The Public Eye with Eric Chabrow

Law Banning Default Encryption Unlikely

Critics Dismiss Law Enforcement's Plea for 'Backdoor'
Law Banning Default Encryption Unlikely
FBI Executive Assistant Director Amy Hess testifies before Congress.

Laws rarely, if ever, keep up with technology, but even if they could, the consequences could prove more harmful than the benefits.

See Also: How to Take the Complexity Out of Cybersecurity

That was evident at an April 29 hearing of the House Oversight and Government Reform Subcommittee on Information Technology that addressed the encryption - and security - of mobile devices.

Here's the problem the panel addressed that faces law enforcement: Encryption is the default setting for new Apple iPhone and Google Android mobile devices, meaning that law enforcement cannot gain access to encrypted data on the devices even if they have a search warrant. To gain access, the manufacturers would have to create a so-called "backdoor," and give law enforcement a special key to decrypt data on mobile devices. Without such a key, law enforcement could gain access only with the permission of the devices' owners, an unlikely scenario if the encrypted data contains incriminating evidence.

"We call it 'going dark,' and it means that those charged with protecting the American people aren't always able to access the information necessary to prosecute criminals and prevent terrorism even though we have lawful authority to do so," FBI Executive Assistant Director Amy Hess told lawmakers.

Backdoor Benefits

Hess furnished the subcommittee with examples on how accessing data enabled forensics experts to solve crimes, including kidnaping, false rape accusation and murder.

"Today's encryption methods are increasingly more sophisticated, and pose an even greater challenge to law enforcement," she said. "We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet or a laptop - evidence that may be the difference between an offender being convicted or acquitted - but we cannot access it."

Advocates of giving law enforcement a backdoor key include President Obama and FBI Director James Comey. At the Congressional hearing, Suffolk County (Mass.) District Attorney Daniel Conley voiced strong support: "The Fourth Amendment allows law enforcement access to the places where criminals hide evidence of their crimes, once the legal threshold has been met," Conley testified. "In decades past, these places were car trunks and safety deposit boxes; today they are computers and smartphones."

Questioning Motives of Apple, Google

Conley dismissed Apple's and Google's contention that the default encryption they offer on their devices safeguards consumers' privacy.

"Their nominal commitment to privacy rights would be far more credible if they were forbidding themselves access to their customers' interests, search terms and consumer habits, but as we all know, that's not a step they're willing to take," Conley said. "Instead, they're taking full advantage of their customers' private data for commercial purposes while building an impenetrable barrier around evidence in legitimate, court-authorized criminal investigations."

Hess and Conley make a somewhat sound argument. After all, police, with the proper court order, can break into filing cabinets to retrieve evidence. But the rules of the physical world don't always translate well into the virtual one. And other witnesses at the hearing made more compelling arguments for why creating an electronic backdoor is a very bad idea.

"Unfortunately, harsh technical realities make such an ideal solution [a backdoor] effectively impossible, and attempts to mandate one would do enormous harm to the security and reliability of our nation's infrastructure, the future of our innovation economy and our national security," said cryptographer Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania. "We just can't do what the FBI is asking without weakening our infrastructure."

Undermining U.S. Cybersecurity

Providing a backdoor would undermine America's cybersecurity. "While the FBI would have us believe that law enforcement alone will be privy to our sensitive data, history demonstrates that bad actors will always be ahead of the curve and find an avenue to manipulate those openings," said Jon Potter, president of Application Developers Alliance, a trade group. "As one well-regarded cryptographer said, 'You can't build a backdoor that only the good guys can walk through.'"

Creating a backdoor could potentially cost the American economy billions of dollars in lost business. Kevin Bankston, policy director of the think tank New America's Open Technology Institute, says a backdoor would give foreign users, including corporations and governments that especially rely on the security of technologies, even more incentive to avoid American wares and turn to foreign competitors. "To put it bluntly," he said, "foreign customers will not want to buy or use online services, hardware products, software products or any other information systems that have been explicitly designed to facilitate backdoor access for the FBI or the NSA."

Encryption Mitigates Risks

But the most compelling argument for retaining default encryption that's beyond the reach of law enforcement is that it makes everyone safer, especially on smartphones. "The vast amount of personal information on those devices makes them especially attractive targets for criminals aiming to commit identity theft or other crimes of fraud, or even to commit violent crimes or further acts of theft against the phone's owner," Bankston said.

"By taking this step for their customers and turning on encryption by default," he said, "mobile operating system vendors have completely eliminated the risk of those crimes occurring, significantly discouraged thieves from bothering to steal smartphones in the first place, and ensured that those phones' contents will remain secure even if they are stolen."

It's an argument that can persuade even the most ardent supporters of law enforcement and intelligence agencies. The subcommittee's chairman - freshman Republican William Hurd of Texas, a former undercover CIA agent and cybersecurity strategist, concluded the hearing by opposing offering law enforcement a backdoor. "I hold everyone in law enforcement and the intelligence community to a higher standard," he said. "Upholding civil liberties and civil rights are not burdens. They make all of us safer and stronger."



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.