PerspectiveIf We Build It (They Will Break In)

Published 4 March 2020

Attorney General William Barr has staked his ground in the long-running debate over law enforcement access to encrypted communications. Last fall, Barr criticized end-to-end encryption as “enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield.” As the debate continues, commentators and policymakers often overlook a historical example of the problems with law enforcement access.

Attorney General William Barr has staked his ground in the long-running debate over law enforcement access to encrypted communications. Last fall, Barr criticized end-to-end encryption as “enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield.” As the debate continues, commentators and policymakers often overlook a historical example of the problems with law enforcement access.

Susan Landau writes in Lawfare that Barr’s position is hardly novel.

For more than two decades, law enforcement has argued that end-to-end encrypted communications present an extreme public safety risk and that tech companies must build in access in the form of some variation of escrowed keys, backdoors, front doors or exceptional access. During that time, many observers have argued that creating this access for law enforcement would decrease public security, not increase it. There’s a cautionary tale about wiretapping from the 1990s that has bearing on today’s encryption battles.

As new (primarily digital) telephone services emerged in the 1990s, old-style wiretapping could not keep up. law enforcement got its way with the 1994 passage of the Communications Assistance for Law Enforcement Act (CALEA),

which required service providers to build digitally switched telephone networks so that they were “wiretap enabled.” That meant that the phone switches, which connect telephone lines, were to be built in a way that enabled any call to have a silent third party—an eavesdropper—listening in. These “wiretap enabled” networks essentially put a security hole in the middle of a phone switch, creating serious risks. Although computer scientists raised that concern about the legislation, the law ultimately passed.

Nothing was simple about implementing CALEA. “Building a wiretapping interface for law enforcement into a telephone switch did, as predicted, enable others to listen in,” Landau writes.

She adds:

Fast forward to today. Law enforcement’s line on encryption is that surely the smart people in Silicon Valley can figure out how to build systems that enable law enforcement, backed up with a court order, to access encrypted communications and encrypted data on phones. In reality, such surveillance systems are not easy to build—and not easy to build securely. If the CALEA story reveals anything, it shows that when companies build in backdoors, hackers, nation-states and criminals will come. That’s not the cybersecurity, national security or public safety solution we need.