- New bill wants tech companies to tell you how much your data is worth 4 Years Ago
- AOC has the best response to Steve King’s ‘concentration camp’ criticism 4 Years Ago
- Did Jake Paul and Tana Mongeau just get engaged? Today 9:26 AM
- Leaked documents reveal all the ‘red flags’ about Trump officials Today 9:02 AM
- Elon Musk, who wants to colonize space, thought the moon was Mars Today 8:56 AM
- How to watch ‘Legion’ for free Today 8:46 AM
- Netflix’s ‘Bolívar’ reduces hero’s tale to irredeemable melodrama Today 8:18 AM
- How to watch the U.S. vs. Spain at the World Cup for free Today 7:55 AM
- How to watch ‘The Hills: New Beginnings’ for free Today 7:40 AM
- Inside the pornographic video game that took Kickstarter by storm Today 7:00 AM
- Why everyone wants to debate AOC, and no one wants to debate Ilhan Omar Today 6:30 AM
- How to watch the Trvl Channel online for free Today 5:30 AM
- Are we going to get a ‘Community’ movie on Netflix? Sunday 2:46 PM
- Kmitting social network bans all posts supporting Trump and his administration Sunday 2:07 PM
- YouTube is testing hiding its comments section Sunday 1:23 PM
Weakening encryption won’t solve ‘going dark,’ so why does the FBI want it?
Sparks flew at this week’s Senate Judiciary Committee’s hearing on FBI oversight—especially around the topic of encryption. Among other topics, the hearing covered the efficacy of a policy to mandate encryption backdoors and the security implications of such a scheme. FBI Director James Comey made some surprising statements that will likely change the backdoor debate, if not end it altogether—eventually.
One of the most notable exchanges was between Comey and Sen. Mike Lee (R-Utah), where the senator pointed out that even if the United States outlawed unbreakable encryption, criminals and terrorists would still be able to obtain it from foreign developers and manufacturers, and so outlawing end-to-end encryption in the U.S. would not solve the “going dark” problem. Comey’s response was clear: “That’s right…there’s no way we solve this entire problem. Encryption is always going to be available to the sophisticated user.”
He then rolled back his admission, arguing that requiring a backdoor in the U.S., especially if done in coalition with other countries, would “solve a big chunk” of the problem. But that just doesn’t square with reality. His biggest concern is with sophisticated criminals and terrorists going dark, and yet he’s already acknowledged that anyone who is motivated to will always be able to access strong encryption, regardless of what U.S. or international policies are.
There are simply too many open-source encryption options available on the Internet that could be accessed regardless of a mandated backdoor. No international coalition short of a global ban on encryption would do the job—and it’s far from clear how such a ban would ever be implemented. The toothpaste is out of the tube, and has been for millennia. So in the end, the biggest effect that undermining encryption will have is to expose average citizens – possibly around the world—to cyber threats and crimes that they might have otherwise been protected from.
When you boil it all down, encryption is just math, and you can’t outlaw math.
Comey also spent a lot of time during the hearing objecting to the term “encryption backdoor.” This is a red herring complaint—he doesn’t like the optics of asking for a “backdoor,” but it’s important to be clear on this point, it doesn’t matter what you call it—backdoors, front doors, golden keys, exceptional access, or a magic rainbow unicorn key—it always boils down to the same thing: a vulnerability in encryption.
This is why it was so surprising when Comey proclaimed that his extensive conversations with the tech industry had left him sure that creating law enforcement access to encrypted communications (building a backdoor) is “not a technical issue.” This is completely contradictory to what technical experts have been saying for decades.
Cryptographers settled this question during the Crypto Wars of the’90s and revisited it after Comey reinstigated the debate over Apple’s and Google’s announcements that they would provide default encryption on their smartphones to protect any data stored on them. Some of the world’s leading cryptographers again investigated whether it was technically possible to securely create access for law enforcement to encrypted communications without also creating a means of access for unintended parties, such as hackers or nation-state actors.
Their award-winning paper came to an unequivocal conclusion: “The damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago,” because of how dependent our economy and everyday lives are on the Internet and on encryption. The effects of weakening encryption would be devastating.
No government policy that prohibits companies from providing end-to-end encrypted devices or services to their customers will keep strong encryption out of the hands of the public. Terrorists, criminals, or just an average Joe or Jane who is worried about their security and privacy will still be able to access and use end-to-end encryption because of the nature and ubiquity of the Internet—and the fact that when you boil it all down, encryption is just math, and you can’t outlaw math.
This begs the question: Why weaken the security of everyone if it fails to solve the problem Comey is attempting to address?
To be clear though, while this issue seems like it should have been put to bed ages ago, we’re not done with it yet. Sen. Dianne Feinstein (D-Calif.), the vice chair on the Select Committee on Intelligence, announced that she and Sen. Richard Burr (R-N.C.) will be introducing some kind of encryption legislation next year. So suffice it to say, anyone who cares about their privacy and security should keep their eyes peeled.
Robyn Greene is the policy counsel for the Open Technology Institute at New America Foundation specializing in issues concerning surveillance and cybersecurity. Prior, she worked at the American Civil Liberties Union’s Washington legislative office, where she focused on legislation and administration policies concerning surveillance, cybersecurity, government secrecy, and federal law enforcement oversight, and also ran issue-based grassroots advocacy campaigns with Grassroots Campaigns, on behalf of non-profit organizations including Amnesty International and the ACLU. She earned a B.A. in government and politics at the University of Maryland, and a J.D. from Hofstra University School of Law.
Image via Magharebia/Flickr (CC BY 2.0)