Both the Federal Senate Judiciary Committee and the Senate Intelligence Committee heard today from FBI Director James Comey, and from Deputy Attorney General Sally Quillian Yates, that they need a backdoor (or a “front door”, as Comey calls it) that allows them to decrypt encrypted email and messages in order to fight terrorism.
Companies that offer email and messaging services with encryption generally have no way themselves to decrypt their customers encrypted data. For example, starting with Apple’s latest iOS, iOS 8, says Apple:
For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.
Google has announced that it will be rolling out something similar.
What this means is that nobody will be able to access the encrypted data other than the user themselves, and anyone to whom they grant access.
Now this, generally speaking, is what you, as a user, want from your encryption.
But the problem with this from a law enforcement perspective is that it means that there is no way – even with a warrant (which generally means that you have proven to a judge that there is a need) – to gain access to those messages. Because even with a warrant, the company (such as Apple) has no way to decrypt the messages. It’s not that they don’t want to – it’s that they can’t.
So this is why Comey and Yates are in front of the Senate committees, asking for tech companies to please build a backdoor into their encryption schemes, so that if they come with a warrant, they can read the messages of the bad guys.
Comey notes ISIS is already using apps that offer end-to-end encryption, such as WhatsApp, and that without a way to decrypt these messages it’s a serious issue in the effort to keep our homelands secure.
|We know you're sick of ads on websites. But we still need to pay to keep the lights on for you. So instead of huge ads and video ads, we use smaller, plainer ads. Still, if you'd like to support the Internet Patrol but not the ads, please consider supporting us here:|
For instance, points out Comey, the ISIS Twitter account has more than 21,000 English-speaking followers, and that when a follower seems a likely recruit, they are given directions to move to an encrypted mobile messaging app.
However both the tech community, and many lawmakers, point out that creating a backdoor to encryption means that there is a door, a door which hackers and bad guys can also exploit.
In fact, during the testimony, Senator Leahy of Vermont noted that “creating special access for law enforcement would still introduce into the digital space significant security weaknesses at a time when we need the strongest possible cybersecurity.”
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
In response to the Feds requesting backdoor access – or as some call it “exceptional access” – a group of computer scientists and cybersecurity experts including no less than Whit Diffie have published a document entitled Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, outlining the near impossibility of creating exceptional access which won’t be exploitable by someone, somewhere. The summary explains:
As computer scientists with extensive security and systems experience, we believe that law enforcement has failed to account for the risks inherent in exceptional access systems. Based on our considerable expertise in real-world applications, we know that such risks lurk in the technical details. In this report we examine whether it is technically and operationally feasible to meet law enforcement’s call for exceptional access without causing large-scale security vulnerabilities. We take no issue here with law enforcement’s desire to execute lawful surveillance orders when they meet the requirements of human rights and the rule of law. Our strong recommendation is that anyone proposing regulations should first present concrete technical requirements, which industry, academics, and the public can analyze for technical weaknesses and for hidden costs.”
As the authors point out, this isn’t their first rodeo – some of you may recall essentially the same debate over the proposed Clipper Chip – a debate on encryption and decryption for government need which happened nearly 20 years ago, and which ended with the Clipper Chip proposals dying on the vine.
But, says Comey, there has to be some solution, somehow, that allows law enforcement agencies to access those conversations between, for example, ISIS and Americans who are being radicalized and are involved in plots to do harm, even on U.S. soil.
Says Comey, in a post this week on the Lawfare blog, “When the government’s ability—with appropriate predication and court oversight—to see an individual’s stuff goes away, it will affect public safety. That tension is vividly illustrated by the current ISIL threat, which involves ISIL operators in Syria recruiting and tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment.”
Clearly these are weighty issues, and there is no easy solution.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!