William Barr is an idiot.

I'm not talking about his handling of the Mueller report, nor am I talking about Ukrainian conspiracy theories. You can make up your own minds about those issues. I'm talking about Barr's completely wrong, incorrect, so-backward-it's-right-out-the-damn-window stance on encryption. Both in a recent letter to Facebook and as far back as July, Barr has made it clear that he wants backdoors into encrypted communication systems, consequences be damned.

This outlook puts the private messages of American citizens, and anyone else who would use these platforms at risk, because a backdoor is still a door and even a door with a lock on it can be opened.

The Encryption Issue

When we say that something is encrypted "end to end," it means that the information is secured along its entire route. This is what Facebook said it wants to implement by default across all of its messaging platforms, not just WhatsApp. And that's what Barr objects to. In addition to being encrypted in transit, data should also be encrypted "at rest," meaning that it's secured while sitting on your device or on the server that's storing the data. In an ideal world, the company providing the service handles the encryption keys in such a way that they cannot decrypt the data. It's worth noting that Apple checks all these boxes with its Messages platform, making it a paragon of privacy.

This annoys law enforcement because it blocks the easiest route to accessing this information. If they intercept it, they can't read it. If they seize the server it's on, they can't read it. If they subpoena the company for the keys and and the encrypted data they still can't read it. Which is exactly how it's supposed to work. Law enforcement has long wailed about a future in which encrypted communications are so common they prevent the good guys from stopping the bad guys. This is called "going dark," and while the PCMag style guide does not allow for sarcastic air quotes I sincerely hope you read them that way.

In Barr's defense, he's not the only dummkopf in government or law enforcement to believe that encryption is dangerous. Former FBI Director James Comey espoused the same foolish stance while he was in charge of the nation's highest law enforcement organization. The current Director, Christopher Wray, shares that position, as did former Attorney General Loretta Lynch. And these are just the ones I can think of off the top of my head.

The fatuity isn't uniquely American. It's an international affair. The Australian government has already passed a law that requires companies to provide law enforcement access to encrypted messages. The UK has debated a similar bill.

Lots of Ideas, All of Them Bad

What the nimrods in office want varies. Some would require companies to keep data and encryption keys accessible so, with a legal warrant, law enforcement could take a peek. Some would require fundamental changes to encrypted systems where a central agency issued keys to technology companies, allowing law enforcement to decrypt any data.

William Barr, aforementioned clod, does not seem to have outlined a preference in how messages and data should be made available. That's fine, because all ideas of building any kind of backdoor are bad, and for the same reasons.

For one thing, it assumes that law enforcement will always act in the best interest of society. Administrations and laws will change, however, and what is protected today may be fair game tomorrow. For another, the fools assume that warrants are adequate for limiting access to the personal information of innocent individuals—something we know to be untrue from how the NSA handled its massive spying operations in the past. Through both negligence and design, the NSA accessed much more information than it was supposed to have collected, including that of the US citizens the agency is prohibited from spying on.

Lastly, and more importantly, proponents of backdoors believe that they will be the only ones able to use the backdoor. This is also wrong. Even if US law enforcement carries out backdoored operations in the saintliest of manners, another country might not be so careful. Barr and others often invoke the most horrific of crimes—human trafficking, child sexual exploitation, terrorism—as necessitating the creation of encryption backdoors. But there's nothing to stop another country from demanding a backdoor, and using it to repress dissent, commit genocide, or carry out attacks on its own.

The US also doesn't have the best track record for keeping its cyber secrets, well, secret. The NSA's hacking tools keep showing up in unusual places, and have already been used by evil developers to create new, virulent malware. A backdoor opens for anyone with a key (or a lockpick), and not always the people you want.

Best of all, there's scant evidence that breaking encryption would actually prevent crime or allow law enforcement to prosecute criminals. Crypto expert Klaus Schmeh did some back-of-the-napkin research and concluded that breaking encryption isn't likely to yield better results for law enforcement.

The Crypto Wars, Revisited

The silliest part of this whole drama is that I actually intended to write this piece months ago. Time constraints stopped me, but I wasn't worried, because I knew it would come up again. It always does. The arguments to weaken encryption are always the same, and the arguments against it haven't changed either.

Those with longer memories will recall the Crypto Wars of the 1990s, and earlier efforts by the NSA to weaken encryption systems. Did you know that encryption systems that were strong enough to resist attacks by governments were on the US Munitions List and illegal to export? That's idiotic.

Interestingly, support for backdoors isn't unanimous. Then Secretary of Defense Ashton Carter said in 2016 that the nation and the Department of Defense benefited enormously from truly secure encryption systems. Mike McConnell, former director of the NSA and a proponent of the infamous (and itself harebrained) Clipper Chip, changed his stance on encryption. He now believes that strong encryption is invaluable to the nation and to industry. Former Secretary of Homeland Security Michael Chertoff also agrees, and couched his argument in the morality of supporting the right to privacy.

Let Math Be Math

The great thing about encryption is that it's just math. It's not fickle like us humans, and it's entirely predictable and logical, unlike our laws. If it's used correctly, encryption secures our information from those who shouldn't see it, and validates information to ensure it hasn't been tampered with. See that little lock in your URL bar? It's there because of asymmetric key encryption.

When you add a backdoors and secret master keys to encryption, you build in weaknesses. You make what's predictable and verifiable subject to human whims.

Faced with encrypted communications and data, law enforcement should probably think like hackers, and simply avoid the encryption. If the desired information is secured everywhere except on the target's phone, target the phone. Law enforcement can also leverage its unique monopoly on legal violence, and its experience in investigation. When the cops took down the proprietor of the Silk Road, a notorious darkweb marketplace for illegal goods, they did so with inside informants who had privileged access to information. When the perpetrator was caught, he was tackled moments before closing his laptop, letting investigators raid it for additional evidence. No backdoors were necessary.

Instead of fighting against encryption, law enforcement should champion it. Secure systems enable commerce across the world, and secure messaging means people are free to speak their minds without fear of reprisal. Privacy should be a right that our government cherishes and law enforcement should be fighting to protect, not lazily ceding out of fear and cowardice.

Further Reading

Security Reviews