By Trevor Timm
ust as it seems the White House is close to finally announcing its policy on encryption – the FBI has been pushing for tech companies like Apple and Google to insert backdoors into their phones so the US government can always access users’ data – new Snowden revelations and an investigation by a legendary journalist show exactly why the FBI’s plans are so dangerous.
One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk.
In a meticulous investigation, longtime NSA reporter James Bamford reported at the Intercept Tuesday that the NSA was behind the notorious “Athens Affair”. In surveillance circles, the Athens Affair is stuff of legend: after the 2004 Olympics, the Greek government discovered that an unknown attacker had hacked into Vodafone’s “lawful intercept” system, the phone company’s mechanism of wiretapping phone calls. The attacker spied on phone calls of the president, other Greek politicians and journalists before it was discovered.
According to Bamford’s story, all this happened after the US spy agency cooperated with Greek law enforcement to keep an eye on potential terrorist attacks for the Olympics. Instead of packing up their surveillance gear, they covertly pointed it towards the Greek government and its people. But that’s not all: according to Snowden documents that Bamford cited, this is a common tactic of the NSA. They often attack the “lawful intercept” systems in other countries to spy on government and citizens without their knowledge:
Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable”, the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia and Siemens.
It’s the exact nightmare scenario security experts have warned about when it comes to backdoors: they are not only available to those that operate them “legally”, but also to those who can hack into them to spy without anyone’s knowledge. If the NSA can do it, so can China, Russia and a host of other malicious actors.
The White House is reportedly close to coming to a decision on their official policy on encryption. Despite the FBI and NSA’s best efforts to convince them that they should push for a law mandating backdoors – a catastrophe for human rights, cybersecurity and the US economy – the White House may be on the verge of openly condemning the FBI’s approach, according to the Washington Post.
This would be great news for everybody. However, they have yet to come to a final decision. To help them, the Electronic Frontier Foundation and a host of other groups (including Freedom of the Press Foundation, where I work) have launched a White House petitioncalling on the Obama administration to do the right thing on encryption: strongly support everyone’s right to use it.
Coming out strongly against such a mandate would be huge on multiple fronts for the Obama administration: it would send a strong message for human rights around the world, it would make it much harder for other governments to demand backdoors from US tech companies and it would also strengthen the US economy.
For the White House, it would cement President Obama’s legacy as a president who ultimately decided to strengthen the internet under his watch, rather than weaken it.