No Surprises Here: Presidential Commission On Law Enforcement Repeats Calls For Anti-Encryption Legislation

from the another-pile-of-garbage-ideas dept

[Note: this is one of multiple posts covering the Commission's 332-page report.]

The Presidential Commission on Law Enforcement -- ushered into existence by a 2019 Executive Order -- has released its report [PDF], just in time for the man who ordered it to move out of the White House. President Trump spent his four years defending and praising law enforcement, no matter how often law enforcement's actions provoked criticism elsewhere. This report does the same thing, even as it pretends to offer an objective opinion on the challenges facing the law enforcement community.

The Commission is composed solely of law enforcement officials and officers, which makes its findings one-sided and, of course, suspect. The report calls for an end to the "disrespect" shown to law enforcement. But it does little to address the roots of this perceived disrespect. At best, the report suggests the public is just "misinformed" about law enforcement's role in society and posits it's "progressive prosecutors" and opportunistic legislators causing most of the reputational damage, rather than the things cops do when their leash is long enough.

The report also has nothing good to say about device encryption. Using lingo provided to it by consecutive FBI directors and former AG Bill Barr, the report claims something called "warrant-proof encryption" (a.k.a., regular encryption) should have backdoors legislated into it.

The lack of lawful access to encrypted information controlled by technology companies is presently one of the greatest obstacles to law enforcement in its efforts to combat crime. The rule of law cannot exist in a space—digital or otherwise—that deliberately insulates criminals from law enforcement investigation. The substantial danger to individual victims and general safety posed by warrant-proof encryption demands a prompt and decisive policy action. Because the prominent technology companies have increasingly elected to implement data systems that prevent law enforcement access, the Commission has concluded that a legislative solution may be necessary to optimally balance the interests of personal privacy and public safety.

Ah, but the rule of law can exist in such a space. It's doing it right now. The FBI may have claimed it had nearly 8,000 devices "insulated" from "investigation" in its possession, but after being questioned by Congress about its struggles with encryption, it revealed it couldn't accurately count physical items. We're still waiting for an updated number -- one promised to us nearly three years ago.

At least the Commission recognizes law enforcement has never had more tech options at its disposal. But it suggests law enforcement make use of some of its most questionable options more frequently.

New methods of electronic surveillance and digital investigation hold considerable promise, and the Commission recommends that law enforcement take a proactive approach to developing and innovating technologies to combat crime instead of reactively catching up to the technological innovations of the day. Accordingly, the Commission encourages law enforcement to specifically consider—with appropriate contemplation of competing policy interests— developing and adapting crime reduction technologies, such as unmanned aerial systems (quadcopters), acoustic gunshot detection technologies, real time crime centers, and facial recognition software, to add to their crime-fighting arsenal.

Shot spotters. Predictive policing. Facial recognition. This is a list of things that don't work well and, in the latter two cases, are made worse by the inclusion of biases the tech is supposed to be removing.

Heading back to encryption, the report contains testimonial statements from an agency that shouldn't be allowed to bitch about encryption until it can be honest about how many encrypted devices are in its possession. Here's another call for legislated backdoors by Darrin Jones, the FBI's Assistant Director for Science and Technology:

“The impact and magnitude of the lawful access crisis in the United States has grown to a point where the public safety trade-off to the citizens of this country can and should no longer be made privately and independently in the corporate boardrooms of tech companies. It must, instead, be returned to the halls of the people’s democratically elected and publicly accountable representatives.”

But we don't know the "impact" or the "magnitude." The FBI says both are enormous. But the FBI has also overstated the number of locked devices in its possession -- something it routinely leveraged to push claims of a looming criminal apocalypse that has completely failed to materialize. Until it can provide an accurate count, it really shouldn't opine about the "impact" of device encryption. And its testimony shouldn't be the basis for legislation seeking to weaken encryption.

The report goes on to complain about Facebook adding encryption to its Messenger service and Zoom (sort of...) doing the same for its users. Then it claims this is pretty much the first time law enforcement hasn't been able to obtain evidence when it has a warrant.

Companies that have chosen to adopt end-to-end user encryption have effectively upended more than 200 years of jurisprudence by placing evidence beyond the reach of a court-ordered search warrant.

Right. Because no one's destroyed or hidden evidence prior to this point in history. No one held conversations in person to assure no record remained of criminal conspiracies. Just because phones now contain a wealth of potential evidence does not mean the tables have been turned because something more than a physical door separates cops from the stuff they want to take. Any number of third parties store communications and other data in unencrypted form. And no one in law enforcement feels like honestly discussing the phone-cracking tools that are available or how often suspects consent to searches.

The Commission asks for backdoors:

Congress should require providers of communications services and electronic data storage manufacturers to implement strong, managed encryption for stored data and data in motion while ensuring lawful access to evidence pursuant to court orders.

Then it claims it doesn't want backdoors:

The Commission considered but rejected the idea that lawful access equates to back-door access. Almost all mobile device manufacturers, operating system vendors, and app providers maintain their own “upgrade” back doors, which enables providers to routinely change functions and settings of a device or service. Law enforcement does not seek such direct access, nor does it wish to hold any encryption “keys.” Instead, law enforcement seeks to have tech companies develop and manage for themselves the capability to respond to a lawful court order. Having tech companies themselves remain in control of this process is actually privacy enhancing, ensuring law enforcement is afforded only specific, limited access to data as defined in each case by a specific warrant.

The government won't be honest about the challenges encryption actually poses -- beginning with its refusal to tell Americans how many devices it can't crack open. And it's not honest about its desires. A door is a door -- a hole in encryption that doesn't exist until it's mandated. Refusing to call it a "backdoor" doesn't change what it is.

Then there's this, which implies legislators should look into stripping tech companies of protections they currently enjoy… solely to make it easier for law enforcement to access device contents.

Civil liability immunity statutes that were adopted during the infancy of many tech companies may unintentionally encourage such companies to pursue and market user-only access and end-to-end encryption models. Absent any risk of financial liability, the routine cost–benefit analysis— which most companies use to determine whether to dedicate resources to harm-mitigation strategies—may not influence some of these technology companies into a willingness to facilitate lawful access.

According to the Commission, the only way out of this mess is to strip companies of this liability shield... unless they agree to undermine the protections they give to their customers.

As long as tech companies are immune from liability, the Commission assumes that these companies perceive any development or maintenance of lawful access capabilities to be a drain on profits, which allows the tech companies to hide their financial motivations under the guise of a desire to enhance users’ privacy. Ultimately, this behavior enables plausible corporate ignorance and allows criminals to use these systems for illegal purposes. If corporations are to continue to benefit from civil immunity, Congress should mandate that these companies develop and maintain a lawful access solution capable of producing clear text data in response to court-ordered search warrants.

The Commission also says legislators should implement regulations that allow it to wiretap real-time communications that are currently encrypted. Somehow this proposal starts with stored communications and ends with ordained MITM attacks.

The Stored Communications Act of 1986 requires data to be stored for up to 180 days upon request by the government. Providers must also disclose private information in emergency cases where individuals or groups may be in danger. In addition, a “court order is required for access to digital information. An administrative subpoena may be issued to gain access to specific data such as usernames, addresses, telephone numbers, and call transcripts.”

Recently, the FBI investigated a gang task force case where it was revealed that the primary suspect of a homicide case used FaceTime to orchestrate the crime. Because Apple uses end-to-end encryption, it allows criminals to coordinate their crimes through this avenue. If law enforcement is given lawful access, they can then intercept the plans of criminals and gain evidence to prosecute those who break the law.

The government appears to hate tech companies. Combined with the recent attacks on Section 230, Trump and his law enforcement buddies are apparently still entertaining any option that might let them score a win over Big Tech and its supposed anti-conservative/anti-law enforcement bias.

These are dangerous suggestions. Fortunately, they're being offered up by a lame duck Commission that will presumably expire along with a lot of other Trump mandates following his exit from office. Bill Barr has already resigned. Whoever replaces him presumably can't be as terrible as he was.

Law enforcement faces a lot of challenges. But it also has access to more tools, data, and information than it's ever had before. Undermining user security in exchange for law enforcement convenience isn't the way forward. It's a step backwards -- one that places the government's wants over the needs of the people it's supposed to be serving.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, encryption, executive order, fbi, going dark, law enforcement, presidential commission on law enforcement


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 29 Dec 2020 @ 11:57am

    'Seat-belts make our jobs harder, get rid of them.'

    As always it really needs to be hammered home any time the argument against encryption comes up that encryption protects far more innocent people than it does criminals.

    For every suspected criminals where police are too lazy or cowardly to get a warrant and present it to the device owner(rather than the company that sold it) you can be sure that there are vastly more people who's personal data, from medical to banking and a whole lot more, is secure because of working encryption.

    Far from trying to decrease crimes those arguing against encryption are firmly on the side of criminals the world over because crippling encryption would be the greatest gift that criminals both single and organized could ever get, allowing them access to incredible amounts of personal and valuable data that is currently beyond their reach. In trying to make their jobs easier because they're too lazy and/or incompetent to do said jobs without information that they've never had those arguing against encryption are arguing against public safety and security and for the biggest crime-wave in history, and they absolutely deserve to be called on that each and every time.

    link to this | view in chronology ]

  • icon
    Stephen T. Stone (profile), 29 Dec 2020 @ 2:00pm

    Recently, the FBI investigated a gang task force case where it was revealed that the primary suspect of a homicide case used FaceTime to orchestrate the crime. Because Apple uses end-to-end encryption, it allows criminals to coordinate their crimes through this avenue. If law enforcement is given lawful access, they can then intercept the plans of criminals and gain evidence to prosecute those who break the law.

    [Scene: A Zoom call between members of the Presidential Commission on Law Enforcement]

    Commission Member 1: …and what if the FBI happens to catch a few ‘anti-American’ journalists, activists, and other such ne’er-do-wells saying mean things about the President, then use that to ruin their lives?

    Commission Member 2: Can we call it “the cost of doing business”?

    Commission Member 1: I think the military types call it “collateral damage”.

    Commission Member 3: Maybe we shouldn’t mention that at all. Might make us seem like we’re trying to break encryption for the sake of spying on all Americans.

    Commission Member 1: Good idea. Leave it out, but tell the Feds we’re on board with it anyway.

    FBI Agent: You say that like we weren’t already listening.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Dec 2020 @ 2:08pm

    law enforcement seeks to have tech companies develop and manage for themselves the capability to respond to a lawful court order.

    Isn't there this ongoing incident in various government agencies due to a modified upgrade? Why make sure that companies will be hacked to utilize the required facility. Also, how do they expect companies to decode past messages if the same companies do not do some form of key escrow?

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 29 Dec 2020 @ 2:40pm

      'Yes we were hacked, again, but that was before the golden key!'

      It is rather funny and telling that at the same time as government agencies are demanding that companies be required to implement security holes in their products example after example comes out about why that's a terrible idea, yes.

      link to this | view in chronology ]

  • icon
    Upstream (profile), 29 Dec 2020 @ 2:55pm

    Re: Bill Barr's replacement

    Whoever replaces him presumably can't be as terrible as he was.

    I think this may be a presumption based on facts not in evidence. While Trump was clearly a loose cannon authoritarian, it is just as clear that Harris / Biden are long-time establishment authoritarians. They both have a lot of experience and a lot of connections and influence that may very well make them more effective authoritarians.

    link to this | view in chronology ]

    • icon
      Thad (profile), 29 Dec 2020 @ 3:00pm

      Re: Re: Bill Barr's replacement

      I think this may be a presumption based on facts not in evidence. While Trump was clearly a loose cannon authoritarian, it is just as clear that Harris / Biden are long-time establishment authoritarians.

      So was George HW Bush.

      Say, who was his AG again?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Dec 2020 @ 5:45am

      Re: Re: Bill Barr's replacement

      Attempting to equate trump to biden is a fools errand.

      link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 29 Dec 2020 @ 3:16pm

    Representation

    It must, instead, be returned to the halls of the people’s democratically elected and publicly accountable representatives.

    When we have publicly accountable representatives, let THEM make these specious arguments.

    Until then, "Authorities" and "Officials" can suck my ....

    Doesn't look like it stopped them figuring out the Nashville RV Bomber details. No phones there.

    Dear:
    "Authorities" -- no you're not on authority on anything
    "Officials" -- yes you have a job so you're an official twit
    "publicly accountable" -- no you're not
    Your "rights to demand things" end just before your mouth starts moving.

    E

    link to this | view in chronology ]

  • icon
    ECA (profile), 29 Dec 2020 @ 5:21pm

    AND

    What the frack did you Police do, BEFORE digital?
    Get a hint.
    The SAME thing you can do now, EXCEPT you have to do it yourself, not ask the Phone company to setup a recording device.

    Even tho there were TONS of regs to protect people using Phones, They got Jumped over many times.
    AND for those using cellphones, Those LAWS never transferred. Until they do, they CAN do anything to your PHONE.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Dec 2020 @ 8:04pm

    Companies that have chosen to adopt end-to-end user encryption have effectively upended more than 200 years of jurisprudence by placing evidence beyond the reach of a court-ordered search warrant.

    Yeah, i remember when 200 years ago, up until yesterday, when we thoroughly documented our personal lives and were tracked by apps and services and all this information was freely available to the cops who took our little black boxes.

    Oh wait, that never happened. We always have had encrypted brains and private conversations, and largely declined to make records of anything illicit. No crime was ever solved ever.

    Shit, that didn't quite happen that way either.

    What was the story now?

    Ultimately, this behavior enables plausible corporate ignorance

    It should *create full and complete corporate ignorance for realz. Asshats.

    link to this | view in chronology ]

    • icon
      ECA (profile), 30 Dec 2020 @ 4:03am

      Re:

      But think about that comment.
      Encryption from end to end?
      16bit? WOW, I hope the other phone has the decrypt.
      Because that old Digital encoding thing back in 1998, seems to still work on my email.
      Broken and fixed a few times.
      But encoding Audio, so the other end can decode is abit hard. its NOT instant.
      But whats neat, is Man in the middle, where you intercept the signal And listen to both sides, and record it, then decipher it.
      Oh! I shouldnt give them a hint should I ?

      yep, 200 years ago, we had OWNED property? and renters? and Lots of people in cabins int he woods.. And Horse's with drivers licenses. Oh! I know.. Business licenses. Any License's?? Any requirements to PROVE who a person was?? A credit card?
      The fun part of this, is that 90% of it wasnt used by Any one.

      link to this | view in chronology ]

  • identicon
    christenson, 29 Dec 2020 @ 8:04pm

    And LEOs wonder why...

    We don't respect them when they lie and hide the ball???

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Dec 2020 @ 9:06pm

    Re: "which allows the tech companies...

    to hide their financial motivations under the guise of a desire to enhance users’ privacy."

    Now that is rich, considering that they make their bones by selling user information to anybody who wants it. Really the warrant process is entirely unneccessary. I imagine they can get anything they want by soliciting an advertising contract.

    They aren't asking to do something. They are asking to legalize existing institutional criminality. It is of no surprise to anyone that the POTUS who wants to use the military as a voting enforcement, is on the same side as our favorite senator from the south carolina aryan nation. /s

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Dec 2020 @ 10:26pm

    What about all the existing devices without backdoors? There is nothing law enforcement can do about those?

    link to this | view in chronology ]

  • identicon
    Ian Williams, 30 Dec 2020 @ 6:10am

    Warrant Free Plumbing

    Across the United States, we have repeated incidents of people being killed or injured in No-Knock raids, that occur simply because of the risk that persons in the location being searched might flush evidence down the toilet or disposal. Why haven’t law enforcement demanded that manufacturers of plumbing stop producing “warrant proof” plumbing? Surely the numbers of crimes that could be solved by preventing the destruction of evidence is worth the public health risks of returning to privies, chamberpots and outhouses.

    link to this | view in chronology ]

  • identicon
    Rick O'Shae, 30 Dec 2020 @ 9:57am

    Fascists 10 - Public 0

    I suppose we should all really be thankful to Trump and Company for this. Never before has a general public been privy to the behind-the-scene methods used by wealthy fascists to turn a nation into a Police State. For the first time ever, the process is exposed to public scrutiny and analysis, simply because this time, the fascists have so much money and technology behind them, they feel invulnerable and proceed without worry in broad daylight.

    Now if only the general public was actually paying attention, and journalists were not all working for the fascists who own all the once-free-press outlets, this period in history would prove extremely educational.

    Once Section 230 is repealed, and it looks like that will be soon, the corporate fascists can "Legally" destroy all their on-line competitors and nay-sayers long before the public realizes the truth and starts procedures to re-instate the legislation. It matters not that the legislation will be re-instated, because the damage will have been done and the fascists will be un-opposed by any but the legally powerless public in their rapine of America.

    Its the plan Stan.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.