Crypto Wars, Government Hacking and Secret Surveillance
Featured talk by Katitza Rodríguez.
In this session, I'll discuss the history of fights over government surveillance powers in the United States and its ongoing desire to gain access to our data, starting in the early 1990’s and continuing to the present day.
These issues are centered around four main themes: restrictions on cryptography and privacy tools, obligations for communications intermediaries to acquire and implement surveillance capabilities, mandatory retention of telecommunications data, and, most recently, government hacking. I'll explain how many of the aforementioned practices have been adopted in various Latin American countries with almost no public debate. We’ll discuss recent leaks from surveillance software vendor Hacking Team that reveal how governments around the world, including many in Latin America, have been using intrusive malicious software to surveil its target without specific legal powers that authorize its use or meaningful oversight.
One interesting point is that many of the themes are recurring: the powers that the government seeks today are often similar to those it sought decades ago. The range of legal approaches to obtaining access to communications is growing: recently passed and proposed laws include enforced backdoors, mandatory decryption by the end user or intermediary (as in the case of recently proposed laws in the Netherlands), as well as export controls on encryption technologies (including the implementation of the Wassenaar Arrangement in places like Australia). Another interesting point is that while some governments are unsuccessful in expanding their surveillance powers, others in Latin America have adopted data retention laws and laws compelling wiretapping interfaces and backdoors be added to communications systems and/or issue court decisions discouraging the deployment of strong encryption. As the debates grow in prominence, there’s a danger that they begin to establish norms - and that companies may provide backdoors to technologies even when not required to by legal mandate.