X
Tech

Tech giants hit by NSA spying slam encryption backdoors

The tech coalition includes Apple, Facebook, Google, Microsoft, and Verizon and Yahoo's parent company Oath — all of which were hit by claims of complicity with US government's surveillance.
Written by Zack Whittaker, Contributor
back-door-representing-virut.jpg

Law enforcement have long pushed tech companies for encryption backdoors.(Image: file photo)

A coalition of Silicon Valley tech giants has doubled down on its criticism of encryption backdoors following a proposal that would give law enforcement access to locked and encrypted devices.

The group, which focuses on efforts to reform government surveillance, said in a statement that it continues to advocate for strong encryption, and decried attempts to undermine the technology.

"Recent reports have described new proposals to engineer vulnerabilities into devices and services -- but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement read.

The renewed criticism follows a lengthy Wired article, in which former Microsoft software chief Ray Ozzie proposed a new spin on key escrow. Device encryption has hampered police investigations, and law enforcement officials have pushed tech companies to fix the problem -- even by way of suing them.

But security experts and cryptographers say that any kind of backdoor can't be done without it risking being abused or exploited by hackers -- and criticized Ozzie's plan as flawed.

"Weakening the security and privacy that encryption helps provide is not the answer," said the group's statement.

The tech coalition includes Microsoft -- Ozzie's former employer -- as well as Apple, Facebook, and Google, and Verizon and Yahoo's parent company Oath -- all of which were hit by allegations of complicity with the government's surveillance efforts.

The statement comes a week after the group announced the importance of strong encryption as a new core principle behind its mission, calling on governments to "avoid any action that would require companies to create any security vulnerabilities in their products and services."

The group was formed in 2014 after a slew of classified documents leaked by former National Security Agency contractor turned whistleblower Edward Snowden pointed to collaboration and cooperation from tech giants and telecom companies in domestic and international surveillance.

But the companies denied the claims, and said any data collection was done either under a secret court order or without their knowledge.

Since the Snowden revelations, the law has scarcely changed. Congress passed the Freedom Act in 2015 which rolled back portions of the NSA's phone metadata collection program. But the more privacy-invasive programs remained unscathed when the Foreign Intelligence Surveillance Act (FISA) was renewed and extended with almost none of the proposed reforms.

FISA's so-called section 702 collection allows the NSA to gather intelligence on foreigners overseas by collecting data from chokepoints where fiber optic cables owned by telecom giants enter the US. But the collection has long incidentally swept up large amounts of data on countless Americans, whose privacy is constitutionally protected from warrantless surveillance.

Event though section 702 explicitly prohibits the targeting of Americans, the intelligence community can then search those messages without a warrant.

A month earlier, ZDNet revealed through leaked documents a previously disclosed clandestine NSA collection program, known as Ragtime, was far wider than first thought -- and included the targeting of Americans.

24 internet-connected things that really shouldn't be online

Editorial standards