Privacy SOS

The FBI’s attack on encryption and the misleading phrase “lawful interception”

“Encryption tech that would thwart a lawful court order,” he says.

From the FBI director to Senator Tom Cotton, proponents of expanded executive power tell us not to worry about the FBI’s plan to make our communications and internet use less secure by installing government backdoors in encryption systems. After all, there is a reliable system in place to ensure the government only uses its surveillance powers in rare, limited circumstances, with rigorous court oversight, and in a manner as transparent and accountable to the public as possible. You can trust the FBI because if you give the FBI a key to your kingdom, it will never abuse that access, we are made to believe.

Are you laughing yet?

As I wrote a year before the Snowden revelations, the fig leaf of “lawful interception” obscures the real state of surveillance in the United States today. In most cases, law enforcement doesn’t even need to obtain a warrant to spy on us by tracking our digital footprints or communications.

Transparency reports from major communications providers routinely show that law enforcement uses the lowest possible standard of demand—the subpoena, often never even seen by a judge, let alone approved by one—when it asks these corporations for our information. Then there are the “court orders” Tom Cotton referenced today at the senate hearing on the FBI’s plot to destroy internet security. Court orders are not the same as warrants.

The most commonly used court order, called a (d) order, does not require the government show probable cause that the information obtained in the search will be evidence of a crime. Probable cause is the gold standard of American justice, spelled out in the Fourth Amendment's warrant requirement. Agencies from the FBI all the way down to local police have been obtaining not just our purchasing and communications records but the actual content of our communications, and our location information, using these (d) orders. The standard is so easy to meet, and the system of transparent reporting around (d) orders so broken, that a magistrate judge has said "it's reasonable to infer that far more law-abiding citizens than criminals have been tracked" under the authorizing statute, the Electronic Communications Privacy Act (ECPA) of 1986.

And then there’s the highly secretive, accountability-free, so-called “foreign intelligence surveillance” regime, which feeds programs like PRISM and the NSA’s Google, X-KEYSCORE.

So when Jim Comey or pro-FBI congressmen tell you not to worry about expanded FBI surveillance powers because the FBI only conducts “lawful interception,” pursuant to “lawful orders,” remember that the legal regime in place to govern those surveillance demands is one of two very disheartening things. On the criminal domestic side, it’s woefully obsolete and needs a major makeover. And when it comes to anything FISA or “terrorism” related, it’s very likely unconstitutional.

As I wrote yesterday, the truth is that the FBI has all the power in the world to target dangerous people, even if those dangerous people use encryption. Encryption doesn't endanger public safety; it enhances it. The real threat encryption poses to insatiable government entities like the FBI is that it makes dragnet surveillance of entire populations much more difficult and expensive. That's part of what makes encryption so great—and it's why we must aggressively defend robust security tools when they come under spook attack as is happening now. After all, encryption is one of the only ways we can protect ourselves from unwarranted government spying—whether it's "lawful" or not.

© 2021 ACLU of Massachusetts.