- Amanda Holden’s bad coronavirus advice sheds light on the struggle of being immunocompromised Friday 9:03 PM
- The World Health Organization is now fighting coronavirus misinformation on TikTok Friday 8:43 PM
- Police are using coronavirus misinformation to trick people into turning in drugs Friday 8:11 PM
- People can’t stop touching their faces–and the CDC really wants them to Friday 7:31 PM
- A TikTok of a girl getting an abortion is going viral—and the internet is divided Friday 3:06 PM
- FCC proposes $200 million fine for T-Mobile, others over data sharing Friday 3:03 PM
- Which ‘Love is Blind’ couples are still together? Friday 2:01 PM
- Review: ‘The Invisible Man’ reboot is thrilling but basic Friday 1:25 PM
- Sex workers speak out after OnlyFans leak Friday 1:21 PM
- Normani addresses Camila Cabello’s racist social media posts Friday 1:07 PM
- Mike Huckabee’s defense of Trump’s coronavirus response will make you nauseous Friday 12:06 PM
- Gmail’s email filtering may affect what candidate emails you are seeing Friday 11:08 AM
- Woman shares aftermath of domestic abuse: ‘This is only to raise awareness’ Friday 10:40 AM
- Skai Jackson gets restraining order against Bhad Bhabie after death threat Friday 10:19 AM
- Taylor Swift shades Scooter Braun in ‘The Man’ video Friday 10:15 AM
An FTC commissioner on Tuesday urged lawmakers, law-enforcement officials, and businesses to think more broadly about encryption and its security benefits amid a heated debate about police access to encrypted data.
Speaking at a briefing on Capitol Hill hosted by technology trade group the Internet Association, Commissioner Terrell McSweeny, whose agency regularly fines companies for misleading security claims under consumer-protection laws, said that the narrow framing of the ongoing “crypto wars” left out many of the reasons to care about encryption.
As the Internet of Things becomes more pervasive, she said, consumers will start to care more about how companies protect their data—and companies will need to focus more on whether and how they’re using encryption.
McSweeny’s comments came as Congress considers several bills aimed at addressing law enforcement complaints about unbreakable encryption.
“I think mandating backdoors is a terrible idea.”
For years, police and intelligence officials have sparred with security researchers and civil-society advocates over whether tech companies should be able to deploy end-to-end encryption that they cannot break for investigators. Silicon Valley firms, desperate to maintain customer trust after the Edward Snowden revelations about industry cooperation with NSA mass surveillance, despise the idea of designing so-called “backdoors” into their encryption to guarantee their ability to comply with warrants for user data.
In her remarks on Tuesday, McSweeny clearly backed the technology community’s position.
“I think mandating backdoors is a terrible idea,” said McSweeny, who also called encryption “one of our best tools” and vital to the “future [of] privacy in a heavily digitized world.”
The Federal Trade Commission has fined companies for misleading customers about their strength of their products’ encryption. In February, router maker ASUS settled with the FTC over charges that it had promised to protect customers’ networks from viruses despite leaving “critical security flaws” unpatched. As part of the settlement, ASUS agreed to FTC security audits for the next 20 years.
McSweeny suggested that, absent more comprehensive data-security legislation, this would remain the point of the agency’s regulation spear on encryption. And she said that ASUS was “not alone” in having security issues meriting FTC scrutiny. “One might expect that there will be more enforcement cases forthcoming in that sector,” she said.
Citing the uneven implementation of security measures by companies selling Internet-connected devices, McSweeny observed that, as people learned more about encryption, they would begin to demand it in the gadgets they bought. The best way for companies to build trust with potential customers, she said, was to embrace the strongest encryption available.
“Increased connectivity is awesome,” McSweeny said in her talk with Ellen Schrantz, the Internet Association’s director of government affairs, “but we are increasingly connecting a lot of very important parts of our lives to different technologies that have really wide ranges of security practices associated with them.”
Tech companies will reap concrete benefits from encryption, she said. By collecting and analyzing encrypted data sets, they will be able to understand the movement of traffic across their networks without raising privacy concerns (because the data will be anonymized).
There are obvious reasons why companies that jump into the Internet of Things space would want to use encryption. Imagine, McSweeny said, if a hacker could flood the server controlling a smart light bulb with garbage traffic—a technique known as a distributed denial-of-service (DDoS) attack—and cause it to overload, physically endangering anyone nearby.
As more and more in-home devices connect not only to the Internet but also to each other, the avenues for a total digital takeover of smart home technology increases, because each system in the network has its own security vulnerabilities.
McSweeny pointed out that strong encryption in the Internet of Things was particularly important given the short update windows for smart gadgets. Whereas an older toaster might last someone 15 years and they wouldn’t think about replacing it until it broke, smart toasters will only receive security updates from their manufacturers for a few years before being cut off—at which point the idea of a toaster getting a virus becomes a real possibility.
The FTC, she said, had to make sure that smart device makers clearly informed consumers about their products’ update windows.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.