If you are paying attention there has been recent calls for legislation to open vulnerabilities in encryption algorithms. Huh??
We at WiBit.Net know that many of our community is not based in the United States, however, I will focus this discussion from the perspective of the US because that is where we are from. There have been some awful things that have been happening around the world, there is no denying that. And as predictable as it always is the politicians are looking for their scapegoats. One of the scapegoats is encryption. As crazy as it sounds to probably all of us, some legislators in the US are trying to spread the narrative that encryption is helping criminals do their evil deeds by allowing them to communicate in a way that law enforcement cannot eavesdrop. The FBI is calling this “Going Dark”. This is a phrase that describes the current state of encryption. Devices are becoming so locked down and encryption is becoming so advanced that law enforcement is unable to access data, therefore they say they are in the dark.
Recently, US Senator Dianne Feinstein stated that she will be seeking legislation to essentially require backdoors in encryption algorithms which would give law enforcement and the US Government the ability to crack the algorithm. She said in a December 9th discussion with FBI Director James Comey as part of the Federal Bureau of Investigation Oversight Committee “I think this world is really changing in terms of people wanting the protection and wanting law enforcement, if there is conspiracy going on over the Internet, that encryption ought to be able to be pierced.” She said a few other things, but this is the main piece that points out the goals of potential future legislation. I am not picking on Feinstein in particular. She has put herself out there, however, she is not the only law maker in the world that has been on this mission.
So, what does this mean for all of us? Well, it means a lot. But let’s first look at some basic practicalities. First of all, if a backdoor is legislated then it would be impossible to keep this power localized in government and law enforcement. Other nation states, hackers, terrorists, the list goes on, would be able to “pierce” through encryption and gather once encrypted information. A backdoor is a backdoor. When a backdoor is publically known it has a 100% chance of exploit, if there is motivation to do so. Also, how on Earth could this be legislated across the world? Does Dianne Feinstein realize that servers are located all over the globe? This would not be a US or Western led effort; it would literally require the entire world to buy in. It would be monumental, and what if a country doesn’t want to open backdoors and expose their citizens? Does that mean they are banned from Internet commerce or doing business with the US?
Now to what degree are these legislators going to go is still unknown. Right now the discussion is hovering around court orders and handing over of data. FBI Director James Comey, agreeing with Feinstein, did say “We see encryption is getting in the way of our ability to have court orders to gather information we need … I would very much like to get to a world … if a judge issues an order, companies are able to comply to either unlock a device or to provide the communications between terrorists or between drug dealers or kidnappers.” So it is still up in the air if this will lead to backdoors on the open Internet, however, that could be a logical (well, logical to these people) next step. Right now, the pressure is being put on companies to put backdoors on their end-to-end or backend encryption schemes. He also mentioned terrorists, drug dealers, and kidnappers, however those would only be some of the people that would be exposed. If backdoors were to be implemented in all devices and encrypted data it would also be doctors, lawyers, business people, students, cancer patients, children, etc.
The FBI recently asked Apple to open a backdoor on iMessage encryption, however, Apple rejected and pointed out that it would be impossible to open a backdoor for the FBI without it also being exploitable by individual hackers and foreign governments.
Listen, we are not stupid. We get it. Bad stuff happens. Maybe something needs to be done, but this seems extreme to me. With technology and reliance on it there is a side effect and that is massive amounts of communications. That was known when we got in this game, or at least it should have been. To blame encryption is like blaming the baseball bat that was used in a crime to bludgeon a person to death, it’s just not rational. “Your Honor, I am innocent!! I did not do it! It was the baseball bat!” When the Internet came into wide spread use a can of worms was opened and it couldn’t be closed. Now we have to live with it. In the US we have this thing called The Constitution. And in it we the 4th Amendment which is intended to protect us from unreasonable searches and seizures, and protect our privacy in the absence of probable cause. I know digital encryption did not exist at the time that document was written, but it still needs to have meaning and protect us from our government making our private information intentionally vulnerable just because it makes their job easier. I think that reasonable minds can come up with better solutions that satisfy both the needs of privacy and law enforcement. Looking for the fast and dirty fix will have drastic consequences. I hesitate to use the phrase “unintended consequences” because the consequences are so obvious!
I would love to hear your thoughts! If you disagree, that’s awesome. Let me hear it. If you agree, that’s great too.