Group items tagged

Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.

Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.

In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.

Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:

States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.

The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.

Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.

Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.

But that’s not what the government told the Second Circuit, and it’s not what the Second Circuit has now suggested is the law. Second, the Second Circuit’s new opinion endorses the continued official secrecy over any discussion of a document that has supplied a purported legal basis for the targeted killing program since almost immediately after the September 11 attacks. The document — a September 17, 2001 “Memorandum of Notification” — is not much of a secret. The government publicly identified it in litigation with the ACLU eight years ago; the Senate Intelligence Committee cited it numerous times in its recent torture report; and the press frequently makes reference to it. Not only that, but the Central Intelligence Agency’s former top lawyer, John Rizzo, freely discussed it in his recent memoir. According to Rizzo, the September 17 MON is “the most comprehensive, most ambitious, most aggressive, and most risky” legal authorization of the last decade and a half — which is saying something. Rizzo explains that the MON authorizes targeted killings of suspected terrorists by the CIA, and in his new book, Power Wars, Charlie Savage reports that the MON is the original source of the controversial (and legally novel) “continuing and imminent threat” standard the government uses to govern the lethal targeting of individuals outside of recognized battlefields. The MON is also likely to have authorized an end run around the assassination “ban” in Executive Order 12333 — a legal maneuver that is discussed in, but almost entirely redacted from, an earlier OLC analysis of targeted killing.

In yesterday’s opinion, the Second Circuit upheld the government’s withholding of a 2002 OLC memorandum that “concerns Executive Order 12333,” which almost certainly analyzes the effect of the September 17 MON, as well as of five other memoranda that “discuss another document that remains entitled to protection.” If indeed that “document” is the MON, it would seem to be yet another case of what the DC Circuit pointedly criticized, in a 2013 opinion, as the granting of judicial “imprimatur to a fiction of deniability that no reasonable person would regard as plausible.” In that case, the DC Circuit went on to quote Justice Frankfurter: “‘There comes a point where … Court[s] should not be ignorant as judges of what [they] know as men’ and women.” Last year, the Second Circuit took that admonishment to heart when it published the July 2010 OLC memorandum. Unfortunately, yesterday, rather than once again opening the country’s eyes to the law our government is applying behind closed doors, the Second Circuit closed its own.

“We will pursue a new foreign policy that finally learns from the mistakes of the past…We will stop looking to topple regimes and overthrow governments…. Our goal is stability not chaos, because we want to rebuild our country [the United States] …In our dealings with other countries, we will seek shared interests wherever possible and pursue a new era of peace, understanding, and good will.” There won’t be any peace under Mattis or McMaster, that’s for sure. Both men are anti-Moscow hardliners who think Russia is an emerging rival that must be confronted and defeated. Even more worrisome is the fact that uber-hawk John McCain recently stated that he talks with both men “almost daily” (even though he has avoided talking to Trump since he was elected in November.) According to German Marshall Fund’s Derek Chollet, a former Obama Pentagon official. “(McCain) is trying to run U.S. defense policy through Mattis and effectively ignore Trump.” (Kimberly Dozier, Daily Beast contributing editor)  Chollet’s comments square with our belief that Trump has relinquished his control over foreign policy to placate his critics.

In response to Mattis’s comments, Syrian President Bashar al Assad said: “Any military operation in Syria without the approval of the Syrian government is illegal, and  any troops on the Syrian soil,  is an invasion, whether to liberate Raqqa or any other place. …The (US-led) coalition has never been serious about fighting ISIS or the terrorists.” Clearly, Washington is using the fight against ISIS as a pretext for capturing and holding territory in a critical, energy-rich area of the world. The plan to seize parts of East Syria for military bases and pipeline corridors fits neatly within this same basic strategy.   But it also throws a wrench in Moscow’s plan to restore the country’s borders and put an end to the six year-long conflict. And what does Tillerson mean when he talks about “interim zones of stability” a moniker that the Trump administration carefully crafted to avoid the more portentous-sounding “safe zones”. (Readers will recall that Hillary Clinton was the biggest proponent of safe zones in Syria, even though they would require a huge commitment of US troops as well as the costly imposition of a no-fly zone.) Tillerson’s comments suggest that the Trump administration is deepening its involvement in Syria despite the risks of a catastrophic clash with Moscow. Ever since General Michael Flynn was forced to step down from his position as National Security Advisor, (Flynn wanted to “normalize” relations with Russia), Trump has filled his foreign policy team with Russophobic hawks who see Moscow as “hostile revisionist power” that “annex(es) territory, intimidates our allies, develops nuclear weapons, and uses proxies under the cover of modernized conventional militaries.” Those are the words of  the man who replaced Flynn as NSA,  Lt. General HR McMaster. While the media applauded the McMaster appointment as an “outstanding choice”, his critics think it signals a departure from Trump’s campaign promise:

Washington’s Syria policy is now in the hands of a small group of right-wing extremists who think Russia is the biggest threat the nation has faced since WW2. That’s why there’s been a sharp uptick in the number of troops deployed to the region.