Why govern­ment and tech can’t agree about en­cryp­tion

Kuwait Times - - TECHNOLOGY -

NEW YORK: Your phone is get­ting bet­ter and bet­ter at pro­tect­ing your pri­vacy. But Un­cle Sam isn’t to­tally com­fort­able with that, be­cause it’s also com­pli­cat­ing the work of track­ing crim­i­nals and po­ten­tial na­tional-se­cu­rity threats.

For decades, tech com­pa­nies have steadily ex­panded the use of en­cryp­tion - a data-scram­bling tech­nol­ogy that shields in­for­ma­tion from pry­ing eyes, whether it’s sent over the In­ter­net or stored on phones and com­put­ers. For al­most as long, po­lice and in­tel­li­gence agen­cies have sought to poke holes in the se­cu­rity tech­nol­ogy, which can thwart in­ves­ti­ga­tors even when they have a le­gal war­rant for, say, pos­si­bly in­crim­i­nat­ing text mes­sages stored on a phone.

The au­thor­i­ties haven’t fared well; strong en­cryp­tion now keeps strangers out of ev­ery­thing from your iMes­sages to app data stored on the lat­est An­droid phones. But in the wake of the Paris at­tacks, U.S. of­fi­cials are again push­ing for lim­its on en­cryp­tion, even though there’s still no ev­i­dence the ex­trem­ists used it to safe­guard their com­mu­ni­ca­tions. While var­i­ous ex­perts are ex­plor­ing ways of re­solv­ing the im­passe, none are mak­ing much head­way. For now, the sta­tus quo fa­vors civil lib­er­tar­i­ans and the tech in­dus­try, although that could change quickly - for in­stance, should another at­tack lead to mass U.S. ca­su­al­ties. Such a sce­nario could stam­pede Congress into pass­ing hasty and po­ten­tially coun­ter­pro­duc­tive re­stric­tions on en­cryp­tion.

Pro­tects ev­ery­thing

“There are com­pletely rea­son­able con­cerns on both sides,” said Yeshiva Univer­sity law pro­fes­sor Deb­o­rah Pearl­stein. The af­ter­math of an at­tack, how­ever, “is the least prac­ti­cal time to have a ra­tio­nal dis­cus­sion about these is­sues.”

En­cryp­tion plays a lit­tle her­alded, yet cru­cial role in the mod­ern econ­omy and daily life. It pro­tects ev­ery­thing from cor­po­rate se­crets to the credit-card num­bers of on­line shop­pers to the com­mu­ni­ca­tions of democ­racy ad­vo­cates fight­ing to­tal­i­tar­ian regimes.

At the same time, re­cent de­ci­sions by Ap­ple and Google to en­crypt smart­phone data by de­fault have ran­kled law en­force­ment of­fi­cials, who com­plain of grow­ing dif­fi­culty in get­ting ac­cess to the data they feel they need to build crim­i­nal cases and pre­vent at­tacks. For months, the Obama ad­min­is­tra­tion - which has steered away from leg­isla­tive re­stric­tions on en­cryp­tion has been in talks with tech­nol­ogy com­pa­nies to brain­storm ways of giv­ing in­ves­ti­ga­tors le­gal ac­cess to en­crypted in­for­ma­tion.

But tech­nol­ogy ex­perts and their al­lies say there’s no way to grant law en­force­ment such ac­cess with­out mak­ing ev­ery­one more vul­ner­a­ble to cy­ber­crim­i­nals and iden­tity thieves. “It would put Amer­i­can bank ac­counts and their health records, and their phones, at a huge risk to hack­ers and for­eign crim­i­nals and spies, while at the same time do­ing lit­tle or noth­ing to stop ter­ror­ists,” Sen. Ron Wy­den, D-Ore., said in an in­ter­view Monday.

Law­mak­ers on the US Se­nate Select Com­mit­tee on In­tel­li­gence re­main on what they call an “ex­ploratory” search for op­tions that might ex­pand ac­cess for law en­force­ment, although they’re not nec­es­sar­ily look­ing at new leg­is­la­tion.

The FBI and po­lice have other op­tions even if they can’t read en­crypted files and mes­sages. So­called meta­data - ba­si­cally, a record of ev­ery­one an in­di­vid­ual con­tacts via phone, email or text mes­sage - isn’t en­crypted, and ser­vice providers can make it avail­able when served with sub­poe­nas. Data stored on re­mote com­put­ers in the cloud - for in­stance, on Ap­ple’s iCloud ser­vice or Google’s Drive - is also of­ten avail­able to in­ves­ti­ga­tors with search war­rants. (Ap­ple and Google en­crypt that data, but also hold the keys.)

Some se­cu­rity ex­perts sug­gest that should be enough. Michael Moore, chief tech­nol­ogy of­fi­cer and co-founder of the Bal­ti­more, Mary­land-based data se­cu­rity firm Ter­bium Labs, noted that po­lice have man­aged to take down on­line crim­i­nals even with­out by­pass­ing en­cryp­tion.

— AP

MOUN­TAIN VIEW: In this July 30, 2014, file photo, Sil­i­con Val­ley pi­o­neer and Silent Cir­cle co­founder Jon Cal­las holds up Black­phone with en­cryp­tion apps dis­played on it at the Com­puter His­tory Mu­seum in Moun­tain View, Calif. The Paris ter­ror­ist at­tacks have re­newed the de­bate be­tween law-en­force­ment of­fi­cials and pri­vacy ad­vo­cates over whether there should be lim­its to en­cryp­tion tech­nol­ogy.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.