- Minions memes are more popular than the far-right on Telegram 3 Years Ago
- ‘Best of Nextdoor’ reveals the true insanity of modern life 3 Years Ago
- How to watch ‘Jeopardy’ for free Today 7:00 AM
- There’s a water bottle hiding in the ‘Game of Thrones’ finale Today 6:46 AM
- What happens to Disney’s Loki TV series after ‘Avengers: Endgame’? Today 6:30 AM
- Brienne writing Jaime’s history is the best meme from the ‘Game of Thrones’ finale Today 6:25 AM
- How to stream live TV on PlayStation 4 Today 6:00 AM
- How to watch Disney XD online for free Today 5:30 AM
- Who survived the ‘Game of Thrones’ series finale? Sunday 10:21 PM
- Justin Bieber fans are damaging one of Iceland’s top tourist spots Sunday 1:28 PM
- James Charles drops 41-minute response video to Tati Westbrook’s accusations Sunday 1:15 PM
- Watch what happens when this Twitch streamer quits his job on camera Sunday 12:25 PM
- Men are finally sharing their abortion stories Sunday 10:58 AM
- Netflix’s ‘Maria’ is a trigger-happy B-movie Sunday 9:07 AM
- How to stream Money in the Bank 2019 for free Sunday 9:00 AM
FTC commissioner: Mandating encryption backdoors ‘is a terrible idea’
Terrell McSweeny said that encryption would soon become even more vital as smart devices proliferated.
An FTC commissioner on Tuesday urged lawmakers, law-enforcement officials, and businesses to think more broadly about encryption and its security benefits amid a heated debate about police access to encrypted data.
Speaking at a briefing on Capitol Hill hosted by technology trade group the Internet Association, Commissioner Terrell McSweeny, whose agency regularly fines companies for misleading security claims under consumer-protection laws, said that the narrow framing of the ongoing “crypto wars” left out many of the reasons to care about encryption.
As the Internet of Things becomes more pervasive, she said, consumers will start to care more about how companies protect their data—and companies will need to focus more on whether and how they’re using encryption.
McSweeny’s comments came as Congress considers several bills aimed at addressing law enforcement complaints about unbreakable encryption.
“I think mandating backdoors is a terrible idea.”
For years, police and intelligence officials have sparred with security researchers and civil-society advocates over whether tech companies should be able to deploy end-to-end encryption that they cannot break for investigators. Silicon Valley firms, desperate to maintain customer trust after the Edward Snowden revelations about industry cooperation with NSA mass surveillance, despise the idea of designing so-called “backdoors” into their encryption to guarantee their ability to comply with warrants for user data.
In her remarks on Tuesday, McSweeny clearly backed the technology community’s position.
“I think mandating backdoors is a terrible idea,” said McSweeny, who also called encryption “one of our best tools” and vital to the “future [of] privacy in a heavily digitized world.”
The Federal Trade Commission has fined companies for misleading customers about their strength of their products’ encryption. In February, router maker ASUS settled with the FTC over charges that it had promised to protect customers’ networks from viruses despite leaving “critical security flaws” unpatched. As part of the settlement, ASUS agreed to FTC security audits for the next 20 years.
McSweeny suggested that, absent more comprehensive data-security legislation, this would remain the point of the agency’s regulation spear on encryption. And she said that ASUS was “not alone” in having security issues meriting FTC scrutiny. “One might expect that there will be more enforcement cases forthcoming in that sector,” she said.
Citing the uneven implementation of security measures by companies selling Internet-connected devices, McSweeny observed that, as people learned more about encryption, they would begin to demand it in the gadgets they bought. The best way for companies to build trust with potential customers, she said, was to embrace the strongest encryption available.
“Increased connectivity is awesome,” McSweeny said in her talk with Ellen Schrantz, the Internet Association’s director of government affairs, “but we are increasingly connecting a lot of very important parts of our lives to different technologies that have really wide ranges of security practices associated with them.”
Tech companies will reap concrete benefits from encryption, she said. By collecting and analyzing encrypted data sets, they will be able to understand the movement of traffic across their networks without raising privacy concerns (because the data will be anonymized).
There are obvious reasons why companies that jump into the Internet of Things space would want to use encryption. Imagine, McSweeny said, if a hacker could flood the server controlling a smart light bulb with garbage traffic—a technique known as a distributed denial-of-service (DDoS) attack—and cause it to overload, physically endangering anyone nearby.
As more and more in-home devices connect not only to the Internet but also to each other, the avenues for a total digital takeover of smart home technology increases, because each system in the network has its own security vulnerabilities.
McSweeny pointed out that strong encryption in the Internet of Things was particularly important given the short update windows for smart gadgets. Whereas an older toaster might last someone 15 years and they wouldn’t think about replacing it until it broke, smart toasters will only receive security updates from their manufacturers for a few years before being cut off—at which point the idea of a toaster getting a virus becomes a real possibility.
The FTC, she said, had to make sure that smart device makers clearly informed consumers about their products’ update windows.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.