In a speech to an international conference on cyber security in New York on Tuesday, attorney-general William Barr said: "While we should not hesitate to deploy encryption to protect ourselves from cyber criminals, this should not be done in a way that eviscerates society’s ability to defend itself against other types of criminal threats.
"In other words, making our virtual world more secure should not come at the expense of making us more vulnerable in the real world. But, unfortunately, this is what we are seeing today."
If you report on the US (or a "friendly" government) requesting/demanding/whining about encryption backdoors, it's your DUTY to ask whether we're okay with every country on the planet accessing the backdoors too. This is Pandora's Box. It was never meant to be opened. 2/2— Jake Williams (@MalwareJake) July 23, 2019
Barr called on technology firms to do more to provide government in gaining access to devices once they had a legal order to do so.
Barr's speech ran to more than 4000 words. He cited three ways in which encryption can be bypassed, all of which have been raised before.
One envisions the addition of an account to an encrypted chat channel, with the provider of a service doing so to enable a law enforcement official to snoop.
The second was proposed some years by Microsoft's Ray Ozzie: the creation of a key escrow system where a dedicated hardware device stores encryption keys that would be accessible only by law enforcement. No solution has yet been proposed that meets these specifications.
A third idea, first proposed by Matt Tait, a former employee of GCHQ, is for so-called layered cryptographic envelopes.
In Barr's words, "Our colleagues from GCHQ have proposed 'Virtual Alligator Clips' which allow a provider to respond to a warrant by adding a silent law enforcement recipient to an otherwise secure chat.
"Ray Ozzie has tabled a proposal for 'Exceptional Access Keys' for locked, encrypted phones so they can be unlocked pursuant to a warrant. Matt Tait has proposed Layered Cryptographic Envelopes to allow lawful access to encrypted data-at-rest on disks or other storage devices."
And he added: "I am suggesting that it is well past time for some in the tech community to abandon the indefensible posture that a technical solution is not worth exploring and instead turn their considerable talent and ingenuity to developing products that will reconcile good cyber security to the imperative of public safety and national security.
"As Microsoft’s Bill Gates has observed, '[t]here’s no question of ability; it’s the question of willingness'.”