Why US gov­ern­ment and tech can’t agree about en­cryp­tion

Un­cle Sam un­com­fort­able as phone pri­vacy gets bet­ter

Kuwait Times - - TECHNOLOGY -

NEW YORK: Your phone is get­ting bet­ter and bet­ter at pro­tect­ing your pri­vacy. But Un­cle Sam isn’t to­tally com­fort­able with that, be­cause it’s also com­pli­cat­ing the work of track­ing crim­i­nals and po­ten­tial na­tional-se­cu­rity threats. For decades, tech com­pa­nies have steadily ex­panded the use of en­cryp­tion - a data-scram­bling tech­nol­ogy that shields in­for­ma­tion from pry­ing eyes, whether it’s sent over the In­ter­net or stored on phones and com­put­ers. For al­most as long, po­lice and in­tel­li­gence agen­cies have sought to poke holes in the se­cu­rity tech­nol­ogy, which can thwart in­ves­ti­ga­tors even when they have a le­gal war­rant for, say, pos­si­bly in­crim­i­nat­ing text mes­sages stored on a phone.

The au­thor­i­ties haven’t fared well; strong en­cryp­tion now keeps strangers out of ev­ery­thing from your iMes­sages to app data stored on the lat­est An­droid phones. But in the wake of the Paris at­tacks, US of­fi­cials are again push­ing for lim­its on en­cryp­tion, even though there’s still no ev­i­dence the ex­trem­ists used it to safe­guard their com­mu­ni­ca­tions. While var­i­ous ex­perts are ex­plor­ing ways of re­solv­ing the im­passe, none are making much head­way. For now, the sta­tus quo fa­vors civil lib­er­tar­i­ans and the tech in­dus­try, al­though that could change quickly for in­stance, should an­other at­tack lead to mass US ca­su­al­ties.

Such a sce­nario could stam­pede Congress into pass­ing hasty and po­ten­tially coun­ter­pro­duc­tive re­stric­tions on en­cryp­tion. “There are com­pletely rea­son­able con­cerns on both sides,” said Yeshiva Univer­sity law pro­fes­sor Deb­o­rah Pearl­stein. The af­ter­math of an at­tack, how­ever, “is the least prac­ti­cal time to have a ra­tio­nal dis­cus­sion about th­ese is­sues.” En­cryp­tion plays a lit­tle her­alded, yet cru­cial role in the mod­ern econ­omy and daily life. It pro­tects ev­ery­thing from cor­po­rate se­crets to the credit-card num­bers of on­line shop­pers to the com­mu­ni­ca­tions of democ­racy ad­vo­cates fight­ing to­tal­i­tar­ian regimes.

At the same time, re­cent de­ci­sions by Ap­ple and Google to en­crypt smart­phone data by de­fault have ran­kled law en­force­ment of­fi­cials, who com­plain of grow­ing dif­fi­culty in get­ting ac­cess to the data they feel they need to build crim­i­nal cases and pre­vent at­tacks. For months, the Obama ad­min­is­tra­tion - which has steered away from leg­isla­tive re­stric­tions on en­cryp­tion has been in talks with tech­nol­ogy com­pa­nies to brain­storm ways of giv­ing in­ves­ti­ga­tors le­gal ac­cess to en­crypted in­for­ma­tion.

But tech­nol­ogy ex­perts and their al­lies say there’s no way to grant law en­force­ment such ac­cess with­out making ev­ery­one more vul­ner­a­ble to cy­ber­crim­i­nals and iden­tity thieves. “It would put Amer­i­can bank ac­counts and their health records, and their phones, at a huge risk to hack­ers and for­eign crim­i­nals and spies, while at the same time do­ing lit­tle or noth­ing to stop ter­ror­ists,” Sen. Ron Wy­den, D-Ore, said in an in­ter­view Mon­day.

Law­mak­ers on the US Se­nate Se­lect Com­mit­tee on In­tel­li­gence re­main on what they call an “ex­ploratory” search for op­tions that might ex­pand ac­cess for law en­force­ment, al­though they’re not nec­es­sar­ily look­ing at new leg­is­la­tion. The FBI and po­lice have other op­tions even if they can’t read en­crypted files and mes­sages. So-called me­ta­data - ba­si­cally, a record of ev­ery­one an in­di­vid­ual con­tacts via phone, email or text mes­sage - isn’t en­crypted, and ser­vice providers can make it avail­able when served with sub­poe­nas.

Data stored on re­mote com­put­ers in the cloud - for in­stance, on Ap­ple’s iCloud ser­vice or Google’s Drive - is also of­ten avail­able to in­ves­ti­ga­tors with search war­rants. (Ap­ple and Google en­crypt that data, but also hold the keys.) Some se­cu­rity ex­perts sug­gest that should be enough. Michael Moore, chief tech­nol­ogy of­fi­cer and co­founder of the Bal­ti­more, Mary­land­based data se­cu­rity firm Ter­bium Labs, noted that po­lice have man­aged to take down on­line crim­i­nals even with­out by­pass­ing en­cryp­tion. He pointed to the 2013 take down of Silk Road, a mas­sive on­line drug bazaar that op­er­ated on the “dark Web,” es­sen­tially the un­der­world of the In­ter­net.

“The way they fig­ured that out was through good old-fash­ioned po­lice work, not by break­ing cryp­tog­ra­phy,” Moore said. “I don’t think there’s a short­cut to good po­lice work in that re­gard.” Oth­ers ar­gue that the very no­tion of “com­pro­mise” makes no sense where en­cryp­tion is con­cerned. “En­cryp­tion fun­da­men­tally is about math,” said Mike McNer­ney, a fel­low on the Tru­man Na­tional Se­cu­rity Project and a for­mer cy­ber pol­icy ad­viser to the Sec­re­tary of De­fense. “How do you com­pro­mise on math?” He called the idea of back­doors “silly.”

‘Race against time’

Some in law en­force­ment have com­pro­mise ideas of their own. The Man­hat­tan Dis­trict At­tor­ney’s of­fice, for in­stance, re­cently called for a fed­eral law that would re­quire smart­phone com­pa­nies to sell phones they could un­lock for gov­ern­ment searches - in essence, forc­ing them to hold the keys to user data. In a re­port on the sub­ject, the of­fice called its sug­ges­tion a “lim­ited pro­posal” that would only ap­ply to data stored on smart­phones and re­strict searches to de­vices that au­thor­i­ties had al­ready seized. Pri­vacy ad­vo­cates and tech com­pa­nies aren’t sold, say­ing it would weaken se­cu­rity for phones that are al­ready too vul­ner­a­ble to at­tack.

Mar­cus Thomas, the chief tech­nol­ogy of­fi­cer at Sub­sen­tio and for­mer as­sis­tant di­rec­tor of the FBI’s op­er­a­tional tech­nol­ogy di­vi­sion, ar­gued that it’s too late to turn back the clock on strong en­cryp­tion, putting law en­force­ment in a “race against time” to ob­tain in­ves­ti­ga­tory data when­ever and wher­ever it can. But he urged se­cu­rity ex­perts to find ways to help out in­ves­ti­ga­tors as they de­sign next gen­er­a­tion en­cryp­tion sys­tems. The idea of al­low­ing law en­force­ment se­cure ac­cess to en­crypted in­for­ma­tion doesn’t faze Nate Car­dozo, a staff at­tor­ney for the San Francisco-based Elec­tronic Fron­tier Foun­da­tion - pro­vided a war­rant is in­volved. Un­for­tu­nately, he says, cryp­tog­ra­phers agree that the prospect is a “pure fan­tasy.” —AP

NEW YORK: A C3 flip phone from Pan­tech is shown on a key­board for size com­par­i­son, in New York. More than 90 per­cent of smart­phone users trade up for newer mod­els within two years, ac­cord­ing to ex­perts. But a frac­tion of the pop­u­la­tion con­tin­ues to cling to older phones, some 3 to 4 years old, or more. —AP

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.