The Encryption Debate: Throwing Spaghetti at the Wall

Overall, the encryption debate is about having more security or less security. Companies within the United States should be able to comply with warrants to the extent they are reasonably able to do so. Yet no company should ever be forced to weaken the security of their products. Cybersecurity Experts and people within the technology community has been saying this from the start.

The FBI, on the other hand, has had a lot of trouble keeping its story straight  —  and has had trouble being honest with the American people about what it wants.

In 2014, James Comey gave a speech asking for having a regulatory or legislative fix to guarantee that all digital communications are easily accessible to the FBI.

James Comey was asking that the hardware and software companies be required to create a backdoor for the FBI to use — just like the government wanted 20 years ago. That idea was a big loser for security then, and Americans realized pretty quickly it would be a bigger loser today. It would weaken the security for millions of families, and it has yet to actually stop terrorists and other bad actors from using strong encryption standards.

In 2015, the Justice Department tried a new argument: What law enforcement really needed was to have companies hold copies of the encryption keys, so the government could get your information from them. This is according to Deputy Attorney General Sally Yates.

One problem: If companies are keeping stockpiles of encryption keys, it vastly increases the chances that hackers to get these keys.

Later that day, James Comey said the administration hadn’t decided whether to seek legislation — what about the first point that I made? He said Cybersecurity Experts should just try harder to invent new ways for the government to  have access encrypted information without weakening the security. Cybersecurity experts’ response: No, we tried that. It’s not possible.

Next, the FBI decided to go around Congress, and sought a court order to force Apple to undermine its own encryption …. but they claimed it was just for one phone: “The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message,” the FBI Director wrote in a blog post.

The Justice Department went further in court filings:

It is a narrow, targeted order that will produce a narrow, targeted piece of software capable of running on just one iPhone.

Nope, definitely not just the one phone which the demanded access to. If the FBI can force Apple to weaken the security of just one phone, it can force companies to weaken their products in all sorts of dangerous ways.

At a congressional hearing this March, James Comey acknowledged that if the FBI succeeds in forcing Apple to undermine the security of one phone, it could set a precedent that the FBI could use over and over against Apple and other US companies.

It’s officially time for the FBI and the Department of Justice to stop throwing spaghetti against the wall and hoping something will stick sooner or later. The administration needs to be honest with the American people.

Which is it? Less security or more security? If the FBI and the Department of Justice want to ban companies from providing strong encryption, they should come out and just say it already.

Advertisements


Categories: Politics, Security

Tags: , , , , ,

%d bloggers like this: