Backdoors into your texts and private message provide far more information than your phone metadata.
The USA Freedom Act may be dying not with a bang, or a fight, or a big public debate, but with a whimper. And that might be explained by a simple question: When’s the last time you used your cellphone to make an actual phone call?
If you missed the news (and you might have, since as it barely made a dent in the news cycle), the National Security Agency (NSA) has reportedly abandoned a surveillance tool it fought hard to maintain after Edward Snowden exposed it. The NSA had been secretly collecting millions and millions of Americans’ phone records and metadata and storing them to look for potential connections to terrorism. Or at least that’s the reason we were told they were doing it—there is no evidence that collecting all this private domestic information actually helped fight terrorism at all.
When this abuse of the PATRIOT Act was exposed, intelligence officials and their lawmaker allies fought hard to keep the authority to collect all this information. A compromise was reached in 2015 with the USA Freedom Act, which allowed the NSA to request Americans’ phone records from the telecom companies themselves in a more restricted fashion. They still requested millions and millions of records through this system each year. Then they discovered that they were getting records they didn’t have the authority to access and had to purge the system last year.
Now an aide to a Republican congressman claims that the NSA has all but abandoned using the Freedom Act to collect phone metadata and the law might not get renewed when it expires at the end of the year. If that’s true, it’s a strange end to a long fight between national security state officials and privacy activists—a battle that stretched across multiple administrations.
There’s a good reason to be skeptical: It’s the NSA! They might have developed other ways to collect this data, and there’s such a complex and secret legal framework around our surveillance systems that we can’t really be certain of what’s going on. But there’s also a legitimate possibility here that the NSA eventually realized this surveillance wasn’t really getting it the data it needed.
That should be good news, but it actually highlights the dramatic importance of another privacy fight: the one over encryption. Increasingly we’re using apps and messaging systems to communicate with each other, not phone calls.
On the one hand, that means the metadata from phone calls is less useful to anybody who wants to snoop on you. But it also means that we’re passing along the actual contents of the conversation through texts and other messaging tools. And that means that when somebody gets access to your phone, he gets access to the actual conversations you’re having—something that wasn’t the case with the Freedom Act.
That means the battle over your right to hard-to-break encryption is much more important than the fight over NSA surveillance, even if the latter got so much more attention. Encryption protects your data and messages from prying eyes, including government eyes (not just America’s, but others as well).
There’s been a significant law-enforcement push, both in the United States and abroad, to try to force tech companies to provide access to this information on demand. Reason has been following this fight for years now, and we’ve been and warning—as have just about every single technology and information company out there—that strong encryption is necessary to protect our privacy and data from criminals and other bad actors.
But many officials would apparently rather let you be victimized than give up a chance to access your private conversations. Just last week, FBI Director Christopher Wray was beating the drum that there needs to be some way to stop criminals from using encryption to hide information. But there’s simply no way to develop systems to bypass encryption that cannot be abused.
At the same time Wray was lamenting encryption’s role in keeping secrets from police, Facebook chief Mark Zuckerberg was talking about adding end-to-end encryption to Facebook to make it harder for third parties (including law enforcement) to snoop on private messages. It’s becoming clear that encryption is going to be an extremely important mechanism to protect our data privacy as we turn more and more to messaging systems to communicate.
All of this is to say that we really, really need to be paying more attention to how Australian lawmakers may be destroying the stability of our encryption and rendering all of us (not just their own citizens) vulnerable. Australia’s Parliament has, over the objections of essentially the entire tech community, passed anti-encryption legislation that grants police agencies the power to make tech companies secretly help them bypass their own security systems to gain access to private data. They can even secretly order tech companies to introduce vulnerabilities to facilitate their own access into an app or a social media platform’s messaging systems.