Anom Stunt of the FBI Strikes the Cryptography Debate

The FBI’s repeated success in overcoming its “become dark” problem belies the protests that it is an existential threat. In some ways, Anom shows how creative the agency’s solution can be. Researchers warn, however, that more governments around the world are looking for the power to demand digital gateways – and some, like Australia, implement such laws-Authorities could also point to the Anom case as evidence that special access works.

“It seems like from there it’s not rhetorically so big a jump to say,‘ This worked so well, wouldn’t it be nice if every app had a back door? That’s literally what law enforcement in the United States has said they want, ”says Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Center for the Internet and Society at Stanford University. able to monitor every message on Anom was so effective, the FBI might say, why not just do it more, and in more places?

Extraordinary Circumstances

It is important not to extrapolate too broadly from the Anom experience. According to documents released this week, the FBI has made great efforts to work in accordance with foreign laws and avoid monitoring Americans during the three-year initiative. And there is no immediate threat from the FBI that it will be able to implement a fully backdoored system in the United States. The Fourth Amendment protects against “unreasonable” search and seizure, and establishes a clear basis for government mandate requirements. In addition, continuous surveillance orders as subpoena orders are intentionally even more difficult for the order to obtain, because they allow for massive expansive surveillance. But, like the The National Security Agency’s PRISM program showed, Uncontrolled national digital surveillance programs are not out of the realm of possibilities in the United States.

One lesson to be taken from Anom, however, is that while it was effective in many ways, it came with potential collateral damage to the privacy of people who have not been charged with any crime. Even a scam-oriented product can be used even by law-abiding people, subjecting these involuntary targets to draconian surveillance in the process of trying to catch real criminals. And anything that normalizes the concept of total government access, even in a very specific context, can be a step on a slippery slope.

“There’s a reason we have mandate requirements and it takes effort and resources to put the work into investigation,” says Pfefferkorn. “When there is no friction between the government and the people who want to investigate, we see what can result.”

These concerns are supported by indications that governments are actively seeking backdoor expansion authorities. Along with Australia, other U.S. “Five Eyes” intelligence partners such as the United Kingdom have also sparked ideas on how law enforcement might have access to end-to-end encrypted services. end mainstream. In 2019, for example, the UK intelligence agency GCHQ proposed that services build law enforcement mechanisms to be added as a silent, invisible participant in chats or other communications that interest them. That way, GCHQ argued, companies would not have to break their encryption protocols, they could simply make another party account in conversations, such as adding another member to a group chat.

U reaction against the proposal it has been quickly and definitively cited by researchers, cryptographers, privacy advocates, human rights groups, and companies such as Google, Microsoft and Apple. They strongly argued that a tool to add law enforcement ghosts to chats could also be discovered and abused by bad actors, exposing all users of a service to risk and fundamentally undermining the purpose of chat protections. end-to-end encryption.

Cases like Anom and other examples of law enforcement agencies operating in secret secure communication companies cannot realize the wildest dreams of enforcing the law on mass communication access. But they show — with all their own scaling, gray areas, and possible implications for privacy — authorities still have ways to get the information they want. The criminal hell hasn’t gone nearly as dark as it may seem.

“I’m happy to live in a world where criminals are mute and are spreading out on criminal encryption applications for special purposes,” says Matthew Green, a Johns Hopkins cryptographer. “My current fear is that eventually some criminals will stop being dumb and just move on to good encrypted messaging systems.”

More Great Stories WIRED

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button