In the wake of the Paris terrorist attacks, national security officials in the Western world have stepped up their demands to break or block encryption.
This has created the appearance of a debate on the subject of encryption, when that’s not true at all. In reality there’s just a demand being made by intelligence agencies that almost no expert outside of those directly serving government interests has endorsed.
“The threat posed to us by the group called ISIL, the so-called Islamic State, which, in the United States we talk about what they’ve been doing here, the recruiting through social media, if they find a live one, they move them to Twitter direct messaging. Which we can get access to through judicial process,” FBI Director James Comey said when making the case for access to encrypted data in November.
“But if they find someone they think may kill on their behalf, or might come and kill in the caliphate, they move to a mobile messaging app that’s end-to-end encrypted.”
Comey did acknowledge that encryption offers important privacy protections for individuals and businesses — but, to him, the life-and-death security needs of the government require that those concerns be made secondary.
It’s an emotional argument — that has been recently been backed up by unconfirmed reports that the Paris attackers likely used encrypted technology through the apps WhatsApp and Telegram.
Comey responded to these reports by saying that “the use of encryption is at the center of terrorist trade craft.”
In other words, if you don’t give us access to encrypted data, you’re abetting terrorism.
No one wants blood on their hands — or their app. That’s what makes the government’s demand so tough to resist. Still, some of the most powerful people in technology have stated that they’re willing to stand up to this tough talk.
Apple’s CEO Tim Cook has articulated the general consensus of most tech experts: You can’t give back doors only to the good guys.
“Once an encryption system is breached, a cascade of other actors, from malevolent hackers to foreign dictatorships like China and Russia will waltz through that backdoor, either by hacking or by enacting laws requiring that U.S. companies provide them the same access provided to American agencies,” Walt Mossberg explained.
“Even without a backdoor, there are still many avenues that authorities can use to track terrorists,” he added.
These methods don’t require giving up the a crucial defense from cyber-espionage in an era when digital spying by governments is proliferating.
“Practically every expert agrees that cryptographic backdoors imperil security, and no amount of ‘cybering harder’ will change this,”Nicholas Weaver wrote. “Yet even though encryption technology can be used to deny an investigator’s access to a suspect’s information, its existence doesn’t mean that police forces are powerless.”
He points out that law enforcement still has it within its power to track suspects’ “behavior, movements and associates without having to ever worry about the effects of cryptography.”
He notes: “There is near universal agreement that it is practically impossible to add in a ‘lawful access’ backdoor without weakening every user’s security. The government has powerful tools already at its disposal. Do we need to provide it with more?”
The urge to seize any tool at your disposal when you’re charged with the protection of the public may be understandably strong, but many ex-intelligence officials have spoken out to insist that urge be restrained.
Former NSA head Mike McConnell demanded that encryption be broken in the 1990s. He didn’t get what he wanted and now he’s glad.
“Technology will advance, and you can’t stop it,” he said. “Learn how to deal with it.”
Former Director of Homeland Security under George W. Bush called the demand to break end-to-end encryption “misguided,” adding that “it’s always been the case that in a free society you have less than perfect ability to detect people who do bad things.”
Every room in the world cannot be tapped — and even if this were possible, how would all of that data be made useful? Some degree secrecy will always exist, by law or by obscurity.
If the U.S gives intelligence agencies the keys to its encryption, it will simply drive “the market away from them,” said former CIA Director Michael Hayden. America would end up with the “worst of all worlds: there will be unbreakable encryption — it just won’t be made by American firms.”
Simply put: Encryption will always exist.
“Encryption is simply math,” Jon Evans wrote. “You cannot ban math. You cannot stop math.”
Our Mikko Hyppönen summed up the situation this way, “Banning encryption as an anti-terror measure would work just as well as simply banning terrorism.”
This is not debatable. It’s a fact.
It’s also a fact that governments can demand that specific encryption in specific services be broken. That would be a win for bad governments and a huge blow to the technology industries in these countries.
But it wouldn’t happen because the government had won the debate. It would happen because they ignored the facts.
[Image by Yuri Samoilov | Flickr]
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018