Yottabytes: Storage and Disaster Recovery

Jul 26 2019   8:23PM GMT

Federal Government Trying to Mandate Encryption Back Doors Again

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
Encryption
privacy
Security

Here we go again. Federal governments are talking about encryption back doors.

Oh, excuse me. The latest term of art is “exceptional access,” which actually makes it sound sort of cool. But it’s a back door just the same.

As you may recall, governments have been concerned about encryption for as long as it’s been around. At one point in the U.S., it was actually classified as a munition. It came up again in the fall of 2014, when Google and Apple each released smartphones with encryption that even the respective vendors couldn’t break. Much handwringing on the part of law enforcement ensued, warning us of dire consequences such as pedophilia, terrorism, and so on.

Never mind the fact that plenty of bad guys, including terrorists in Brussels and France, don’t seem smart enough to use encryption in the first place.

Most recently, it came up in late July when US Attorney General William Barr, followed by US Attorneys Geoffrey Berman and Richard P. Donoghue the following day, to again call for government access to encrypted data.

“Although the cast of characters is new, Barr’s arguments echoed the same points Justice Department officials have been making for years: The government needs access to encrypted data, he says, or else devices are ‘law-free zones’ that hinder law enforcement officers,” writes Patrick Howell O’Neill in MIT Technology Review.

It’s not like this is a surprise. People have been expecting this since, oh, mid November 2016.

People with more sense, like German prosecutor Markus Hartmann, disagreed with his US counterparts, pointing that criminals and terrorists will simply turn to different services if a country like the US passes a law to bypass encryption, noting GitHub has plenty of examples, O’Neill writes.

Even former National Security Agency director Michael Hayden weighed in. “Not really,” he Tweeted in response to a Tweet quoting Barr as saying that Americans should accept the security risks of encryption back doors. According to Politico reporter Eric Geller, a number of three-letter government agencies have differing views of the proposal.

The U.S. isn’t alone. Countries such as Germany and Australia have also been looking at ways to outlaw encryption.

The most recent suggestion, from Ian Levy from the U.K.’s equivalent to the NSA, is that an encryption system between two people simply add a “ghost user” – that is, the government – to their conversation, which would give the government access to the conversation should they deem it necessary.

Security expert Jon Callas has a long (four part) series on the American Civil Liberties Union (ACLU) website explaining all the technical issues wrong with the proposal, while other security experts such as Bruce Schneier and Matthew Green have also weighed in on the proposal. The Electronic Frontier Foundation has issued at least three such rebuttals as well.

When the ACLU and Reason are both on the same side of an issue, you know it’s got to have problems.

Security experts such as Schneier have also pointed out that there’s no such thing as a back door that only good guys can use, and that any back door, no matter what you call it, is likely to be exploited by bad guys as well. That argument has worked in the past, and they are trying it on this technique as well, but it is unclear whether it will work this time.

Ironically, a number of government representatives, including President Donald Trump’s son-in-law Jared Kushner, Australian politicians, and members of Britain’s Parliament have all been said to use the encrypted messaging application WhatsApp to conduct government business. It is unclear whether they would continue to be able to do so if WhatsApp were made illegal or given a back door.

But Green people such as Matthew Green, who teaches cybersecurity at Johns Hopkins, pointed out that likely all we need is the cybersecurity equivalent of the Reichstag fire for legal encryption to go bye-bye. “But what they do have is time, and the inevitability that given enough of it, something terrible will happen to America on their watch,” he wrote on Twitter, which is apparently the place people make pronouncements these days. “And they’ll be able to push these proposals without the need for debate. That’s where we are, and it should scare you.”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: