US attorney general William P. Barr has cited Australia’s efforts to compel access to encrypted communications as justification for his own nation to legislate for the same outcome.
Speaking at the International Conference on Cyber Security, Barr said “We believe that when technology providers deploy encryption in their products, services, and platforms they need to maintain an appropriate mechanism for lawful access".
“This means a way for government entities, when they have appropriate legal authority, to access data securely, promptly, and in an intelligible format, whether it is stored on a device or in transmission.”
Barr cited Australia, where the Assistance and Access Bill compels technology companies to facilitate access to encrypted material, as proof the US needs similar capabilities.
“The United States is not alone in addressing this issue,” he said. “In fact, many of our international partners such as the UK and Australia are already moving on statutory frameworks to address it.”
Barr said the US Department of Justice doesn’t want to impose a method for access onto device makers and service providers. Instead he feels “Our private-sector technology providers have immensely talented engineers who have built the very products and services that we are talking about. They are in the best position to determine what methods of lawful access work best for their technology.”
And he also said they’re smart enough to figure out how to allow access without breaking encryption.
“But there have been enough dogmatic pronouncements that lawful access simply cannot be done. It can be, and it must be.”
“Such encryption regimes already exist,” he added. “For example, providers design their products to allow access for software updates using centrally managed security keys. We know of no instance where encryption has been defeated by compromise of those provider-maintained keys. Providers have been able to protect them.”
Barr’s justification for his position will be familiar to Australian readers: warrant-proof encryption hinders investigations into terrorism, drug trafficking and local crime. If backdoors into encrypted communications mean the US can prevent those crimes, he argues citizens will actually feel more free and secure.
“The point I hope you take away today is that our societal response to advances in technology that affect the balance between individual privacy and public safety always has been — and always should be — a two-way street,” Barr said.
“When these advances tip the scales too far in favour of the government, the response is to expand privacy protections. And when these advances threaten public safety by thwarting effective law enforcement, the response should be to preserve lawful access.”
Barr also criticised technology companies that claim confidentiality backed by encryption is core to their business model, saying that a business model of enabling criminals to be unobserved is "illegitimate". He argued that offering backdoors is in fact the best way to guarantee customer privacy, by making it easier to detect and defeat bad actors.
The attorney general also chose to argue against backdoors representing an unreasonable impost on technology companies.
“Some who resist lawful access complain it places an unreasonable burden on companies, who must spend time and resources on developing and implementing a compliance mechanism. To that, I first say, ‘Welcome to civil society’.”
Barr’s speech ended with his preference for the Department of Justice “to engage with the private sector in exploring solutions that will provide lawful access,” followed by a warning that “the time to achieve that may be limited” and legislation will then loom.
“The status quo is exceptionally dangerous, unacceptable, and only getting worse,” he concluded. “The rest of the world has woken up to this threat. It is time for the United States to stop debating whether to address it, and start talking about how to address it.”