- #ICEBae is reportedly a Democrat–and she has some things to get off her chest Tuesday 8:45 PM
- Fans are stoked that Taika Waititi is back to direct ‘Thor 4’ Tuesday 7:22 PM
- Sacha Baron Cohen thanks ‘co-stars’ Dick Cheney, Sarah Palin for making Emmy nominations possible Tuesday 6:43 PM
- Roger Stone barred from posting on all social media platforms Tuesday 6:03 PM
- The FaceApp challenge shows you how gracefully you’ll age Tuesday 5:16 PM
- Kylie Jenner opens up about her mental health in candid Instagram post Tuesday 4:38 PM
- Fans speculate wildly about Naomi Watts’ ‘Game of Thrones’ prequel role after leaked set photo Tuesday 3:54 PM
- New Jersey congressman joins House Democrats ‘Squad’ because of an Onion article Tuesday 3:09 PM
- Twitter begins rolling out new desktop redesign, and users aren’t happy Tuesday 1:54 PM
- Man asks his girlfriend to ‘unlove’ her ex—and people do not agree with him Tuesday 1:37 PM
- Relive a forgotten gem with the TurboGrafx-16 Mini console Tuesday 1:09 PM
- Judge says Daily Stormer founder must pay $14 million for harassing Jewish realtor Tuesday 1:01 PM
- Graphic depiction of suicide cut from Netflix’s ’13 Reasons Why’ Tuesday 12:55 PM
- Streaming titles seize 2019 Emmy nominations Tuesday 12:19 PM
- ‘Frankenstein’s Monster’s Monster, Frankenstein’ tries to find humor in bad actors Tuesday 12:02 PM
FTC commissioner: Mandating encryption backdoors ‘is a terrible idea’
Terrell McSweeny said that encryption would soon become even more vital as smart devices proliferated.
An FTC commissioner on Tuesday urged lawmakers, law-enforcement officials, and businesses to think more broadly about encryption and its security benefits amid a heated debate about police access to encrypted data.
Speaking at a briefing on Capitol Hill hosted by technology trade group the Internet Association, Commissioner Terrell McSweeny, whose agency regularly fines companies for misleading security claims under consumer-protection laws, said that the narrow framing of the ongoing “crypto wars” left out many of the reasons to care about encryption.
As the Internet of Things becomes more pervasive, she said, consumers will start to care more about how companies protect their data—and companies will need to focus more on whether and how they’re using encryption.
McSweeny’s comments came as Congress considers several bills aimed at addressing law enforcement complaints about unbreakable encryption.
“I think mandating backdoors is a terrible idea.”
For years, police and intelligence officials have sparred with security researchers and civil-society advocates over whether tech companies should be able to deploy end-to-end encryption that they cannot break for investigators. Silicon Valley firms, desperate to maintain customer trust after the Edward Snowden revelations about industry cooperation with NSA mass surveillance, despise the idea of designing so-called “backdoors” into their encryption to guarantee their ability to comply with warrants for user data.
In her remarks on Tuesday, McSweeny clearly backed the technology community’s position.
“I think mandating backdoors is a terrible idea,” said McSweeny, who also called encryption “one of our best tools” and vital to the “future [of] privacy in a heavily digitized world.”
The Federal Trade Commission has fined companies for misleading customers about their strength of their products’ encryption. In February, router maker ASUS settled with the FTC over charges that it had promised to protect customers’ networks from viruses despite leaving “critical security flaws” unpatched. As part of the settlement, ASUS agreed to FTC security audits for the next 20 years.
McSweeny suggested that, absent more comprehensive data-security legislation, this would remain the point of the agency’s regulation spear on encryption. And she said that ASUS was “not alone” in having security issues meriting FTC scrutiny. “One might expect that there will be more enforcement cases forthcoming in that sector,” she said.
Citing the uneven implementation of security measures by companies selling Internet-connected devices, McSweeny observed that, as people learned more about encryption, they would begin to demand it in the gadgets they bought. The best way for companies to build trust with potential customers, she said, was to embrace the strongest encryption available.
“Increased connectivity is awesome,” McSweeny said in her talk with Ellen Schrantz, the Internet Association’s director of government affairs, “but we are increasingly connecting a lot of very important parts of our lives to different technologies that have really wide ranges of security practices associated with them.”
Tech companies will reap concrete benefits from encryption, she said. By collecting and analyzing encrypted data sets, they will be able to understand the movement of traffic across their networks without raising privacy concerns (because the data will be anonymized).
There are obvious reasons why companies that jump into the Internet of Things space would want to use encryption. Imagine, McSweeny said, if a hacker could flood the server controlling a smart light bulb with garbage traffic—a technique known as a distributed denial-of-service (DDoS) attack—and cause it to overload, physically endangering anyone nearby.
As more and more in-home devices connect not only to the Internet but also to each other, the avenues for a total digital takeover of smart home technology increases, because each system in the network has its own security vulnerabilities.
McSweeny pointed out that strong encryption in the Internet of Things was particularly important given the short update windows for smart gadgets. Whereas an older toaster might last someone 15 years and they wouldn’t think about replacing it until it broke, smart toasters will only receive security updates from their manufacturers for a few years before being cut off—at which point the idea of a toaster getting a virus becomes a real possibility.
The FTC, she said, had to make sure that smart device makers clearly informed consumers about their products’ update windows.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.