We didn’t win the second crypto wars. Governments merely made a strategic retreat and they’ll be back. Although they will likely give up on trying to regulate or prohibit encryption, we should expect that malware and law enforcement hacking will play a starring role in the next battle in the crypto wars.
In a world where encryption is increasingly the norm, the cops aren’t going to give up and go home. No, they’ll target our scarily insecure mobile devices and computers. How did we get here, what's going on, and what can we do to stop it? Come to this talk to find out.
For more than fifteen years, the FBI has had a dedicated hacking team. Until recently, this team’s hacking operations were shrouded in near-complete secrecy. That is slowly starting to change. And while we still don’t know a lot, what we have learned is alarming. For example, in order to deliver malware, the FBI has impersonated journalists and engaged in bulk-hacking operations that targeted users of legitimate communications services (TorMail).
As the next crypto wars unfold in Washington, London and Brussels, we should expect to see law enforcement hacking play a central role in the debate. With the mass, default adoption of full disk encryption storage and end-to-end encryption for communications, law enforcement agencies will no doubt struggle to acquire data that has traditionally been easy for them to get. This will likely result in two significant policy shifts – first, it will force law enforcement hacking out of the shadows, and second, it will cause hacking tools to trickle down from elite, well-resourced federal law enforcement units to regional and local cops, who are most impacted by encryption, the least technically sophisticated and the most likely to abuse hacking tools.
If a world in which the FBI hacks is scary, just wait until local police departments are doing it too.
We must stop the spread of hacking as a law enforcement tool, before it is too late.