William Barr is a Threat To Democracy¶
Forget Donald Trump, William Barr’s vision for America is the 1984 dystopia we all fear.
by Brant Watson
2020-08-14
COINTELPRO¶
During the early morning of December 4th, 1969 a raid at 2337 West Monroe Street, Chicago took the life of Fred Hampton and Mark Clark. Both were members of the Black Panther Party. Fred Hampton, along with Jose Jimenez and William Fesperman were working to found a cultural movement they called “The Rainbow Coalition” which sought to unite several civil rights movements under a common banner and pursued treaties between rival groups to end gang violence and lower crime.
The police had obtained a warrant to search the premise for illegal weapons. The officers were assigned to Cook County State’s Attorney Edward Hanrahan who after the raid stated:
“The immediate, violent, criminal reaction of the occupants in shooting at announced police officers emphasizes the extreme viciousness of the Black Panther Party.”
Daniel Groth the Police Sargent who led the raid stated:
“There must have been six or seven of them firing. The firing must have gone on ten or twelve minutes. If 200 shots were exchanged, that was nothing. It’s a miracle that not one policeman was killed.”
This all sounds pretty damning. Police approach to serve a warrant and are immediately accosted with a violent reaction which sure seem to imply that they were probably up to something illegal. The only problem?
It wasn’t true. The raid was a planned assassination. Those at the residence fired only one shot and that shot was fired by an unconscious dying man who gripped the trigger of his gun and shot no-one. Not that anyone would ever have known except that some people broke into an FBI office and leaked documents about the FBI Program “COINTELPRO” which happened to detail what was actually going on.
It turns out that COINTELPRO was targeting the Black Panther Party to neutralize it’s leadership. It used assassination, public misinformation, as well as falsely charging people with crimes as part of it’s tactics. The idea was to create a public perception that the Black Panther Party supported violence and was a dangerous criminal gang. As part of that plan, the government of The United States of America carried out an assassination of American citizens (and then manipulated/fabricated details of the event), and pursued other illegal activities[#f1]_ .
It wasn’t just the Black Panther Party that was targeted though. Other groups included:
The KKK
Southern Christian Leadership Conference
Communist Party
Puerto Rican Nationalists
The American Indian Movement
After the documents regarding COINTELPRO were leaked, the Senate convened an investigation which held in it’s final report:
Many of the techniques used would be intolerable in a democratic society even if all of the targets had been involved in violent activity, but COINTELPRO went far beyond that… The Bureau conducted a sophisticated vigilante operation aimed squarely at preventing the exercise of First Amendment rights of speech and association, on the theory that preventing the growth of dangerous groups and the propagation of dangerous ideas would protect the national security and deter violence.
LavaBit¶
In 2004 Ladar Levison founded the company LavaBit. The goal was to produce a secure email system that allowed people to communicate privately. Formerly known as Nerdshack, Ladar and a few other programmers had concerns about the privacy in free email services like gmail.
The email system worked by encrypting messages between users, but LavaBit retained the private encryption keys. Those could be used to decrypt any messages between parties that were not privately encrypted by the customer. This allowed them to give people reasonably secure email but also comply with warrants for specific information when required to do so by law enforcement.2
There’s a challenge with this sort of scheme though. The encryption is occurring in the transport layer (the pipes of the internet). This means that all of the traffic is essentially secured by the same core “key”. If the key is ever revealed then all traffic before and in the future would be insecure (it is a little more complicated than that and there are schemes for “perfect forward security” but they were not part of the LavaBit infrastructure).
In July of 2013 the name LavaBit rose more in the public eye. It was revealed that Edward Snowden was using a LavaBit email address. The federal government served LavaBit a warrant. Unlike previous warrants however, it did not request access to existing data. It forced them to physically install surveillance equipment on the companies networks. At the time LavaBit had over 400,000 users.
But it went further than that. It requested LavaBit’s private keys. Assuming that they had captured encrypted traffic before serving the warrant (this was revealed in the Snowden Leaks as part of PRISM) this would allow them to decrypt messages that no longer existed. It would also let them see the messages of every LavaBit customer, including all past traffic they had captured.
LavaBit’s founder balked at this request and later stated:3
What ensued was a flurry of legal proceedings that would last 38 days, ending not only my startup but also destroying, bit by bit, the very principle upon which I founded it–that we all have a right to personal privacy.
If my experience serves any purpose, it is to illustrate what most already know: courts must not be allowed to consider matters of great importance under the shroud of secrecy, lest we find ourselves summarily deprived of meaningful due process. If we allow our government to continue operating in secret, it is only a matter of time before you or a loved one find yourself in a position like I did–standing in a secret courtroom, alone, and without any of the meaningful protections that were always supposed to be the people’s defense against an abuse of the state’s power.
Rather than comply and subject all of their users to an unwarranted search, LabaBit shut down entirely.
EARN IT, LAEDA, and William Bar¶
In late July of 2019, William Barr addressed the International Cyber Security conference. William Barr has on a number of occasions pushed to have backdoors in encryption. In his speech, he says:4
I am here today to tell you that, as we use encryption to improve cybersecurity, we must ensure that we retain society’s ability to gain lawful access to data and communications when needed to respond to criminal activity.
The EARN IT Act proposes creating a 19 person federal commission and giving it the power to regulate internet “best practices”. This commission would be headed by William Barr.
Given that he has publicly stated many times that he opposes warrant-proof encryption, it’s obvious what kinds of decisions the commission would be inclined towards. His opinion on actually secure encryption for the masses is crystal clear5 .
While the term “encryption backdoor” has a negative connotation to it, there are a number of other terms for the same thing. You’ll hear “key escrow” or “ghost listeners” and other terms, but they’re all effectively the same thing. The government wants broken encryption so it can access whatever data it deems it should have access to.
That wasn’t far enough however, so more recently the Lawful Access to Encrypted Data Act was introduced by Senator Graham, Cotton, and Blackburn.
“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet,” — Senator Cotton
Pretending to be concerned about child predators as a way to gain access to the private communications of every American is a pretty heavy-handed tactic. But, let’s be generous here and assume they’re operating purely in good faith. Is what they want actually possible?
The short answer is NO and the longer answer is that it is completely and totally impossible no matter what you legislate. There is no way to build weaknesses in encryption that only our government could access. Whenever you see an official suggesting or pushing for a “need” to be able to unlock phones or compel companies to break encryption, what you’re seeing is the literal only protection against an Orwellian technocracy under attack. There is no way to make encryption backdoors that can’t be abused. It’s not a question of how or ‘just need to develop the technology’ or anything else. It’s as fundamental an issue as the roots of formal systems itself. It’s not “hard”, or “improbable”. It’s mathematically impossible.”
And even if they could invent this kind of encryption, which they can’t, given what we know our own government to be capable of, it is difficult to imagine entrusting it with such power. Aside from that fact, it won’t actually stop any determined criminals.
I’m going to use the following code to demonstrate this. I will use a basic one-time-pad cipher. It is 100% uncrackable (given some caveats)7 . I’m not a genius but even I can understand the scheme and I can produce a secure implementation of it in a few lines of code:
# Standard
import base64
import logging
from typing import Union
LOG = logging.getLogger(__name__)
CIPHER_KEY_A = (
'2aDsGcnREW8cV9waUEPJ2EBjXcxunb7IqWSu7ddtoUW5D6_oOSaQxd8DxhwqYPigbO1qyLUew'
'7Jj0faQN_yI15C6yN8.nIcYZkjJ'
)
CIPHER_KEY_B = (
'jXcxunb7IqWSu7ddtoUW5D6_oOSaQxd8DxhwqYPi2aDsGcnREW8cV9waUEPJ2EBgbO1qyLUew'
'7Jj0faQN_yI15C6yN8.njXcxunb'
)
def ensure_bytes(str_val: Union[str, bytes]) -> bytes:
"""Given some text, return it in utf8 encoded bytes."""
if isinstance(str_val, str):
return str_val.encode('utf-8')
elif isinstance(str_val, bytes):
return str_val
else:
raise TypeError(f'{str_val} is not a bytes or str object')
def ensure_str(bytes_val: Union[str, bytes]) -> str:
"""Given some bytes, return it as text."""
if isinstance(bytes_val, bytes):
return bytes_val.decode('utf-8')
elif isinstance(bytes_val, str):
return bytes_val
else:
raise TypeError(f'{bytes_val} is not a bytes or str object')
def encrypt(value: str, key: str) -> str:
if len(value) > len(key):
raise ValueError('Data exceeds cipher pad size')
val_diff = len(key) - len(value)
padding = '*' * val_diff
value = f'{value}{padding}'
value = ''.join(
chr(ord(k) ^ ord(v)) for (k, v) in zip(value, key)
)
return ensure_bytes(value).decode('utf-8')
def decrypt(ciphertext: str, key: str) -> str:
un_encoded = ensure_str(ciphertext)
value = ''.join(
chr(ord(k) ^ ord(v)) for (k, v) in zip(un_encoded, key)
)
return value.rstrip('*')
There are some limitations here but this code will serve to illustrate the basics and I wanted to provide the actual code so you could “check my math” so to speak.
Consider Epstein wants to communicate with Maxwell. He uses CIPHER_KEY_A
to encrypt his message to her:
>>> encrypt('Epstein: got any new ladies for me?', CIPHER_KEY_A)
w7"
he0WvXu+5=)#1
Ei2l_NN^E}nuEeyK{RNnRB][szCMHe
fO]`@LK{duScSdDcIspA@`
He sends off the encrypted message. Maxwell replies, using CIPHER_KEY_B to
disguise her message:
>>> encrypt('Maxwell: You know I do. Any preferences?', CIPHER_KEY_B)
(8&U\
OwQ+.!*A!
^!
<#VKnYmIDxo}I|]Koz`ohMHe
fO]`@LK{duScSdD@rIR_DH
Fine so far. They’re cool, sending some secure messages. Suppose the government though knew the keys being used and had a window into this conversation because the messaging platform or email system they are using to communicate is sharing it’s secret keys with the government.
Of course every criminal would know this and what do they do?
They generate their own key and encrypt it themselves with their own secure key
which we’ll call CIPHER_KEY_C and CIPHER_KEY_D. For this exercise
assume these are:
>>> CIPHER_KEY_C = (
>>> 'io27LKgMbPQOzW7Xp0Y.BNfu0CMPpx1r4GxZ4B4ltGnQzRrOXlu8A9cqY50VO1_jziX3JyjgM'
>>> 'td9lXq8VZRCWErH9LoAvoA9T6Cf'
>>> )
>>> CIPHER_KEY_D = (
>>> 'C1QcICDHmTqszxtgDvnGy9uu6zq3skP9eD8pwO5TMM9RBeQXeb3hs9vkbHeWwqKVv2m4Iq1vj'
>>> 'kWDpyAviF.ze9.Xl_e7vfeg9lvE'
>>> )
So now before using the messaging system that is under surveillance, Epstein
creates a message using CIPHER_KEY_C which is his own:
>>> encrypt('Epstein: got any new ladies for me?', CIPHER_KEY_C)
,AC)" wB7>;Z6Y!P^<Yb"Y&>pCRY"GphF^mD{PxXerF_kI[s|e@PCr`S@Mg^NFr[|pxi}oXbfEk\Ek~iL
The messaging system in turn encrypts that value as:
~0nAg%`X
.@PgE{EFxut)
z218NN
=>Cwq
<K'2 wm
Ch(iyv:C2/ LZj(}E2
J$w
The government has CIPHER_KEY_A in it’s posession. It sees this message it
wants to decrypt so it applies the decryption key expecting to get a readable
message. Instead the result is unexpected (to them):
>>> t = """ ~0nAg%`X
.@PgE{EFxut)
z218NN
=>Cwq
<K'2 wm
Ch(iyv:C2/ LZj(}E2
J$w
)"""
>>> decrypt(t, CIPHER_KEY_A)
,AC)" wB7>;Z6Y!P^<Yb"Y&>pCRY"GphF^mD{PxXerF_kI[s|e@PCr`S@Mg^NFr[|pxi}oXbfEk\Ek~iL
What’s this? The government was expecting a message it could read but it instead
got ,AC)" wB7>;Z6Y!P^<Yb"Y&>pCRY"GphF^mD{PxXerF_kI[s|e@PCr`S@Mg^NFr[|pxi}oXbfEk\Ek~iL
which it can’t read.
The backdoored encryption thus exposes the data of ordinary citizens but does not affect any reasonably savy criminal.
In short you can nest encryption arbitrarily. Know a channel is being spied on? Simply do your own and keep out of jail. A few might get caught initially but since there is tremendous profit in criminal activity the big cats aren’t going to be brought down unless they get lazy or stupid. They will adapt accordingly. Meanwhile, the government not only has access to the private communications of every citizen, but so too do foreign governments and criminals. If encryption is weakened the exploits will not be limited to the US government. All that’s happened is that the security of individual citizens has been eliminated purely for the purpose of being able to watch your every communication.
If you want to live in a dystopian surveillance state then by all means support the efforts of William Barr to undermine the privacy of every American. If you don’t believe that private communication which the government is not privy too is important to democracy and to avoid government suppression of free speech rights, by all means support William Barr’s efforts to open American citizens information to foreign governments and criminals. Anyone who thinks that weakened encryption will only be broken by our own government is hopelessly naive.
But if you want to avoid a scenario that makes 1984 look like child’s play, then don’t fall for the fear-based rhetoric around encryption and don’t fall prey to the myth that it’s possible to weaken encryption in a way that only our government can access.
Footnotes