THE KEY

SAN FRANCISCO – The Justice Department has essentially given up hope that tech companies will voluntarily build into their products a special way for law enforcement to access encrypted communications to help track terrorists and criminals, a top official says.

Instead, the department is focusing on getting legislation that forces companies to cooperate –  and is hoping encryption-limiting laws in Australia and the United Kingdom will ease the path for a similar law in the United States, said John Demers, assistant attorney general for national security. 

“If there were a proposal from tech companies or a desire to talk about this issue that wasn't just everybody rehashing their own positions…then we'd be happy to hear it,” he said. “But we really haven't gotten anywhere in however many years we've been open to talk.”

The shift illustrates how law enforcement believes it now has a political advantage in the debate over warrant-proof encryption – especially in Congress where lawmakers harangued officials from Apple and Facebook over the systems during a Senate Judiciary Committee hearing in December. As committee chairman Lindsey Graham (R-S.C.) warned the companies then: “You’re going to find a way to do this or we’re going to do it for you.” 

“I've never seen such a bipartisan appetite for legislation," Demers said of that hearing. "It seems to me that in Congress something has shifted and it's shifted in favor of trying to find some solution to this problem.” 

Demers was speaking with reporters ahead of the RSA Conference in San Francisco – one of the top annual gatherings of tech and cybersecurity executives. But there’s no organized plan to lobby any of those leaders on warrant-proof encryption, he said, describing their positions as “dug in.” 

That's a sea change from 2016, when the FBI and Justice Department sought to appeal to Big Tech to find a compromise, as prospects for encryption-limiting legislation seemed all but dead. Back then, the momentum seemed to be security experts who argued there’s no way to give police special access to encrypted systems without raising the risk that criminal hackers could also break into those systems. 

The FBI stepped back that year from a legal standoff with Apple in which it tried to force the company to help it crack into an encrypted iPhone used by San Bernardino shooter Syed Farook. And two years later the bureau was rocked by internal watchdog reports that found it had rushed to litigation against Apple without exploring other ways to crack into the phone and repeatedly overstated how many cases were foiled by encryption.

Demers pointed to two big changes since then that have given the government’s encryption arguments juice.

First, Congress and the broader public are feeling a lot less sympathetic to big tech companies in the wake of myriad privacy scandals and after Russian operatives co-opted social media to spread disinformation during the 2016 election. 

“If you look at what the feeling is about social media companies in Congress today versus what it was…in 2015, it's very different,” he said. “There’s a sense that social media companies ought to have more responsibility for what's happening on their platforms.”

Second, Australia passed a first-of-its-kind law allowing police to force companies to give them access to encrypted communications in 2018 and the United Kingdom passed a more limited law in 2016.

Demers hopes those laws will create a model for how lawmakers in the United States might limit encryption, he said. But he’s also hoping if encryption-limiting laws spread that will knock back one big argument made by U.S. tech companies – that backdoors for law enforcement will mean lost business to companies in countries that aren’t bound by similar laws. 

“If their competitors are in these other countries [with encryption-limiting laws] …then there's not going to be a competitive disadvantage for American companies,” he said. 

Justice officials have also shifted their messaging on encryption, talking less about the danger of terrorists recruiting and planning operations outside law enforcement's view and more about the threat of a surge in child predators sharing illicit images or luring children on social media. There are signs it might be working: the tough-on-tech hearing in December came after Attorney General William P. Barr offered a public plea for Facebook to back off plans to expand encryption on its messaging platforms for these reasons.

Facebook refused to change its plans, saying limiting encryption would damage cybersecurity for all its users. 

PINGED, PATCHED, PWNED

PINGED: The drama over intelligence agency reports about Russia supporting President Trump and Democratic front-runner Sen. Bernie Sanders (I-Vt.) continues. Trump slammed House Intelligence Chairman Adam B. Schiff (D-Calif.) saying that he "set up" the intelligence community with “lies and leaks.” 

Democratic Sens. Robert Menendez (N.J.), Sherrod Brown (Ohio) and Minority Leader Charles E. Schumer (N.Y.) also wrote to the Treasury and State Departments urging new sanctions on Russia in light of the reports, per Emma Loop at BuzzFeed.

PATCHED: Facebook, meanwhile, came up empty-handed in a probe of whether suspicious content boosting Sanders's presidential bid was linked to Trump supporters or Russia, the Wall Street Journal's Emily Glazer and Dustin Volz report

The company investigated the content after an outside researcher flagged it as suspicious, Facebook spokesman Andy Stone told Emily and Dustin. He also said that the company has not been notified by the intelligence community that Russian actors are boosting Sanders on social media. 

“Had we found a campaign of coordinated inauthentic behavior, we would’ve removed it and announced it publicly, just as we did more than 50 times last year, Stone told Emily and Dustin.

U.S. intelligence officials have briefed Sanders that Russia is attempting to help his presidential campaign to interfere with the 2020 Democratic primary, my colleagues reported last week. But it wasn't immediately clear what form that assistance took and if it involved social media manipulation. U.S. prosecutors previously uncovered a Russian effort in 2016 using social media to boost Sanders's candidacy. 

PWNED: Trump’s pick for acting director of the intelligence community, who is under fire from Democrats who say he’s underqualified and overly-partisan, will also drawn into the efforts to extradite Julian Assange from London, Natasha Bertrand at Politico reports

Lawyers for the WikiLeaks founder plan to argue that Richard Grenell, as U.S. ambassador to Germany, was part of a highly political process to ensure Assange’s extradition and was working under direct orders from Trump, Natasha reports. That included guaranteeing to Ecuadoran officials that Assange would not face the death penalty in the United States if they expelled him from the embassy where he had taken refuge for the past eight years. 

The argument is based on secondhand conversations with Grenell's associate Arthur Schwartz, who texted journalist Cassandra Fairbanks that Grenell took orders from the president. Schwartz has denied implicating Grenell. 

Here’s more on opening arguments in the Assange extradition case from my colleagues William Booth and Karla Adam.

PUBLIC KEY

— Sen. Ron Wyden (D-Ore.) wants answers from ShiftState, the cybersecurity firm that audited the Voatz mobile voting app that's come under fire for security flaws, Tim Starks at Politico reports. Wyden wants to know how and why ShiftState gave the system a clean bill of health. 

— More cybersecurity news from the public sector:

National Security
The legislation does not go far enough to strengthen protections for targets of intelligence wiretaps, privacy advocates say
Ellen Nakashima
“The one area that China has been keen to exploit is at the state level because state governments largely are not aware of the threat it poses to them,” Sen. Marco Rubio said at the report’s release.
Nextgov
Lawmakers scored another win in their fight against TikTok after the Transportation Security Administration barred its employees from using the megapopular video app.
The Hill

PRIVATE KEY

— Cybersecurity news from the private sector:

All signs point to an attack exploiting PayPal's Google Pay integration.
ZDNet
A new report warns that the iOS copy/paste function has this risky "exploit" built-in.
Forbes

THE NEW WILD WEST

— Cybersecurity news from abroad:

The Prime Minister's office, the Ministry of Foreign Affairs, the National Intelligence Service (EYP) and the Hellenic Police (ELAS) were the targets of an international cyber espionage campaign in April 2019 code-named “Sea Turtle.”
Kathimerini
Mexico's economy ministry detected a cyber attack on some of its servers on...
Reuters
Australia is under an "unprecedented" threat of foreign espionage and ...
Reuters

ZERO DAYBOOK

—Today:

  • RSA Conference 2020 is scheduled for Feb. 24 to 28 in San Francisco.

Coming up

  • The Cyberspace Solarium Commission will release of its final report and recommendations during a public event on March 11 at 2:30pm.
  • The House Judiciary will mark up the USA FREEDOM Reauthorization Act of 2020 on Wednesday.