Warrant-Proof Encrypted Messages Targeted By Trump Administration
NOEL KING, HOST:
The Trump administration is pressuring the tech industry to give law enforcement a way to access encrypted communications. Super secure, end-to-end encryption has been spreading into everyday online services. And the Justice Department says that takes privacy too far. NPR's Martin Kaste has the story.
MARTIN KASTE, BYLINE: There's a good chance that you've been sending encrypted messages maybe without even meaning to. If so, it's probably thanks to Moxie Marlinspike. He's a software developer with a thing for privacy. For instance, for this story, he was reluctant to reveal his address, so he ended up doing the interview on a bench at a nearby bus stop. And even in this digital age, he thinks he's not the only one who cares about privacy.
MOXIE MARLINSPIKE: People's expectations when they send someone a message is that that message is viewable by themselves and the intended recipient. And people are always very disappointed when that turns out to not be true.
KASTE: So Marlinspike co-created some software that makes encryption very easy. It's baked into popular products like WhatsApp and Skype. And it's end-to-end encryption. That's tech speak for systems in which only the sender and the recipient have the keys to a message - nobody else.
MARLINSPIKE: That's the whole point. Not even we, the creators of the software or the operators of the service, are capable of inspecting message content.
KASTE: Which is what worries the Justice Department.
(SOUNDBITE OF ARCHIVED RECORDING)
WILLIAM BARR: It is hard to overstate how perilous this is.
KASTE: Attorney General William Barr says the problem with end-to-end encryption is that law enforcement ends up locked out, too, even when it has a warrant.
(SOUNDBITE OF ARCHIVED RECORDING)
BARR: By enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield, the deployment of warrant-proof encryption is already imposing huge costs on society.
KASTE: There's been a lot of media attention lately on the FBI showdowns with Apple about opening iPhones used in terrorism. But those situations are relatively rare, given that the feds often have other ways of getting information. What's more common is that end-to-end encryption is frustrating local law enforcement - people like Cpt. Clay Anderson.
CLAY ANDERSON: It comes into play at least probably once or twice every single week.
KASTE: He supervises investigations for the sheriff's office in Humphreys County, Tenn. They get a lot of cases involving sexual exploitation - predators grooming minors via online messaging.
ANDERSON: In those cases, you run into dead ends because you can't get past encryption. I mean, who needs that type of encryption other than maybe the military with some type of sensitive operation that they're doing? You know, we don't even in law enforcement use encryption like that.
KASTE: Federal law already requires phone companies to make sure that police can tap calls. But now the administration wants a similar guarantee for messaging. And a bill recently floated by Republican Senator Lindsey Graham may force the issue. It would strip the tech companies' legal immunity for things posted and sent by their users unless the companies adopt a code of best practices. Privacy experts assume that that code will include a requirement that police get access to encrypted messages. Riana Pfefferkorn with the Stanford Center for Internet and Society says the administration seems to be doing this now because it sees an opening as the public's attitude toward big tech has recently soured.
RIANA PFEFFERKORN: It feels like there is now less trust in large tech companies. And so it may be that the time is ripe to try and introduce this policy goal that has been in the works for quite a while.
KASTE: The irony of this, as she sees it, is that if the tech companies give in and make a kind of master key to open messages when the police come calling, that will end up weakening the encryption itself, which potentially threatens the privacy of everybody who uses it. As most computer scientists will tell you, when you build a secret way into an encrypted system for the good guys, it ends up getting hacked by the bad guys. Moxie Marlinspike says that's why his encryption software is open source. Anybody can look at the programming.
MARLINSPIKE: The technology itself is not a secret. We're very open about how all of this works. We don't own any patents.
KASTE: That transparency allows outside experts to check it for weaknesses, and it would make it hard to hide a secret access point for the police. Of course, tech companies don't have to use open source software. They could write closed software that lets the authorities in. But if they did that, there are other options. Marlinspike himself runs an open-source encrypted messaging service called Signal. It's a nonprofit. And lately, it's become increasingly popular with security-conscious users such as journalists and government sources.
MARLINSPIKE: It's up and to the right. Every day is a new record for Signal users and Signal traffic.
KASTE: But just how many users does Signal have now? Marlinspike shakes his head. The exact numbers, he says, are private. Martin Kaste, NPR News. Transcript provided by NPR, Copyright NPR.