"Nearly all" FBI call logs stolen from 2022 AT&T breach; Bureau embraces end-to-end encryption

Despite opposing end-to-end encryption for the past few decades, recent events have caused agencies like the FBI to consider using it. The 2022 AT&T breach mostly leaked communications metadata instead of message content; however, this was enough to expose the contact information of FBI agents and their sources. Leopards definitely ate their face! :leopard:

Anyways, was anyone here impacted by the AT&T breach? This problem may be less harmful society-wise if cross-platform E2EE gets anywhere.

As the US government has scrambled to respond, one recommendation from the FBI and Cybersecurity and Infrastructure Security Agency has been for Americans to use end-to-end encrypted platforms—like Signal or WhatsApp—to communicate. Signal in particular stores almost no metadata about its customers and would not reveal which accounts have communicated with each other if it were breached. The suggestion was sound advice from a privacy perspective, but was very surprising given the US Justice Department’s historic opposition to the use of end-to-end encryption. If the FBI has been grappling with the possibility that its own informants may have been exposed by a recent telecom breach, though, the about-face makes more sense.

1 Like

I still haven’t heard about how the NSA feels about all this.

Or did NSA finally recognized the dangers and told FBI to encourage this instead at risk of irony?

Funny enough, the government tends to argue with themselves over end-to-end encryption.

Law-enforcement adjacent agencies, such as those in the Justice Department, used to oppose E2EE as it often impedes their investigative work. However, the DOD and most intelligence-oriented agencies have long set encryption standards to protect their own secrets (i.e. for counterintelligence purposes). They oppose any form of backdoor that the former may propose enacting.

Of course, this was the historical debate among federal agencies and not necessarily accurate today.

3 Likes

I see… yeah, there’s definitely irony here and is complex to fathom what’s what and why and how.

Very much a thing here in Australia too – the ACSC which is part of the ASD (think CISA if it was directly under and run by the NSA) has a lot of common-sense recommendations including around using E2EE while the ASIO (FBI equivalent) constantly shits on E2EE as “allowing criminals to get away”

2 Likes

You are spot on. I work for the DOD. Atleast in my organization, we’ve been using Signal for any communication on cell phones for years.

This seeming contradiction between law enforcement and the intel community/DOD makes sense when you consider they have very different missions. Law enforcement (including FBI) are focused on domestic criminal activity. The easier it is to spy on Americans the easier their day job.

The CIA and DOD (NSA is part of DOD) is concerned about foreign threats and collecting on foreign adversaries. The harder the U.S. is as a target the better for their mission set.

Naturally these give conflicting public guidance. I know many people wouldn’t go to them for advice, but the NSA has long published recommendations for security and privacy for the general public that would largely agree with everything on this site.

4 Likes

Anybody in our shoes understands this has been an issue before TikTok, and will be an issue with other foreign apps as well. But the layman won’t understand without digging, and most people just want their cat videos, not a deep briefing on privacy and surveillance technologies used against us daily by our nuclear adversaries.

3 Likes