James Harris is a former FBI agent who spent 8 years working to combat child sexual exploitation. He is also a computer guy, he codes, knows his tech, and isn’t ignorant on encryption.
Jim wrote an excellent Twitter thread about the “backdoor the encryption, because children” argument. Rather than engage it head on, he contextualises it within the framework of enabling law enforcement to do its job. His insight is great, and addresses the real issue — not the encryption — what does LE need to find and prosecute child abusers? That is the point after all, rescuing kids from horrific situations.
Thread
*checks to see why phone keeps buzzing* Ah…
— James Harris (@jimeharrisjr) October 4, 2019
So… where to begin. At issue is not so much the volume of any individual child series, but the sheer number of child series being submitted for identification. Each series is a child (or set of children) being abused
So… where to begin. At issue is not so much the volume of any individual child series, but the sheer number of child series being submitted for identification. Each series is a child (or set of children) being abused
So, what’s most distressing (and was already growing rapidly when I was an agent) is the private groups where you must share your own home-grown stuff. That’s the worst of the worst. Those guys (and gals) are so confident in their tech security that they can be that brazen
One of the opportunities there is to work the stuff the way counterterrorism internet operations are run, and that would not require so much as backdoored crypto as freedom to work with fewer restrictions. Right now, LE is severely compromised in what they are allowed to do UC operations in child exploitation can’t go very far, and informant ops are also hamstrung – because the victimization of the child is in part sharing the actual images, so you can’t continue to victimize the child as LE.
So, long story short, aggressive intelligence operations, combined with international cooperation and some technology investment would probably be the better solution than backdoored crypto – but as the articles have been saying, there’s no real will on the part of the government.
Child exploitation is “icky” and men in suits don’t feel comfortable discussing it. They don’t like planning ops against it. Everybody wants to “smash the perverts,” but doing it correctly would require actual time investment in a very dark world.
I’m not talking smack to those folks who don’t want to work this – I did it for around 8 years, and it wrecked me. But it has to be done. So the easier way is to talk about crypto as the issue – and it is an issue, and there are bunches of arguments I can make on both sides
And there are lots of reasons to distrust “unbreakable crypto,” and lots of issues around availability and the right of governments to conduct lawful searches under their own laws, but this particular problem isn’t the silver bullet against crypto because there are more things to try here.
If we gave LE a real mission (not just money and some congressional “go get ’em,” and invested in experts to use graph theory and work networks of informants in the same way we do with other issues – in short, if we agreed that protecting children is a national priority, and went after it the way we do terrorism and foreign intelligence operations, we could change the conversation. If we could define when it’s OK for the good guys to hack and what type of warrants are needed for it, and how to handle digital contraband and respect the rights of the victims, then it’s not about crypto breaking – it’s about running good intelligence operations.
But that requires men and women in suits and ties in very serious rooms to actually spend real time addressing a problem they’re way too squeamish to talk about.
So until the whole-of-government gets off its collective ass and starts putting real minds together to talk about this in a real way, the fallback will be “break the crypto.“
Leave a Reply