U.S. Attorney General Barr: Encrypted Apps a Public Menace

William Barr
(Image credit: Alex Wong/Getty Images)

UPDATED 4 p.m. Eastern time to reconcile quotations with the public transcript of Barr's speech.

NEW YORK -- The American technology industry needs to let law enforcement read WhatsApp, Apple Messages and other encrypted messaging apps and devices before it's too late, Attorney General of the United States William P. Barr said today (July 23) at the International Conference on Cyber Security at Fordham University.

"Law-enforcement agencies are increasingly prevented from accessing communications in transit or data stored on cellphones or computers, even with a warrant," Barr said, referring to the "Going Dark" issue that the FBI and Department of Justice have tried to address for nearly two decades. "This form of warrant-proof encryption poses a grave threat to public safety."

If law enforcement continues to be unable to read consumer-grade encrypted communications and encrypted data, Barr said, then criminals, terrorists, drug cartels and human traffickers will feel free to operate without fear of being caught, he said.

"Making our virtual world more secure should not come at the expense of making us more vulnerable in the real world," Barr added. "While encryption protects us against cyberattacks, deploying it in warrant-proof form jeopardizes public safety more generally.  The net effect is to reduce the overall security of society."

A heated debate

The Fourth Amendment of the U.S. Constitution guarantees Americans a right to privacy, but law enforcement has always been able to ask a judge for a warrant to read suspected individuals' mail, tap their phones, track their movements and so forth in the interest of public safety.

With today's nearly unbreakable commercial encryption technologies, however, cops can't read messages stored on a smartphone or sent via WhatsApp, even if they have a warrant. This came to a head in 2015 following the San Bernardino Christmas-party massacre, when Apple refused to help the FBI access encrypted messages on the workplace iPhone used by one of the shooters. 

This issue has created a growing sense of panic among FBI agents and Department of Justice officials, who have been warning legislators and White House staffers of the problem since the administration of President George W. Bush. But presidents have deferred to Congress on the issue, Congress hasn't done much about it, and consumer-grade encryption just keeps getting stronger and harder to crack.

"We are not talking about protecting the nation's nuclear launch codes" or the encryption formats used by large businesses, Barr said. "We are talking about consumer products and services such as messaging, smartphones, email, and voice and data applications."

To Barr, consumers don't need super-strong encryption to protect them from hackers, not when the trade-off is a greater threat to public safety.

"Is it reasonable," he asked, "to incur massive further costs [to public safety] to move slightly closer to optimality and attain a 99.5 percent level of [encryption] protection even where the risk addressed is extremely remote?"

On the other side, encryption experts say that it's impossible to give law-enforcement agencies a "back door" into encrypted apps and protocols without making it easier for hackers and criminals to crack the encryption. Apple and other companies tout their strong encryption in their marketing materials.

Facilitating murder?

Barr said criminals are taking advantage of being able to talk without the cops listening.

"We've seen transnational drug cartels move their communications onto commercially available encrypted platforms," Barr said. He cited "a Mexican cartel that ... started using WhatsApp as their primary communication method, preventing U.S. law enforcement from conducting wiretaps that would enable us to locate fentanyl shipments. 

"We also found that the cartel had used WhatsApp to coordinate the murders of Mexico-based police officials," he added. "The costs of not being able to gain lawful access in this case were the lives of the assassinated officers."

It's not only large criminal or terrorist organizations that use encrypted communications, he said, adding that "converting the internet and communications platforms into law-free zones ... will inevitably propel an expansion of criminal activity." 

"The Going Dark problem is not limited to terrorism or drug-cartel cases," Barr said. "We know of a large, violent gang that is using encrypted apps to greenlight assassinations, but we cannot prevent the murders. It is becoming easier for most common criminals to communicate beyond the reach of surveillance."

Act now...or else

The time has come, Barr said, for Silicon Valley to step up and create methods by which law enforcement can lawfully access encrypted communications and data without significantly weakening encryption. 

"We do not seek to prescribe any particular solution," Barr said. "Private-sector technology providers have immensely talented engineers. ... They are in the best position to determine what methods of lawful access work best."

"We think our tech sector has the ingenuity to develop effective ways to provide secure encryption while also providing secure legal access," he added. "But there have been enough dogmatic pronouncements that lawful access simply cannot be done. It can be, and it must be."

Otherwise, Barr warned, future events may force an unwanted solution upon the tech industry. 

"It's only a matter of time before a sensational case crystallizes the issue for the public," he said. "The U.K. and Australia are already moving on statutory frameworks to address it. ... American companies have an opportunity to advance their interests by setting industry standards now."

"While we remain open to a cooperative approach, the time to achieve that may be limited," he concluded. "As this debate has dragged on ... our ability to protect the public from criminal threats is rapidly deteriorating. 

"The rest of world has woken up to this threat. It is time for the United States to stop debating whether to address this problem, and start talking about how."

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.