Why FBI Is Wrong On Encryption Workaround - InformationWeek
IoT
IoT
IT Leadership // Digital Business
Commentary
12/3/2014
08:36 AM
Daniel Castro
Daniel Castro
Commentary
Connect Directly
Twitter
RSS
100%
0%

Why FBI Is Wrong On Encryption Workaround

Such a measure would invade privacy, extend government overreach, and hurt US tech companies.

7 Important Tech Regulatory Issues In 2015
7 Important Tech Regulatory Issues In 2015
(Click image for larger view and slideshow.)

FBI director James Comey reignited a long-running controversy recently when he argued that the encryption US technology companies such as Apple and Google use on their devices could impede law enforcement's ability "to prosecute crime and prevent terrorism." Comey wants US tech companies to design a way for law enforcement officials to access the data stored on those devices. Of course, Comey conveniently ignores the fact that one reason some companies are working so hard to secure their customer data is because of past overreach by the US government.

In addition to raising the obvious privacy and government overreach issues, this proposal would also weaken the security and global competitiveness of US tech products. If the government pursues this path of demanding backdoor access to accounts and devices, not only will other countries insist on similar capabilities, but US companies will be fundamentally disadvantaged in the global marketplace.

It's surprising that the FBI is advocating such a position, given the Clipper chip fiasco during the Crypto Wars of the 1990s. Back then, the US government tried to push out an encryption standard that would give it backdoor access to every secure phone in the country. Perhaps sensitive to this history, the FBI has been trying to claim that it's not asking for backdoor access. Director Comey argued in recent remarks that the FBI wants "to use the front door with clarity and transparency," a dubious claim given recent Justice Department revelations of law enforcement officials impersonating reporters, creating fake Facebook profiles, and pushing for expanded hacking authority.

[It's no wonder: Americans Doubt They Can Protect Their Privacy.]

Regardless of what the FBI wants to call it, the fact of the matter is that by creating opportunities to circumvent security features in computing devices, the FBI would fundamentally make them less secure. Keys can be stolen, and the federal government hasn't been immune to data breaches.

There are at least two likely consequences of pursuing this course.

First, in a market where security is king, products and services with weaker security are less competitive. In the wake of the Edward Snowden revelations, the US tech sector already has begun to lose out to European and Asian competitors that promise better security from the prying eyes of the government. The Information Technology and Innovation Foundation estimated last year that Snowden's NSA disclosures may cost the US cloud computing industry alone between $22 billion and $35 billion over the next several years by shattering confidence in the security of US companies.

FBI director James Comey
FBI director James Comey

Indeed, a number of countries are pushing "buy domestic" rules and labels for technology products to reduce intrusion from US surveillance while conveniently favoring their domestic suppliers. Under these circumstances, how popular will an "FBI-ready" phone really be on the global market? If US companies such as Google and Apple are prohibited from producing the most secure technology, then companies in other countries will meet that market need. Competitors such as ZTE in China and even BlackBerry in Canada could emerge/re-emerge as new global leaders.

Second, if the US pursues these policies, there will be nothing to stop other countries from demanding similar levels of unfettered access to encrypted data and communications. Other countries tried to push for this access in the past, but they didn't have the market power. For example, United Arab Emirates and Saudi Arabia threatened in 2010 to ban BlackBerry mobile phones in their countries because they were unable to monitor certain communications. If the US manages to tip this balance, countries like Russia and China are sure to follow.

It's understandable that law enforcement agencies, used to a world where they can open mail and monitor phone calls easily, are nervous about unbreakable encryption. However, these agencies must accept the premise that some communication networks, especially those used by the most elite criminals and terrorists, will inevitability "go dark." If the US government insists on backdoors in domestic products, those criminals and terrorists intent on avoiding surveillance will simply use devices made in countries that allow less vulnerable encryption. Rather than fight the tide of progress, law enforcement officials should work to find viable alternatives, such as analysis of other data sources and metadata, to solve and prevent crimes.

While the Crypto Wars of the '90s may be over, more battles lie ahead. As law enforcement agencies push for more access to emerging technologies, from autonomous vehicles to crypto currencies, policymakers need to decide if future technology sold in the US will be designed for government control or individual freedom. These decisions will ultimately affect not just the quality of products available in this country, but the competitiveness of the US tech industry in the global market.

Alan McQuinn contributed to this story.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Daniel Castro is a senior analyst with the Information Technology and Innovation Foundation and director of the Center for Data Innovation. Castro writes and speaks on a variety of issues related to information technology and Internet policy, including privacy, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/8/2014 | 2:35:00 AM
Remember Athens
Let's also bear in mind that "the bad guys" can hijack government-induced backdoors for their own nefarious purposes and turn the tables thusly -- as we saw with Vodafone Greece several years back.  spectrum.ieee.org/telecom/security/the-athens-affair
mak63
50%
50%
mak63,
User Rank: Ninja
12/5/2014 | 12:22:33 AM
clarity
"the FBI wants "to use the front door with clarity and transparency,"

Who really cares what the FBI wants. How about what consumers want, like stay away from our devices and our business and start respecting the constitution.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll