Naked Security Naked Security

US gov says it can break your encryption without a court order

The encryption battle between the FBI and Apple is all octopus ink, if you go by what the government says

Remember all that drama over encryption, with the FBI wrestling in court with Apple over its inability to access an iPhone belonging to one of the San Bernardino terrorists? And the way that the FBI, even after it paid somebody to crack that iPhone, keeps arguing that strong encryption is allowing major swaths of the criminal and terrorist underworld to “go dark”?

It’s all octopus ink, if you go by what the government says: it doesn’t need approval from its secret surveillance court to ask a tech company to create an encryption backdoor. It already has the legal authority to compel cooperation, it stated in Congressional testimony released over the weekend.

According to ZDNet’s Zack Whittaker, the remarks were made in July in response to questions posed by Sen. Ron Wyden (D-OR), but they were only made public this weekend.

Intelligence officials from the FBI, the National Security Agency (NSA), and the Director of National Intelligence (DNI) told the Senate Intelligence Committee on 7 June 2017 that they can resort to an order from the Foreign Intelligence Surveillance Court (FISC) compelling tech companies to help them out if need be. But they don’t even have to go that far (and had not, as of the date of the hearing), given that they can use FISA to authorize government personnel to compel compliance without the FISC even being given a heads-up about the matter.

ZDNet says the intelligence officials declined to tell the committee whether they’d ever asked a company to add an encryption backdoor.

As ZDNet points out, the government relies on Section 702 of Title VII of the Foreign Intelligence Surveillance Act (FISA) to carry out the bulk of its intelligence gathering and surveillance operations.

That’s not the legislation the FBI relied on in its attempts to get Apple to unlock either the San Bernardino terrorist’s iPhone or that of an alleged meth dealer in Brooklyn. Rather, in those cases, the government relied on a broad interpretation of a law known as the All Writs Act.

The All Writs Act, which hails from 1789, allows courts to issue writs (orders) “necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

During the June testimony before Congress, intelligence officials strenuously defended Section 702, saying that it had provided valuable intelligence in multiple cases.

Their support is timely: the legislation is up for renewal, reform or expiration by year’s end, in a few weeks.

The news that the legislation OKs the government’s compelling of encryption breakage without seeking a court order likely isn’t consequential. As it is, the court in question – the FISC – basically just rubber stamps the government’s surveillance requests, keeping its proceedings secret and almost never pushing back against the requests, as NPR has reported.

ZDNet cited a blog post by Marcy Wheeler, an independent journalist who focuses on national security, who last month dissected a FISA reform bill proposed by Wyden.

Wheeler explained that Wyden is concerned that Section 702 “leaves in place current statutory authority to compel companies to provide assistance, potentially opening the door to government mandated de-encryption without FISA Court oversight.”

Translation: the government can use the legislation to force a company such as Apple to back-door its encryption.

Yup, that’s exactly what he’s concerned about, Wyden confirmed in a statement on the bill.

Leave a Reply

Your email address will not be published. Required fields are marked *