According to the New York Times (September 4, 2018) the Trump administration and its closest intelligence partners have quietly warned technology firms that they will demand “lawful access” to all encrypted emails, text messages and voice communications, threatening to compel compliance if the private companies refuse to voluntarily provide the information to the governments.
The threat was issued last week by the United States, Britain, Australia, New Zealand and Canada, the so-called Five Eyes nations that broadly share intelligence. Collectively, they have been frustrated by the spread of encrypted apps on cellphones and the ability to send encrypted messages through social media and, most prominently, on Apple’s iPhones.
At the core of the dispute is whether Apple, Facebook, Google and others should be compelled to provide a “back door” to their products that would allow government investigators to gain access to all communications, with a legal order.
It is far from clear that Congress is ready to take on the technology companies on this issue, especially because more companies and citizens are turning to encryption to protect sensitive conversations and financial transfers.
Ordinary Americans are also increasingly using encrypted apps to conduct delicate conversations to prevent monitoring by the government or others.
“Cybersecurity experts have repeatedly proven that it’s impossible to create any back door that couldn’t be discovered — and exploited — by bad actors,” Facebook said in the blog post. “It’s why weakening any part of encryption weakens the whole security ecosystem.”
The debate was fueled in part by Apple’s refusal to unlock an iPhone used by one of the attackers in a 2015 shooting in San Bernardino, Calif., as demanded by the F.B.I. A year earlier, Mr. Comey had cited “concerns” about encryption apps that he described as “companies marketing something expressly to allow people to hold themselves beyond the law.”
In response, Tim Cook, Apple’s chief executive, contended that once phones or messaging systems were designed to allow legal access, hackers from Russia, China, Iran, North Korea and elsewhere would use the breach to pry their way in, destroying technology devised to protect privacy.
--
Requiring corporations like Apple, Facebook, Google, and the like to include a backdoor to break encryption in their products is an extremely bad idea. Any backdoor that allows encryption to be bypassed with a court order will sooner or later (probably sooner) be hacked allowing unauthorized access to sensitive, encrypted information by criminals, and foreign powers.
There simply is no good technical means to allow only the "good guys" to break encryption and still keep the "bad guys" out. And as we have too often seen, the government is not always the good guys.
I note too that while strong encryption will keep the government out of your private information (at least for a time) most cases do not hinge on access to encrypted data. In 2017 there were only 102 cases of encryption encounter in wiretaps, and of those officials were not able to decipher the plain text of the communications in only 37 cases. The use of encryption simply isn't keeping the government for conducting effective law enforcement, but what the use of encryption does do quite well is keep the government from conducting mass surveillance programs - and this is the real issue at hand!
According to security guru Bruce Schneier, "The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a "Statement of Principles on Access to Evidence and Encryption" where they claim their needs for surveillance outweigh everyone's needs for security and privacy."
Privacy and security expert, Cory Doctorow stated, "Oh for fuck's sake, not this fucking bullshit again. America, Canada, New Zealand, the UK and Australia are in a surveillance alliance called The Five Eyes, through which they share much of their illegally harvested surveillance data. In a recently released Statement of Principles on Access to Evidence and Encryption, the Five Eyes powers have demanded, again, that strong cryptography be abolished and replaced with defective cryptography so that they can spy on bad guys. They defend this by saying "Privacy is not absolute.""
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.