Obama Won't Force Encryption Backdoors In Devices - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
10/12/2015
04:05 PM
Larry Loeb
Larry Loeb
Commentary
50%
50%

Obama Won't Force Encryption Backdoors In Devices

The Obama administration will not push legislation that would compel companies to decrypt customer data, but will continue to try to persuade them to give access when needed.

11 Clever iPhone 6 Hacks
11 Clever iPhone 6 Hacks
(Click image for larger view and slideshow.)

Encryption on your iPhone and other digital devices is safe -- for now. The Obama administration has announced that it will not call for legislation to force backdoors into encryption methods, but is not giving up on getting the data in another way, according to published reports.

"The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry," FBI Director James B. Comey said at a Senate hearing of the Homeland Security and Governmental Affairs Committee Oct. 8.

So, the status quo holds. For now.

It is an uneasy status quo, to be sure.

(Image: alengo/iStockphoto)

(Image: alengo/iStockphoto)

The problem for law enforcement is that the kind of access that they had in the past to the communications of criminals is falling victim to technology. Putting a wiretap on a line is still possible with a warrant, but may yield no useful information if the communication is encrypted. Even if a warrant is presented to a device's manufacturer (as recently happened to Apple), the digital keys to the encryption used may not be held by the manufacturer.

However, advocates for privacy do not consider this a full victory.

The Electronic Frontier Foundation, in a statement in response to the news, said, "... it's not enough to acknowledge that a law forcing companies to build backdoors into their users' data is a bad idea. If Obama wants to leave a legacy promoting innovation and consumer privacy, he should create a clear policy position opposing secret, and sometimes informal, agreements between the government and tech companies to undermine security and privacy."

[Find out why the FBI chief said that encryption hinders investigations.]

This kind of debate has been going on since the mid-90s, when the government wanted to force widespread adoption of the Clipper chip. That was an "encryption" device with a built-in backdoor capability that would allow law enforcement to unwind encryption.

Silicon Valley tech firms have been fairly united in their opposition to encryption backdoors. However, rather than consumer advocacy motivating them in this matter, it may well be that they fear losing export markets for their products.

Don't forget that tech firms use encryption to protect the stored information that they collect about their customers for internal analysis. They are not keen on having that sort of information available to government regulators for their review. They have some of their own skin in this game, too.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kstaron
50%
50%
kstaron,
User Rank: Ninja
10/23/2015 | 9:41:20 AM
Re: Complex
Ideally the answer is that the companies don't use my data to sell and there are no backdoors. (Honestly if they want my data, shouldn't they be paying me for it?) I understand the desire for law enforcement to want an easy way to check if someone is planning criminal activity, but putting in and all access pass to the backstage of my device isn't the way to do it. how hard is it, after they put that in for hackers to use the same way in to get my data?
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/13/2015 | 7:53:00 AM
Re: Complex
Well, it may well be that usual encryption can be cracked by someone like the NSA if they think its important enough. Which adds a level of irony to all this debate.

But for the run-of-the-mill protection, encryption remains the only way to go
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
10/13/2015 | 7:47:31 AM
Re: Complex
Agreed. Encryption without the platform providers, manufacturers or software makers holding the key is the only way to ensure a decent level of security. It's difficult when the NSA seems happy to install malware in HDD firmware, but encryption as you described is certainly the way forward to giving us some privacy again.
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/12/2015 | 7:38:57 PM
Re: Complex
That sounds like Apple's strategy.

But there are holes in it. When faced with the warrant I mentioned in the article, they couldn't hand over the realt time encryption on iPhone because they didn't have it.

But they could and did hand over the iMessages that had been stored in iCloud.

Total end-to-end encryption with the manufacurers not having the keys is the goal, I think.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
10/12/2015 | 7:26:18 PM
Re: Complex
The right answer would be for the major tech companies to get together and integrate encryption into everything so it's easy for everyone and the default state.
larryloeb
100%
0%
larryloeb,
User Rank: Author
10/12/2015 | 7:16:04 PM
Re: Complex
I've fought this war before, in the Clinton Administration.

The answer is no backdoors.

If the Federales can get to your stuff, so can hackers. That simple.

There are other ways for the Secret Police to find out what BadGuys are doing.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
10/12/2015 | 7:06:27 PM
Complex
This is such a complex issue. While I think having backdoors on devices is bad from a privacy standpoint, I find it interesting that companies are using encryption tech to store my data they will eventually sell to advertisers.

What's the right answer here?
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll