An article appearing recently in The Verge makes yet another argument why creating encryption backdoors is a bad idea. The anxiety and concern are further corroborated an article on Vice’s Motherboard detailing a security breach of the voting records of millions of Americans to a dark website affiliated with a well-known cybercrime forum. Though the leaked information is not particularly sensitive, it underscores how easy it is to obtain data now – even before any weakening of security by backdoors takes place.
The article in holds much credence as it is written by Walt Mossberg, who displayed his national security chops as a correspondent for the prestigious Wall Street Journal on the national security beat, and who espouses sympathy for those in law enforcement who tread a fine-line on the national security/personal privacy issue. But while he commiserates with the plight of the FBI’s James Comey, he isn’t willing to capitulate on the premise that making it easier to identify terrorists by weakening encryption to a wholesale weakening of everyday, digital security for tens of millions of innocent citizen-users.
Consider, if you will for a second, whether requiring companies such as Google and Apple to allow backdoor encryption on their smartphones, when they can’t currently penetrate the encryption themselves, is even feasible. Why in heaven’s name would they destroy their successful business models that depend on users’ trust? It just doesn’t compute. Law enforcement agencies would gain only a temporary advantage. and the victory would become Pyrrhic, as the bad-guys caught up.
At present Apple and Google could not comply with a duly authorized and served warrant, even if they wanted to. To gain the necessary information, law enforcement would have to serve the individual phone user, who then would have to comply by handing over the password to unlock the secrets therein. This security feature is one reason the devices are so appealing. Comey, talking out of both sides of his mouth like the politician an FBI Director must be, acknowledges that,
“It is important for our global economy and our national security to have strong encryption standards. The development and robust adoption of strong encryption are a key tool to secure commerce and trade, safeguard private information, promote free expression and association, and strengthen cyber security.”
Yet, his behind-the-scene machinations belie that assertion, as he concurrently heaped praise on the 1994 Communications Assistance for Law Enforcement Act (CALEA) that directed telecommunications carriers to build products that complied with government surveillance requests.
In commenting on CALEA, Comey lamented that it was a little anachronistic, and not analogous or essentially applicable to the present digital climate because it “does not cover popular internet-based communications services such as email, internet messaging, social networking sites, or peer-to-peer services.” But that is precisely the point. The Internet has proliferated because of the popularity of such features, and they have increased in popularity lock-step with the enhancements to security that allows freedom to exchange information unimpeded and un-surveiled.
During the summer and before the most recent Paris attacks, the White House, via its agency cohorts, was typically tepid on the controversy, refusing to come out strongly for or against backdoors. Speaking what seemed to be the administration’s mind, former NSA director Mike McConnell joined former Homeland Security Secretary Michael Chertoff, and former Deputy Defense Secretary William Lynn to side against breaching encryption,
“We recognize the importance our officials attach to being able to decrypt a coded communication under a warrant or similar legal authority. But the issue that has not been addressed is the competing priorities that support the companies’ resistance to building in a backdoor or duplicated key for decryption. We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.”
But the above-noted Paris attacks, and a subsequent one in San Bernardino, CA, have raised the tone of the rhetoric, and reinvigorated the pro-backdoor crowd. The fact that there is no credible evidence that sophisticated encryption of the type the government would like to bypass was present in either attack, however, supports the argument against weakening encryption. In truth, much of the information gleaned in the Paris attacks was from unencrypted phone messages and standard GPS settings from the terrorist’s rented car. In short, law enforcement has many tools at their disposal already, it just needs to make more effective use of them. And, for the record, use of encryption by bad-guys as a sole means of evading detection is overblown.
Those who would saber-rattle about being blind if not allowed in through backdoors would do well to revisit history. In the 1990s law enforcement agencies pushed for a sort of escrowed decryption key called the “Clipper Chip.” The effort failed, and the former security leaders noted that,
“The sky did not fall, and we did not go dark and deaf. Law enforcement and intelligence officials simply had to face a new future. As witnesses to that new future, we can attest that our security agencies were able to protect national security interests to an even greater extent in the ’90s and into the new century.”
It’s time for them to buck-up, swallow hard, and do the same this time round, without destroying a free enterprise staple in the process.