At­tacks re­vive de­bate on en­cryp­tion, sur­veil­lance

Ap­ple, Google must build ‘back­doors’ in their en­cryp­tion sys­tems

Kuwait Times - - FRONT PAGE -

NEW YORK: The deadly at­tacks in Paris may soon re­open the de­bate over whether - and how - tech com­pa­nies should let gov­ern­ments by­pass the data scram­bling that shields ev­ery­day commerce and daily dig­i­tal life.

So far, there’s no hard ev­i­dence that the Paris ex­trem­ists re­lied on en­crypted com­mu­ni­ca­tions - es­sen­tially, en­coded dig­i­tal mes­sages that can’t be read with­out the proper dig­i­tal “keys” - to plan the shoot­ing and bomb­ing at­tacks that left 129 dead on Fri­day. But it wouldn’t be much of a sur­prise if they did.

So-called end-to-end en­cryp­tion tech­nol­ogy is now widely used in many stan­dard mes­sage sys­tems, in­clud­ing Ap­ple’s iMes­sage and Face­book’s What­sApp. Sim­i­lar tech­nol­ogy also shields the con­tents of smart­phones run­ning the lat­est ver­sions of Ap­ple and Google op­er­at­ing soft­ware. Strong en­cryp­tion is used to pro­tect ev­ery­thing from cor­po­rate se­crets to the credit-card num­bers of on­line shop­pers to in­ti­mate pho­tos and se­crets shared by lovers.

That wide­spread use of en­cryp­tion, which was pre­vi­ously re­stricted to more pow­er­ful desk­top or server com­put­ers, is ex­actly what wor­ries mem­bers of the in­tel­li­gence and law en­force­ment com­mu­ni­ties. Some are now us­ing the oc­ca­sion of the Paris at­tacks to once again ar­gue for re­stric­tions on the tech­nol­ogy, say­ing it ham­pers their abil­ity to track and dis­rupt plots like the Paris at­tacks.

“I now think we’re go­ing to have an­other pub­lic de­bate about en­cryp­tion, and whether gov­ern­ment should have the keys, and I think the re­sult may be dif­fer­ent this time as a re­sult of what’s hap­pened in Paris,” for­mer CIA deputy di­rec­tor Michael Morell said Mon­day on CBS This Morn­ing.

The last such de­bate fol­lowed 2013 dis­clo­sures of gov­ern­ment sur­veil­lance by for­mer Na­tional Se­cu­rity Agency con­trac­tor Ed­ward Snow­den. Since then, tech com­pa­nies seek­ing to re­as­sure their users and pro­tect their prof­its have adopted more so­phis­ti­cated en­cryp­tion tech­niques de­spite gov­ern­ment op­po­si­tion. Doc­u­ments leaked by Snow­den also shed light on NSA ef­forts to break en­cryp­tion tech­nolo­gies.

In re­sponse, law-en­force­ment and in­tel­li­gence of­fi­cials have ar­gued that com­pa­nies like Ap­ple and Google should build “back­doors” into their en­cryp­tion sys­tems that would al­low in­ves­ti­ga­tors into oth­er­wise locked-up de­vices. The Obama ad­min­is­tra­tion con­tin­ues to en­cour­age tech com­pa­nies to in­clude such back­doors, al­though it says it won’t ask Congress for new law that re­quires them.


“The Snow­den rev­e­la­tion showed that back­doors can be de­struc­tive, par­tic­u­larly when they’re done in se­crecy with­out trans­parency,” says Will Ack­erly, a for­mer NSA se­cu­rity re­searcher and the co-founder of Virtru, which pro­vides en­cryp­tion tech­nol­ogy for both com­pa­nies and in­di­vid­ual peo­ple.

On Mon­day, At­tor­ney Gen­eral Loretta Lynch said the gov­ern­ment con­tin­ues to have “on­go­ing dis­cus­sions” with in­dus­try about ways in which com­pa­nies can law­fully pro­vide in­for­ma­tion about their users while still en­sur­ing their pri­vacy. Last week in Dublin, Ap­ple CEO Tim Cook noted that “there’s no such thing as a back­door for the good guys only. If there’s a back­door, any­body can come in.” In other words, any short­cut for in­ves­ti­ga­tors could also be tar­geted by cy­ber­crim­i­nals ea­ger to hack ma­jor cor­po­ra­tions - a la the dev­as­tat­ing cy­ber­at­tack on Sony late last year - or to tar­get in­di­vid­u­als for iden­tity theft or ex­tor­tion, as re­port­edly occurred fol­low­ing the dis­clo­sure of records from the in­fi­delity dat­ing site Ash­ley Madi­son. In the same speech, Cook said Ap­ple will re­sist at­tempts to weaken en­cryp­tion in iMes­sage. A draft law re­cently in­tro­duced in Bri­tain would re­quire telecom­mu­ni­ca­tions com­pa­nies to pro­vide “wider as­sis­tance” to po­lice and in­tel­li­gence agen­cies in the in­ter­ests of na­tional se­cu­rity.

Like iMes­sage, Face­book’s What­sApp en­crypts all com­mu­ni­ca­tions from “end-toend” - a tech­nique that blocks any­one out­side the con­ver­sa­tion from read­ing or see­ing what’s be­ing sent.

Al­though Face­book can’t see the con­tent of the mes­sages, it does track who is talk­ing to whom and stores their phone num­bers - in­for­ma­tion that can be valu­able for law en­force­ment of­fi­cials try­ing to sniff out ter­ror­ist plots and fight other crim­i­nal ac­tiv­ity.

Steven Bellovin, a Columbia Univer­sity pro­fes­sor and com­puter se­cu­rity re­searcher, says he isn’t sur­prised by the ef­fort to bring back dis­cus­sion on en­cryp­tion back­doors. But he adds that it’s way too early to tie it to the Paris at­tacks. “We don’t know how th­ese peo­ple were com­mu­ni­cat­ing and with whom,” he said. “If they were com­mu­ni­cat­ing with home­grown soft­ware and there’s some in­di­ca­tions of that, then a manda­tory back­door is not go­ing to do any good.”


VILLEPINTE: ( Above and bot­tom) Men look at drones dur­ing the 19th world­wide ex­hi­bi­tion of in­ter­nal State se­cu­rity (MILIPOL) in Villepinte, sub­urbs of Paris, yes­ter­day.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.