Pages

15 March 2016

New Front in the Encryption War: The FBI’s Long Standoff With WhatsApp

March 13, 2016
WhatsApp Encryption Said to Stymie Wiretap Order
Matt Apuzzo,  New York Times, March 13, 2016
WASHINGTON — While the Justice Department wages a public fight with Apple over access to a locked iPhone, government officials are privately debating how to resolve a prolonged standoff with another technology company, WhatsApp, over access to its popular instant messaging application, officials and others involved in the case said.No decision has been made, but a court fight with WhatsApp, the world’s largest mobile messaging service, would open a new front in the Obama administration’s dispute with Silicon Valley over encryption, security and privacy.
WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge’s wiretap order.
As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption.
The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.

To understand the battle lines, consider this imperfect analogy from the predigital world: If the Apple dispute is akin to whether the F.B.I. can unlock your front door and search your house, the issue with WhatsApp is whether it can listen to your phone calls. In the era of encryption, neither question has a clear answer.
Some investigators view the WhatsApp issue as even more significant than the one over locked phones because it goes to the heart of the future of wiretapping. They say the Justice Department should ask a judge to force WhatsApp to help the government get information that has been encrypted. Others are reluctant to escalate the dispute, particularly with senators saying they will soon introduce legislation to help the government get data in a format it can read.
Whether the WhatsApp dispute ends in a court fight that sets precedents, many law enforcement officials and security experts say that such a case may be inevitable because the nation’s wiretapping laws were last updated a generation ago, when people communicated by landline telephones that were easy to tap.

“The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them,” said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. “They’re waiting for the case that makes the demand look reasonable.”

A senior law enforcement official disputed the notion that the government was angling for the perfect case, and said that litigation was not inevitable.
This is not the first time that the government’s wiretaps have been thwarted by encryption. And WhatsApp is not the only company to clash with the government over the issue. But with a billion users and a particularly strong international customer base, it is by far the largest.
Last year, a dispute with Apple over encrypted iMessages in an investigation of guns and drugs, for instance, nearly led to a court showdown in Maryland. In that case, as in others, the company helped the government where it was able to, and the Justice Department backed down.
The messaging service WhatsApp has been adding encryption, challenging wiretapping laws last updated a generation ago. Credit Chris Ratcliffe/Bloomberg

Jan Koum, WhatsApp’s founder, who was born in Ukraine, has talked about his family members’ fears that the government was eavesdropping on their phone calls. In the company’s early years, WhatsApp had the ability to read messages as they passed through its servers. That meant it could comply with government wiretap orders.
But in late 2014, the company said that it would begin adding sophisticated encoding, known as end-to-end encryption, to its systems. Only the intended recipients would be able to read the messages.
“WhatsApp cannot provide information we do not have,” the company said this month when Brazilian police arrested a Facebook executive after the company failed to turn over information about a customer who was the subject of a drug trafficking investigation.
The iPhone case, which revolves around whether Apple can be forced to help the F.B.I. unlock a phone used by one of the killers in last year’s San Bernardino, Calif., massacre, has received worldwide attention for the precedent it might set. But to many in law enforcement, disputes like the one with WhatsApp are of far greater concern.

For more than a half-century, the Justice Department has relied on wiretaps as a fundamental crime-fighting tool. To some in law enforcement, if companies like WhatsApp, Signal and Telegram can design unbreakable encryption, then the future of wiretapping is in doubt.
“You’re getting useless data,” said Joseph DeMarco, a former federal prosecutor who now represents law enforcement agencies that filed briefs supporting the Justice Department in its fight with Apple. “The only way to make this not gibberish is if the company helps.”
“As we know from intercepted prisoner wiretaps,” he added, “criminals think that advanced encryption is great.”
Businesses, customers and the United States government also rely on strong encryption to help protect information from hackers, identity thieves and foreign cyberattacks. That is why, in 2013, a White House report said the government should “not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption.”
In a twist, the government helped develop the technology behind WhatsApp’s encryption. To promote civil rights in countries with repressive governments, the Open Technology Fund, which promotes open societies by supporting technology that allows people to communicate without the fear of surveillance, provided $2.2 million to help develop Open Whisper Systems, the encryption backbone behind WhatsApp.

Because of such support for encryption, Obama administration officials disagree over how far they should push companies to accommodate the requests of law enforcement. Senior leaders at the Justice Department and the F.B.I. have held out hope that Congress will settle the matter by updating the wiretap laws to address new technology. But the White House has declined to push for such legislation. Josh Earnest, the White House spokesman, said on Friday that he was skeptical “of Congress’s ability to handle such a complicated policy area.”
James B. Comey, the F.B.I. director, told Congress this month that strong encryption was “vital” and acknowledged that “there are undoubtedly international implications” for the United States to try to break encryption, especially for wiretaps, as in the WhatsApp case. But he has called for technology companies and the government to find a middle ground that allows for strong encryption but accommodates law enforcement efforts. President Obama echoed those remarks on Friday, saying technology executives who were “absolutist” on the issue were wrong.
Those who support digital privacy fear that if the Justice Department succeeds in forcing Apple to help break into the iPhone in the San Bernardino case, the government’s next move will be to force companies like WhatsApp to rewrite their software to remove encryption from the accounts of certain customers. “That would be like going to nuclear war with Silicon Valley,” said Chris Soghoian, a technology analyst with the American Civil Liberties Union.

That view is one reason government officials have been hesitant to rush to court in the WhatsApp case and others like it. The legal and policy implications are great. While no immediate resolution is in sight, more and more companies offer encryption. And technology analysts say that WhatsApp’s yearlong effort to add encryption to all one billion of its customer accounts is nearly complete.

No comments:

Post a Comment