Why Outlawing Encryption Is Wrong - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
08:06 AM
Connect Directly

Why Outlawing Encryption Is Wrong

Putting data encryption solely into the hands of government employees won't prevent bad things from happening -- and it might encourage wrongdoing.

In a chilling move toward an all-knowing police state, FBI Director James Comey is making the news rounds to equate data encryption with letting child pornographers, kidnappers, and terrorists roam unchecked. The assertion: Law enforcement will have no tools to catch bad guys if encryption works as designed. So all of a sudden other advances in law enforcement technology are trumped? Let's get real.

I'm not a law enforcement officer, but I've been serving military and law enforcement technology needs for 20-plus years. I have an "outsider on the inside" point of view. And let me preface my arguments by saying that I'm a huge fan of law enforcement officials having the lawful tools they need to do their jobs. I'm grateful every day when they protect our community and country.

[Another retailer gets hit. Read Several Staples Stores Suffer Data Breach.]

But balance is needed in what is a serious matter of public concern. Law enforcement officials always want maximum, broad powers. And who can blame them? New IT system administrators always want maximum, broad powers. But our country works best when there's a balance of power, among the law enforcement and judicial system; legislators; and local, state, and federal executive leaders.

Outlawing data encryption that the government can't decrypt is wrong for many reasons. Here are a few.

The human element
I'm preaching to the choir when I say this to InformationWeek readers, but if law enforcement has key escrow, or a "master key" to all data encryption, that assumes there's a sound mechanism for ensuring that those keys don't fall into the hands of the bad guys, and that the good guys never use them for the wrong reasons. Those assumptions are laughable.

Bruce Schneier is an authority on why security back doors are a terrible idea: The bad guys inevitably find them and use them. Believe him.

Also know that law enforcement officers are a population like all populations, with good and bad eggs. If you think that no officer, anywhere, will use a back door to find out things that he or she shouldn't find out, think again.

Officers and other employees charged with keeping us safe can misbehave like any other company employee. I assure you that small indiscretions happen every day that the general public never knows about. Only when things blow up do we see the headlines, like the ones made by former FBI agent and turncoat Robert Hanssen, who was at one time an internal affairs investigator and who became known as a "computer expert" in the bureau.

Putting data encryption solely into the hands of government employees won't prevent bad things from happening.

Competitive disadvantage
Arbitrary spying creates a competitive disadvantage for our country. The NSA's spying on US citizens and businesses without due process created an atmosphere in which some foreign businesses are now reluctant to locate in this country. Indeed, analysts predict that US tech companies could lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.

For the US to restore confidence, legislation must protect -- not remove --

Jonathan Feldman is Chief Information Officer for the City of Asheville, North Carolina, where his business background and work as an InformationWeek columnist have helped him to innovate in government through better practices in business technology, process, and human ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 2 / 2
User Rank: Ninja
10/25/2014 | 1:40:30 PM
Freeh Redux
Considering that Comey & co.'s fairy tale villans of the Infopocalypse have been debunked time and again with facts, it is comical that he continues to speak against encryption.   Further, it is clear that he does not grasp the concept of encryption since he attempts to pay lip service to the Fourth Amendment and then immediately contradicts himself.  We've seen this struggle over encryption in the 90s when Louie Freeh as director so all this happening now is just warmed over crap with the government desperately hoping to usurp civil liberties in the name of apprehending child molesting terrorists who kidnap. (and probably have ebola just to add to the FBIs FUD.)  Same lot of lies, different decade.
User Rank: Ninja
10/25/2014 | 5:28:21 PM
This is just crazy. The FBI is admitting they can't decrypt everything so the answer is outlaw any encryption it can't decrypt? The crazy part is how do they plan to enforce this? Or do they think the bad guys will help them out?

User Rank: Apprentice
11/3/2014 | 4:59:36 PM
Founding Fathers believed in strong encryption.
  Founding fathers of America used strong, very strong encryption that was not broken untill 1942 with Alan Touring's computer at Blechly park.

Source: en.wikipedia.org/wiki/Jefferson_disk

    "First invented by Thomas Jefferson in 1795, this cipher did not become well known and was independently invented by Commandant Etienne Bazeries, the conqueror of the Great Cipher, a century later. The system was used by the United States Army from 1923 until 1942 as the M-94.  "

    Imagine using encryption that would not be broken for over 100 years or past our death.
    Even if it is encrypted, message traffic shows connections of criminals. Enough for law enforcement to figure out who might be a bad guy.

   People use hard encryption now. The FBI put out a call for people who speak ebonics because the FBI does not. "Damn, the shizzel dog." (in English - "It is true my friend")

   A new worry. What happens when a person tells the truth "I forgot the key" and they can not un-encrypt a message under court order?  How many times do we forget passwords of systems we are using let alone a message encrypted years ago.

  This is still a new area of law IMO.
<<   <   Page 2 / 2
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll