Why government and tech can’t agree about encryption
NEW YORK: Your phone is getting better and better at protecting your privacy. But Uncle Sam isn’t totally comfortable with that, because it’s also complicating the work of tracking criminals and potential national-security threats.
For decades, tech companies have steadily expanded the use of encryption - a data-scrambling technology that shields information from prying eyes, whether it’s sent over the Internet or stored on phones and computers. For almost as long, police and intelligence agencies have sought to poke holes in the security technology, which can thwart investigators even when they have a legal warrant for, say, possibly incriminating text messages stored on a phone.
The authorities haven’t fared well; strong encryption now keeps strangers out of everything from your iMessages to app data stored on the latest Android phones. But in the wake of the Paris attacks, U.S. officials are again pushing for limits on encryption, even though there’s still no evidence the extremists used it to safeguard their communications. While various experts are exploring ways of resolving the impasse, none are making much headway. For now, the status quo favors civil libertarians and the tech industry, although that could change quickly - for instance, should another attack lead to mass U.S. casualties. Such a scenario could stampede Congress into passing hasty and potentially counterproductive restrictions on encryption.
“There are completely reasonable concerns on both sides,” said Yeshiva University law professor Deborah Pearlstein. The aftermath of an attack, however, “is the least practical time to have a rational discussion about these issues.”
Encryption plays a little heralded, yet crucial role in the modern economy and daily life. It protects everything from corporate secrets to the credit-card numbers of online shoppers to the communications of democracy advocates fighting totalitarian regimes.
At the same time, recent decisions by Apple and Google to encrypt smartphone data by default have rankled law enforcement officials, who complain of growing difficulty in getting access to the data they feel they need to build criminal cases and prevent attacks. For months, the Obama administration - which has steered away from legislative restrictions on encryption has been in talks with technology companies to brainstorm ways of giving investigators legal access to encrypted information.
But technology experts and their allies say there’s no way to grant law enforcement such access without making everyone more vulnerable to cybercriminals and identity thieves. “It would put American bank accounts and their health records, and their phones, at a huge risk to hackers and foreign criminals and spies, while at the same time doing little or nothing to stop terrorists,” Sen. Ron Wyden, D-Ore., said in an interview Monday.
Lawmakers on the US Senate Select Committee on Intelligence remain on what they call an “exploratory” search for options that might expand access for law enforcement, although they’re not necessarily looking at new legislation.
The FBI and police have other options even if they can’t read encrypted files and messages. Socalled metadata - basically, a record of everyone an individual contacts via phone, email or text message - isn’t encrypted, and service providers can make it available when served with subpoenas. Data stored on remote computers in the cloud - for instance, on Apple’s iCloud service or Google’s Drive - is also often available to investigators with search warrants. (Apple and Google encrypt that data, but also hold the keys.)
Some security experts suggest that should be enough. Michael Moore, chief technology officer and co-founder of the Baltimore, Maryland-based data security firm Terbium Labs, noted that police have managed to take down online criminals even without bypassing encryption.
MOUNTAIN VIEW: In this July 30, 2014, file photo, Silicon Valley pioneer and Silent Circle cofounder Jon Callas holds up Blackphone with encryption apps displayed on it at the Computer History Museum in Mountain View, Calif. The Paris terrorist attacks have renewed the debate between law-enforcement officials and privacy advocates over whether there should be limits to encryption technology.