- Review: ‘Sekiro: Shadows Die Twice’ is a cut above the rest 3 Years Ago
- Where do 2020 Democratic candidates stand on healthcare? Today 7:30 AM
- How to (legally) stream live TV on Kodi Today 7:00 AM
- ‘Delhi Crime’ tackles inequality and women’s rights Today 7:00 AM
- How to watch the 2019 STP 500 at Martinsville Speedway for free Today 6:00 AM
- These high school theater kids put on a totally awesome ‘Alien’ play Saturday 3:59 PM
- Behold these photos of Elon Musk, but with Elizabeth Holmes’ eyes Saturday 3:11 PM
- Barbra Streisand gets canceled over remarks about Michael Jackson’s alleged victims Saturday 2:09 PM
- Report: Florida man raped Texas teen after posing as Instagram celeb Saturday 12:14 PM
- Lori Loughlin’s daughters, Olivia and Isabella, could be banned from USC forever Saturday 11:46 AM
- ‘Starfish’ is a heartbreaking tale of BFFs, grief, and apocalyptic alien invasions Saturday 10:35 AM
- How to stream UFC Fight Night 148 for free Saturday 10:00 AM
- The kids are making scantron memes instead of studying Saturday 9:29 AM
- Every installment of Hulu’s ‘Into the Dark,’ ranked Saturday 6:00 AM
- The internet is mocking Robert Mueller’s report deadline Friday 7:53 PM
FTC commissioner: Mandating encryption backdoors ‘is a terrible idea’
Terrell McSweeny said that encryption would soon become even more vital as smart devices proliferated.
An FTC commissioner on Tuesday urged lawmakers, law-enforcement officials, and businesses to think more broadly about encryption and its security benefits amid a heated debate about police access to encrypted data.
Speaking at a briefing on Capitol Hill hosted by technology trade group the Internet Association, Commissioner Terrell McSweeny, whose agency regularly fines companies for misleading security claims under consumer-protection laws, said that the narrow framing of the ongoing “crypto wars” left out many of the reasons to care about encryption.
As the Internet of Things becomes more pervasive, she said, consumers will start to care more about how companies protect their data—and companies will need to focus more on whether and how they’re using encryption.
McSweeny’s comments came as Congress considers several bills aimed at addressing law enforcement complaints about unbreakable encryption.
“I think mandating backdoors is a terrible idea.”
For years, police and intelligence officials have sparred with security researchers and civil-society advocates over whether tech companies should be able to deploy end-to-end encryption that they cannot break for investigators. Silicon Valley firms, desperate to maintain customer trust after the Edward Snowden revelations about industry cooperation with NSA mass surveillance, despise the idea of designing so-called “backdoors” into their encryption to guarantee their ability to comply with warrants for user data.
In her remarks on Tuesday, McSweeny clearly backed the technology community’s position.
“I think mandating backdoors is a terrible idea,” said McSweeny, who also called encryption “one of our best tools” and vital to the “future [of] privacy in a heavily digitized world.”
The Federal Trade Commission has fined companies for misleading customers about their strength of their products’ encryption. In February, router maker ASUS settled with the FTC over charges that it had promised to protect customers’ networks from viruses despite leaving “critical security flaws” unpatched. As part of the settlement, ASUS agreed to FTC security audits for the next 20 years.
McSweeny suggested that, absent more comprehensive data-security legislation, this would remain the point of the agency’s regulation spear on encryption. And she said that ASUS was “not alone” in having security issues meriting FTC scrutiny. “One might expect that there will be more enforcement cases forthcoming in that sector,” she said.
Citing the uneven implementation of security measures by companies selling Internet-connected devices, McSweeny observed that, as people learned more about encryption, they would begin to demand it in the gadgets they bought. The best way for companies to build trust with potential customers, she said, was to embrace the strongest encryption available.
“Increased connectivity is awesome,” McSweeny said in her talk with Ellen Schrantz, the Internet Association’s director of government affairs, “but we are increasingly connecting a lot of very important parts of our lives to different technologies that have really wide ranges of security practices associated with them.”
Tech companies will reap concrete benefits from encryption, she said. By collecting and analyzing encrypted data sets, they will be able to understand the movement of traffic across their networks without raising privacy concerns (because the data will be anonymized).
There are obvious reasons why companies that jump into the Internet of Things space would want to use encryption. Imagine, McSweeny said, if a hacker could flood the server controlling a smart light bulb with garbage traffic—a technique known as a distributed denial-of-service (DDoS) attack—and cause it to overload, physically endangering anyone nearby.
As more and more in-home devices connect not only to the Internet but also to each other, the avenues for a total digital takeover of smart home technology increases, because each system in the network has its own security vulnerabilities.
McSweeny pointed out that strong encryption in the Internet of Things was particularly important given the short update windows for smart gadgets. Whereas an older toaster might last someone 15 years and they wouldn’t think about replacing it until it broke, smart toasters will only receive security updates from their manufacturers for a few years before being cut off—at which point the idea of a toaster getting a virus becomes a real possibility.
The FTC, she said, had to make sure that smart device makers clearly informed consumers about their products’ update windows.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.