legal action against companies using strong encryption. Other governments around the world have proposed the same thing, demonstrating exactly the same failure to grasp how end-to-end encryption works.

Technically, there would be one way to break end-to-end encryption, known as ‘the ghost proposal.’ This would require Apple and other companies to deceive their customers by creating fake devices linked to their Apple IDs. However, as we’ve pointed out before, if messaging services did this, they would no longer be using end-to-end encryption.

It takes advantage of the way that Apple allows you to begin an iMessage conversation on your iPhone then continue it on your iPad or Mac. Apple could effectively create a fake virtual device, authenticated as you, which would receive all your messages.

However, that would only be possible because it would break authentication of participants in the chat, which is a key component of end-to-end encrypted messaging. If you take an end-to-end encrypted messaging service and compromise the authentication process, you no longer have an end-to-end encrypted messaging service. The whole point of end-to-end encryption is that only authorized participants can decrypt it.

CNET reports that Apple didn’t respond to a request for comment.

Photo: Politico

FTC: We use income earning auto affiliate links. More.

MacStadium macOS VM
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications