WASHINGTON — Attorney General William P. Barr delivered a blistering critique Tuesday of encrypted messaging programs, saying they are preventing law enforcement from stopping killings, drug dealing, and terrorism, and warned that time may be running out for the tech industry to make changes on its own.
The speech, delivered at the International Conference on Cyber Security in New York, marks a forceful return by the Justice Department to the encryption debate it has shied away from in recent years, after a bruising fight between the FBI and Apple over the locked phone of a dead terrorism suspect.
Since then, Barr said, the situation has gotten much worse.
“As this debate has dragged on, and deployment of warrant-proof encryption has accelerated, our ability to protect the public from criminal and national security threats is rapidly deteriorating,” Barr said in the written version of his speech. “The status quo is exceptionally dangerous, it is unacceptable, and only getting worse.”
The FBI and the Justice Department have long decried what they call the “Going Dark” problem — encrypted communications and data storage shielding a growing area of digital information so that it cannot be examined by detectives or federal agents, even with an order from a judge. But their criticism has failed to spur changes by Congress or computer programmers, and current and former law enforcement officials say they are losing ground in the debate.
Cyber security experts say encryption is a critical tool to protect consumers’ data from hackers, and that the government can find other ways to gather evidence about criminals. Security experts and technology executives argue that creating the type of access keys sought by law enforcement would create structural weaknesses in their systems that could be exploited by hackers, making everyone’s information less secure.
Barr offered some examples of what he called the growing danger of encrypted messaging systems.
The attorney general said that one Mexican cartel “started using WhatsApp as their primary communication method, preventing U.S. law enforcement from conducting wiretaps that would enable us to locate fentanyl shipments and seize them at the border.”
That same cartel, he said, created a WhatsApp group chat “for the specific purpose of coordinating the murders of Mexico-based police officials. The cartel ended up murdering hundreds of these police officers. Had we been able to gain access to the chat group on a timely basis, we could have saved these lives.”
In response, a WhatsApp spokesman referred to a statement made last year by Gail Kent, an executive at Facebook, which owns WhatsApp: “Cybersecurity experts have repeatedly proven that it’s impossible to create any backdoor that couldn’t be discovered — and exploited — by bad actors. It’s why weakening any part of encryption weakens the whole security ecosystem.”
“Making our virtual world more secure should not come at the expense of making us more vulnerable in the real world. But unfortunately, that is where we appear to be headed.”
Barr’s assertions are likely to be met with considerable skepticism in Silicon Valley, which fought the Obama administration over the encryption issue. After a terrorist attack in San Bernardino, Calif., the FBI sought a court order forcing Apple to open one of the killers’ locked iPhones. The Justice Department argued there was no other way to access the device that could hold key evidence, but in the midst of the legal fight, the FBI announced it had found a way to hack into the device. As a result, the encryption debate largely subsided, with Congress and the Obama administration reluctant to keep pressing on what seemed to be a losing battle.
More recently, the FBI had offered figures for the number of cellphones recovered in criminal investigations that could not be opened due to encryption. Those figures, however, turned out to be significantly overstated, due to an overcounting error by the FBI’s data collection.
Last year, the FBI acknowledged that while they had repeatedly claimed investigators were locked out of nearly 7,800 devices connected to crimes, the correct number was much smaller, between 1,000 and 2,000.