(anagram; of the ?ttm?teh $tatea

Washington, tact 20510

October 31, 2019

The Honorable William P. Barr, Attorney General
Department ofJustice

950 Avenue, NW.

Washington, DC. 20530

Dear Attorney General Barr,

Child sexual abuse imagery (CSAI) is a plague that companies, government and civil society
groups must work together to purge from our society. However, we have serious concerns
about the Department of Justice?s (DOJ) misguided, hypocritical efforts to pressure
technology companies like Facebook into subverting the that protects their
messaging apps to enable government access. This proposal will not meaningfully address
the problem of CSAI, because illegal content will simply move to the dark web and to
foreign commercial providers that are beyond the reach of US. law enforcement, while
exposing millions of law?abiding Americans to new cybersecurity threats from stalkers,
hackers and other criminals.

CSAI is a heinous problem, but it is one that American technology companies have been
working to address. As the New York Times described in a recent story, the major tech
platforms have taken significant voluntary steps to detect and flag Last year, tech
companies sent 45 million tips to law enforcement. This shocking number highlights not only
the enormous nature ofthe CSAI problem, but also the inadequacy ofthe government?s
efforts to date. Quite simply, law enforcement agencies are receiving orders of magnitude
more tips than they have the resources to investigate. That must change.

As Members of Congress, we take our responsibility to protect our nation?s children
seriously. This is why Congress passed the PROTECT Act of 2008 and the Child Protection
Act of 2012, both of which require DOJ to take steps to coordinate a cross-sectoral approach
to reducing CSAI. Unfortunately, has failed to comply with parts ofthese laws,
including a requirement that it submit to Congress a National Strategy for Child Exploitation
Prevention and Interdiction every two years.2 Further, experts have highlighted several
immediate steps law enforcement agencies can take to increase their ability to use digital
evidence, beyond stopping 

Rather than focusing the government?s resources on reducing the backlog of CSAI reports
from tech companies or implementing the reforms required by law and recommended by
experts, you have launched a misguided public campaign to pressure Facebook to abandon a
cybersecurity upgrade. Facebook announced in January that it intends to upgrade its
Instagram and Messenger services with the same form of default that its
WhatsApp service has used since 2016. This technology, known as the Signal
Protocol, was developed in 2014 by US. government-funded researchers, who first included
it in Signal, a US. government funded app that is popular with cybersecurity experts, policy
makers,journalists, and human rights organizations.

1

Every day, government of?cials in the White House, and Congress use end?to-end
messaging apps like Signal and WhatsApp to protect their unclassi?ed
communications. The popularity ofthese apps among policy makers is not su1.p1ising The
Depa1tment of Homeland Secu11ty 1evealed last summe1 that it discovered cell phone spying
devices heal the White House and othe1 sensitive locations In Washington, D. C.4 Likewise,
in Senate testimony last year, William Evanina, the top counter- intelligence of?cial 1n the
Of?ce ofthe Director ofNational Intelligence, recommended that government of?cials
their unclassi?ed telephone conversations.5

If senior government of?cials in Washington, DO have opted to secure their
communications with end-to-end why should the conversations ofmillions of
law-abiding Americans using lnstagram and Facebook Messenger not also be protected from
hackers?

The public relations campaign to prevent Americans from having the same level of
cybersecurity protections as government of?cials is notjust hypocritical, but it has been
repeatedly criticized by and other leading cybersecurity experts. These
technical experts have made it clear that weakening to enable law enforcement
access will unnecessarily expose Americans? communications to hacking by criminals and
foreign spies. Moreover, if Faccbook does bow to your pressure campaign, CSAI predators
will simply move to foreign platforms that refuse to cooperate with US. law enforcement
and are outside ofthe ju1isdiction of cm laws and Shifting the p1oblem of CSAI to
platf01ms operated by f01eign companies or ope1ating on the den web would only damage
our government? 5 ability to 1espond to the CSAI epidemic.

Aside from cybersecurity experts,7 the list of people who oppose backdoors includes many
former intelligence and military leaders, including Mike McConnell, former Director ofthe
National Security Agency and former Director ofNational Intelligence; Michael Chertoff,
former Homeland Security Secretary; James Baker, former General Counsel of the Federal
Bureau of Investigation, William Lynn, former Deputy Defense Secretary; and Michael
Hayden, former Director of the National Security Agency and former Director of the Central
Intelligence Agency.8

We share your concern about CSAI and commit to providing the DOJ with the resources
necessary to investigate and prosecute the criminals who create, distribute, and download this
material. However, we urge you to stop demanding that private companies purposefully
weaken their for the false pretense of protecting children.

Most gratefully,

@15an I on

An ?shoo - Ron Wyden
Membe1 of Congless US. Senator

 

Elie Bursztein eta1., ?Rethinking the Detection of Child Sexual Abuse Imagery on the Internet,? in
?19 (The World Wide Web Conference, San Francisco, CA, USA, 2019),


2 Rep. Debbie Wasserman Schultz, ?Letter to Attorney General Barr and Deputy Attorney General Rosen,?
August 5, 2019, 85 9?wasserman-schultz-Ietter-
fu11.pdf; Keller and Dance (?Some of the strongest provisions of the
law were not ful?lled, and many problems went unfixed, according to interviews and government
documents?).

3 William A. Carter and Jennifer C. Daskal, ?Low-Hanging Fruit: Evidence-Based Solutions to the Digital
Evidence Challenge? (Center for Strategic International Studies, July 2018),

Bruce Schneier, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World (W. W.
Norton Company, 2018), chap. 9.

4 Sean Gallagher, Found Evidence of Cell Phone Spying near White House,? Al's Teclmica, June I,
2018, 
near-white-housel.

5 ?Nomination of William R. Evanina to Be Director of National Counterintelligence and Security Center,?
U.S. Senate Select Committee on Intelligence (May 15,2018),



6 John DeLong et al., ?Don?t Panic: Seeking Points of Agreement on the ?Going Dark? Debate? (Berkman
Center for Internet Society at Harvard University?s Berklett Cybersecurity Project, February 1, 2016),


7 Harold Abelson et al., ?Keys under Doormats: Mandating Insecurity by Requiring Government Access to
All Data and Communications,? Journal of Cybersecurily 1, no. 1 (September 1, 2015): 6949,
Joseph Marks, ?The Cybersecurity 202: Experts Slam ustice?s
Move to Make Child Exploitation the Face of Push,? Washington Post, October 8, 2019,
19/ 0l08/the-



8 Mike McConnell, Michael Chertoff, and William Lynn, ?Why the Fear over Ubiquitous Data 
Is Overblown,? Washington Post, July 28, 2015, 
15/07/28/3d145952-324e-1 Torn
Ashbrook, ?Michael Hayden: America Is Safer With End-To-End WBUR ?5 On Point, March
1, 2016,