Encryption is coming to mobile devices as a default, but government agencies and police officials want to have backdoor access. The debate has become a storm.
The storm broke some weeks ago when both Apple and Google announced that it’s time for their smart phone devices to go default on data encryption. That means that if you are a user of iOS 8, your phone will not only be automatically encrypted, but also Apple would not hold the keys to iOS 8 data encryption and so couldn’t pass on users data no matter how much law enforcers might want it. Google still has not revealed specifics like Apple, but probably the company will do the same.
This move that was welcomed by digital civil liberties organizations, created a chorus of lawmakers and law enforcers reacting with a cry. Outgoing US attorney general Eric Holder, speaking on the same subject, asked people to think of the children, saying child predators could use the encryption settings in mobile platforms to evade authorities and hide illegal images and content on their devices from law enforcement. FBI Director James Comey, meanwhile, was so upset by the move that he said it would make it impossible to save children from kidnappers. He also bemoaned the fact that law enforcement would not be able to gain access to "a terrorist's device". The top cop of Europe, Troels Oerting, The Europol Assistant Director and head of European Cybercrime Centre (EC3), joined the cry. “Irreversible encryption will make it very difficult - maybe even impossible - for law enforcement to obtain evidence and I am not sure this reality is clear to all,” he said.
This is not the first time we’ve witnessed those howls of alarm. In 2010, the FBI was seriously hinting that it was going to try to mandate that all communications systems be easily wiretappable by mandating "back doors" into any encryption systems.
“They can promise strong encryption. They just need to figure out how they can provide us plain text”. Said FBI General Counsel Valerie Caproni, this view is rooted deep in the FBI. Back in 1995, FBI Director Louis Freeh said: “We’re in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge's authority where we can get there if somebody is planning a crime."
More Harm than Good
So that’s what we’re hearing all the time and probably will hear more in the future. The need for security is greater than the need for privacy. But are back doors the proper solution or do they cause more harm than good?
Computer security expert Steven Bellovin has explained some of the problems. First, it's hard to secure communications properly even between two parties. Cryptography with a back door adds a third party, requiring a more complex protocol, and as Bellovin puts it: "Many previous attempts to add such features have resulted in new, easily exploited security flaws rather than better law enforcement access." More recently, as security researcher Susan Landau explains:
"[...] an IBM researcher found that a Cisco wiretapping architecture designed to accommodate law-enforcement requirements — a system already in use by major carriers — had numerous security holes in its design. This would have made it easy to break into the communications network and surreptitiously wiretap private communications”.
Another problem is that It won't stop the bad guys. Users who want strong encryption will be able to get it — from Germany, Finland, Israel, and many other places in the world where it's offered for sale and for free. And to top it all, the US government hasn't shown that encryption is a problem. How many investigations have been thwarted or significantly harmed by encryption that could not be broken? In 2009, the government reported only one instance of encryption that they needed to break out of 2,376 court-approved wiretaps, and it ultimately didn't prevent investigators from obtaining the communications they were after.
As a side note, all of this debate is about the data encryption on your smart phone’s disk, it has nothing to do with the communication itself which actually can reveal much more. In order to secure and encrypt that, you’ll have to use something like our very own Zenamte Mobile. We promise: no strings attached!
So does backdooring encryption do more harm than good?
Leave a comment to tell us your opinion!