Jim Baker served as the FBI's general counsel from 2014 until 2017, and he presided over the the FBI's attempt to force Apple to undermine its cryptography under the rubric of investigating the San Bernadino shooters; he has long been a prominent advocate for mass surveillance, but he has had a change of heart: in a long, detailed essay on Lawfare, Baker explains why he believes that governments should not seek to introduce defects into cryptographic systems.
Baker's argument is primarily instrumental: he rejects the idea that you can create cryptography that works perfectly when it's being used to protect good guys, but fails completely when bad guys try to use it. He acknowledges that any effort to ban working cryptography would simply send American criminals to offshore software repositories to get access to working crypto, and that in so doing, it would be much harder for American law enforcement to spy on its adversaries, because the metadata from their encrypted communications would be out of US law enforcement's reach.
Baker is primarily responding to Attorney General William Barr's idiotic call to ban working crypto as a matter of public safety, and he builds on the usual instrumental arguments about the limited utility of crypto bans for law enforcement with a less-often-heard argument about national security and public safety.
Baker discusses how Huawei (and other companies with deep ties to nations that the US considers to be its rivals) will inevitably have some of its gear within the US's communications infrastructure. Baker describes US communications networks becoming "zero trust networks," that can't be trusted to protect their users' privacy -- and he suggests that well-designed cryptographic tools are America's best defense in this zero-trust environment. If you can't stop Huawei from sending your data to the People's Liberation Army, at least you can encrypt that data so the PLA can't make sense of it.
He also discusses the national security interest in having well-secured information systems with up-to-date patches, and criticizes efforts (like the one the FBI made with Apple) to suborn companies to ship out poisoned software updates in order to introduce defects into their software so governments can spy on them. This will poison the well, making American individuals and companies reluctant to apply updates when they arrive, thus preserving security defects that America's nation-state rivals (as well as criminals, terrorists, etc) can exploit.
I've made similar instrumental arguments about the foolishness of attempting to ban working cryptography, but I think it's important to note that there's a much more important equity in the crypto wars: the right to privacy.
As Baker himself notes, cryptography does not create a "law-free zone" where cops can't execute lawful orders. No US law allows government officials to "force manufacturers and service providers to unlock devices and decrypt communications—that is, to rewrite software."
This is not an oversight.
The framers of the US Constitution explicitly rejected the idea that people should be forced to arrange their affairs to make life easy for law enforcement.
The existence of conversations that law enforcement can't access after the fact is not a new development: we never passed a law requiring letter-writers to use indelible ink and fireproof paper so that cops could read them later if they needed to. We never passed a law requiring every restaurant to put a hidden mic in every salt cellar so that potential lunchtime plotters could have their whispers played back after a robbery took place. You are allowed to have a murmured conversation with your spouse in bed: no law requires you to shout your communications over a megaphone so that any cops listening by the windows can hear what you're saying.
Yes, it's impossible to keep people safe while taking away their working cryptography.
But even if it wasn't impossible, it would still be wrong. Countries like Russia, China, Iran, Australia and the UK have adopted laws banning working crypto -- these are countries with very different constitutional values, ones that make allowances for forcing people to arrange their affairs to make life easier for their cops.
But both William Barr and Jim Baker are oath-bound to uphold the US Constitution and its values. The relationship of those values to the right to live your life in ways that may inconvenience law enforcement is indisputable.
Baker's willingness to admit the technical incoherence of crypto bans is great, a massive step forward, but American legal officials shouldn't even be debating whether or not it's possible to ban crypto. If Barr managed to produce a working "solution" to the problems that Baker raises, we still shouldn't use it, because Americans have the right to make choices that enhance their own security, privacy and integrity, even if that makes cops work harder.
In other words, even though Snowden opposes crypto bans and Baker opposes crypto bans, they are not talking about the same thing. Snowden is talking about upholding the Constitution; Baker is talking about the regrettable impossibility of having his security cake and eating it too.
The Defense Innovation Board discussed the fact that even if the United States and its allies keep Huawei equipment out of their domestic networks for a sustained period of time—which increasingly will be difficult to do—they will eventually encounter it somewhere in the world. Therefore, they will need to figure out how to operate in a zero-trust interconnected world, especially after the widespread deployment of 5G networks globally, much of which (at least abroad) will include Huawei equipment. They need to think about the reality of operating in a degraded communications security environment and never trust the internet, applying the zero-trust network concept on a global scale.
This strikes me as eminently sensible. The widespread deployment of Huawei and other Chinese equipment in the backbone of the internet increasingly provides China with the technical capability (whether utilized or not) to copy, corrupt or disrupt substantial portions of data traffic transmitted on Huawei equipment. In a crisis, China could direct Huawei and other companies to degrade key network elements of its adversaries and/or render them inoperable. Huawei denies that it would cooperate with the Chinese government in such activities, and some observers question the logic of Huawei ever doing so. But from a national security perspective it is prudent to focus on the capabilities of an adversary, not just stated intent. Living in a Huawei world means there are substantial risks to the confidentiality, integrity and availability of data that is essential to our effective functioning as a society.
As mentioned above, China is not the only cyber threat actor. But China and Huawei exemplify the nature and scope of the pervasive cybersecurity risks that the United States and its allies face from many adversaries.
Rethinking Encryption [Jim Baker/Lawfare]
(via Schneier)
(Image: U.S. Air Force photo by J.M. Eddins Jr)