Debate over access to encryption isn’t going away – Washington Examiner

Expect the U.S. Department of Justice and officials from allied countries to push harder for large technology companies to give them access to customers' encrypted communications, and expect the tech companies to continue to resist.

The current push for tech companies to provide encryption backdoors started back in 2014, when then-FBI Director James Comey complained about law enforcement agencies "going dark" because of a lack of access to encrypted email, texts, and other communications. But current Attorney General William Barr and allies in the United Kingdom and other countries have stepped up the pressure on tech companies in recent months.

Encryption has "empowered criminals" as terrorists, human traffickers, and sexual predators shield their activities from police, Barr said in a speech in October. "As we work to secure our data and communications from hackers, we must recognize that our citizens face a far broader array of threats," he said. "While we should not hesitate to deploy encryption to protect ourselves from cybercriminals, this should not be done in a way that eviscerates society's ability to defend itself against other types of criminal threats."

The debate shifted into high gear in December. On Dec. 9, Facebook sent a letter to U.S., U.K., and Australian officials, rejecting their request that the company scrap its plans to offer end-to-end encryption across messaging services.

"We all want people to have the ability to communicate privately and safely, without harm or abuse from hackers, criminals, or repressive regimes," the letter said. "Every day, billions of people around the world use encrypted messages to stay in touch with their family and friends, run their small businesses, and advocate for important causes. In these messages, they share private information that they only want the person they message to see."

A day later, in a Senate Judiciary Committee hearing, Chairman Lindsey Graham threatened Facebook and Apple officials with legislation if they didn't give law enforcement encryption back doors.

"You're going to find a way to do this, or we're going to go do it for you," said Graham, a Republican from South Carolina. "We're not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."

Many cybersecurity experts, however, have warned against the push for encryption back doors.

If law enforcement agencies get access to encrypted communications, it's only a matter of time before criminals figure it out, said Michael Frederick, CEO of software development firm Flatirons Development. There is no "middle ground" compromise to the encryption debate, he added.

"Any back door that is open to law enforcement to allow them to access encrypted materials will inevitably be discovered and abused by those with malicious intentions," he said. "That could be hackers in the U.S., or it could be overseas governments taking advantage of the loophole, presenting a risk to our national security."

When the loophole is discovered and shut down, "we will start this conversation over again," he predicted.

It's "impossible" to allow law enforcement access without also risking hacker access to encrypted communications, added Daniel Goldberg, security researcher at Guardicore, a cloud and data center security vendor.

"Regardless of the method, whether its key escrow or weakened access or any other buzzword of the month, encryption only works if it's total," he said. "If we go down this path, not far is the day when criminal groups or nation-states will have easy access to all private communications of common citizens."

Nevertheless, the push for access isn't all "fear, uncertainty, and doubt," Goldberg added. "By choosing privacy for all citizens, we also allow privacy to criminals," he said. "Law enforcement today relies on a hodgepodge of methods that try to go around end-to-end encryption, allowing sophisticated criminals freedom of action."

Meanwhile, security experts were split in their predictions on whether Congress would act to require law enforcement access. Some saw too much disagreement in Congress to move forward, while others predicted eventual action to require some type of access.

"Unfortunately, I can see Congress, in light of a national emergency or threat, taking action to weaken individual access to encryption technology," said Llewellyn Gibbons, a cyberlaw professor at the University of Toledo College of Law. "I doubt that Congress will take action on this as part of a reasoned debate that considers the commercial as well as individual privacy concerns."

Congressional action would be a significant change in U.S. government policy related to the internet, Gibbons added. "Such a change would be a dramatic shift from the self-government model that the U.S. government has encouraged on the internet."

View post:
Debate over access to encryption isn't going away - Washington Examiner