Tuesday, December 14, 2021

Police Group Says Biden's FCC Nominee Is Too Dangerous Because, Uh, Encryption

Tom McKay 
GIZMONDO
© Photo: Chip Somodevilla (Getty Images) Gigi Sohn, Biden's nominee for the fifth slot on the Federal Communications Commission, testifying before the House Judiciary Committee's antitrust subcommittee on March 12, 2019.

The National Fraternal Order of Police (FOP), an organization that represents hundreds of thousands of cops across the country, is hopping mad about President Joe Biden’s nominee to the governing board of the Federal Communications Commission. And no, their stated reasons don’t make a lot of sense.

Earlier this year, Biden nominated Gigi Sohn, a distinguished fellow at the Georgetown Law Institute for Technology Law & Policy and co-founder of the nonprofit Public Knowledge, to sit as the third Democrat on the FCC’s five-member commission. Sohn also happens to sit on the board of digital rights nonprofit the Electronic Frontier Foundation (EFF), which is why the FOP authored a letter last week opposing her confirmation by the Senate and claiming she poses a threat to the public.

In the letter, the FOP claims that Sohn’s nomination to the FCC causes “serious public safety considerations” due to her ties with EFF, which among many other things has defended the use of end-to-end (E2E) encryption. True E2E encryption is designed to protect communications against interception by ensuring only the true sender and recipient (the ends) can access the contents of the communications. To accomplish this, a message is encoded using a cryptographic key on the sender’s device; that key, when provided to a recipient, is the only way to unscramble the sent data into a readable format.

The FOP wrote in the letter that the EFF’s “continued advocacy of this technology and support for additional barriers and restrictions to prevent law enforcement from obtaining historically accessible information makes it extraordinarily more difficult for law enforcement to apprehend dangerous criminals and protect the public.”

“Despite the efforts of the FOP and other law enforcement organizations, neither Federal law nor the FCC has any kind of requirement for carriers to comply with law enforcement requests, even when lives are in imminent danger,” the FOP letter continued. “We are apprehensive of Ms. Sohn’s stance on this issue based on her leadership role at EFF and because she has never moderated her extreme views on this subject.” The FOP added it would be “irresponsible” for them not to weigh in on Sohn’s nomination.

Generally speaking, end-to-end encryption is highly regarded in data security and is commonly used to protect everything from journalistic sources and corporate secrets to mundane communications between privacy-minded individuals—for example, anyone who uses Signal as their default messaging app. Like literally any method of hiding knowledge from others, criminals can use it too.

A truly flawless E2E encryption method is uncrackable short of computationally expensive methods like a brute force attack, an automated method of guessing countless keys in sequence until the right one is stumbled upon. Even the most powerful classic supercomputers in existence today couldn’t break methods like 128-bit or 256-bit encryption on timelines far longer than humans have ever been around, and even quantum computers will eventually run into the problem of quantum cryptography.

However, any implementation flaws in the encryption method might make it far easier to gain access to the data via a brute-force method. Or, for example, the key might be weak in computational terms (such as the 4-5 digit codes used to unlock many mobile devices) and instead be protected by methods like locking out a user after a limited number of attempts. Whenever police come around demanding access to encrypted communications, major tech firms have historically declined to actively help police root around for and exploit such flaws. This is at least officially what the FOP claims to be so concerned about, with the letter stating such encryption is what police refer to as “going dark.”

The FOP’s opposition to Sohn’s nomination follows a years-long scaremongering campaign by federal authorities who have attacked encryption as a godsend to criminals, saying its use foils investigators and forces authorities to let everyone from run-of-the-mill cartel members to hardcore terrorists run free. The FBI and Department of Justice have been particularly outspoken on the issue, waging both legal battles and pressure campaigns against tech firms Apple and Facebook to help them get access to encrypted data. The FBI infamously sued Apple in 2016 trying to force the company to help them crack the encryption on an iPhone owned by one of the shooters in a 2015 massacre in San Bernardino, California, specifically by helping them sideload a hacked version of iOS that would allow an unlimited number of tries.



While the FBI insisted that it could not get the data otherwise, it eventually did by partnering with a third-party firm that was able to build an exploit with the assistance of an iOS-cracking specialist. The feds and other regional authorities have repeatedly demonstrated they can get into many (if not all) devices when they really need to, such as by licensing tools from cyber-intelligence companies that often solicit insider knowledge of potential security flaws in common products. The feds have insisted that they don’t want to force tech firms to build surveillance backdoors into their products—something security experts are virtually unanimous would create potentially catastrophic risks for all users. But an internal DOJ inspector general’s report made clear in 2018 that the FBI didn’t really try very hard to get into the phone before its suit against Apple, showing the court case was more a pretext to win legal precedent on strong-arming tech firms.

The FOP letter cites FBI Director Christopher Wray giving a now-familiar argument on the subject to Congress in 2021:

What we mean when we talk about lawful access is putting providers who manage encrypted data in a position to decrypt it and provide it to us in response to legal process. We are not asking for, and do not want, any “backdoor,” that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else.

But the FOP letter doesn’t actually bother to explain what the alternative to building in such backdoors is, other than mentioning something about tech firms amending their terms of service to “provide them authority to protect the public and to comply with lawful court orders.” More importantly, this has almost nothing to do with the FCC. While the FCC does sometimes deal with encryption as it relates to service providers and networks under their regulatory purview—such as encryption of cable TV broadcasts for anti-theft purposes—it doesn’t have any kind of jurisdiction over how Apple encrypts its phones. It also has basically nothing to do with overseeing encrypted communications, except in edge cases like radio broadcasts.

The FOP did not yet respond to Gizmodo’s request for comment.

Harold Feld, a senior vice president at Public Knowledge, told Gizmodo in a phone interview that targeting Sohn over her affiliation with the pro-encryption EFF was “pretty weak tea.”

“It’s not even something the FCC does,” Feld told Gizmodo, “...except actually in circumstances where we actually care about that, like vehicle-to-vehicle communications, where, you know, one of the elements of security is that it’s supposed to be encrypted. ... I find it difficult to believe that the Fraternal Order of Police are upset if, you know, people have difficulty hacking vehicle-to-vehicle communication.”

Here’s where some additional context might come in handy to understand why the FOP is suddenly so interested in the FCC. During Donald Trump’s administration, former FCC Chair Ajit Pai ran wild pursuing policies friendly to the telecom industry, including nuking Obama-era net neutrality rules and regulations on media ownership; while Pai is long gone, the normally five-member FCC commission is now split 2-2 between Democrats Jessica Rosenworcel and Geoffrey Starks and Republicans Brendan Carr and Nathan Simington.

The latter two are Trump partisans who support some of the ex-president’s wilder ambitions, such as turning the FCC into a watchdog for claims of anti-conservative bias on social media sites; the 2-2 split also helps forestall any effort to undo the industry handouts given out during Pai’s tenure. Sohn’s nomination has also come under fire from conservatives, particularly through outlets like the Wall Street Journal or Fox News, who have branded her a hyper-partisan fire-breather who will use her power to censor MAGA types. The FOP has made no secret of its allegiance with “tough-on-crime” conservatives like Trump, so coming out against Sohn fits right in with a partisan playbook with concerns well beyond encryption.

Feld described the letter as “barely coherent” and said that it was “very clear” that attacks on Sohn from conservative media have little to do with encryption. Instead, he pointed to common ownership by the Murdoch family of Wall Street Journal parent company News Corp and Fox Corporation (both of which were involved in a legal battle over the loosened ownership rules). In the event a Democrat-controlled FCC wanted to revisit Pai-era policies, those interests would “have the most to lose from any kind of revitalized media ownership rules,” he said.

“I will also point out that if you want proof of why media ownership matters, one only has to look at the coordination between Fox News and the Wall Street Journal to imagine that maybe there is something to this, you know, theory of media ownership has something to do with a point of view,” Feld told Gizmodo.

Feld said he wasn’t worried that the FOP letter would have much impact on Sohn’s nomination. There isn’t “any sign that something from the Fraternal Order of Police or any of this is going to matter to the committee Democrats,” he said.

No comments: