FBI Director Christopher A. Wray on Tuesday [January 9, 2018] renewed a call for tech companies to help law enforcement officials gain access to encrypted smartphones, describing it as a "major public safety issue." Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 - more than half of all the smartphones it tried to crack in that time period - despite having a warrant from a judge. "Being unable to access nearly 7,800 devices in a single year is a major public safety issue," he said, taking up a theme that was a signature issue of his predecessor, James B. Comey. (Washington Post)
Unintended consequences
Technology companies as well as many digital security experts claim that the FBI’s attempts to order all devices to have a way for investigators to access a criminal suspect’s phone would harm internet security while also empowering malicious hackers.
Any laws that have the effect of weakening the encryption schemes used by popular Internet services could have unintended consequences, according the chief technology officer of security software vendor Sophos.
"I think it’s unreasonable to ask anyone who writes any kind of software to intentionally weaken the security of that software, whether that’s in the form of introducing a backdoor or whether it’s in the form of creating this kind of a ‘reversible crypto scheme’ where data could subsequently be decrypted even by authorized party," Joe Levy, CTO at Sophos, told Computerworld in an interview conducted in late 2017.
"No matter how you slice it, you’re basically asking the vendor to weaken the security of the product."
"It might be requested with the very best of intentions and certainly fighting terrorism is a very important and a very noble goal, but there’s this unintended consequence of creating these vast exposures that are inevitably going to be exploited by some bad actor," Levy said.
"You can’t just trust that it will only be the government who is going to have that key or have that ability to decrypt content. You just have to expect that, with knowledge that this capability exists in the product, that bad actors are going to seek to exploit that, especially when you have any kind of a centralization of an ability to do that."
"It’s basically an advertisement saying ‘come and attack me; this will give you the keys to the kingdom’," the CTO said. (Computer World)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.