{"id":10352,"date":"2017-11-02T03:24:31","date_gmt":"2017-11-02T03:24:31","guid":{"rendered":"http:\/\/www.lifeandnews.com\/articles\/?p=10352"},"modified":"2017-11-02T03:24:31","modified_gmt":"2017-11-02T03:24:31","slug":"real-security-requires-strong-encryption-even-if-investigators-get-blocked","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/real-security-requires-strong-encryption-even-if-investigators-get-blocked\/","title":{"rendered":"Real security requires strong encryption \u2013 even if investigators get blocked"},"content":{"rendered":"

Susan Landau<\/a>, Tufts University<\/a><\/em><\/span><\/p>\n

The FBI and the U.S. Department of Justice have been fighting against<\/a> easy, widespread public access to encryption technologies<\/a> for 25 years<\/a>. Since the bureau\u2019s dispute with Apple in 2016<\/a> over access to the encrypted iPhone<\/a> of one of the two people who shot 14 victims in San Bernardino, California<\/a>, this battle has become more pitched<\/a>. <\/p>\n

This dispute is not about whether regular people can or should use encryption: The U.S. government is in favor of using encryption<\/a> to secure data. Rather, it\u2019s about the FBI\u2019s demand<\/a> that encryption systems include \u201cexceptional access<\/a>,\u201d enabling police who get a warrant to circumvent the encryption<\/a> on a device or on an encrypted call. <\/p>\n

Nearly every element of American society is a potential target for sophisticated hackers. That makes the conflict complicated; giving law enforcement officers a way into secure systems makes breaking in easier for others as well<\/a>. In 2016, I testified before Congress<\/a> in support of Apple and against the FBI position; and as I explain in my forthcoming book, \u201cListening In: Cybersecurity in an Insecure Age<\/a>,\u201d the FBI\u2019s stance would make people, and society, less secure, not more so.<\/p>\n

A new battle in an old war<\/h2>\n
\n \"\"<\/a>
\n An export-restricted encryption algorithm was printed on a T-shirt as a form of protest in the 1990s.<\/span>
\n Adam Back<\/a><\/span>
\n <\/figcaption><\/figure>\n

Today, the American public is engaged in the second round of what have been called the \u201cencryption wars<\/a>.\u201d During the 1990s, the U.S. had restrictions on encryption software and algorithms, allowing their use within the country, but preventing them from being exported to other countries. As a result, U.S. software companies faced a choice between creating two versions of every program \u2013 a strong system for U.S. customers and a weak system for everyone else \u2013 or providing only the weak version. Most chose the latter. That limited the availability of encryption software in the U.S., so export control worked well for both the NSA\u2019s intelligence gatherers and the FBI\u2019s investigators.<\/p>\n

But in 2000, the two agencies\u2019 interests split. The Clinger-Cohen Act<\/a> required the U.S. Department of Defense to buy commercially available communications and computer equipment \u2013 and the agency wanted encryption built in. To boost the strength of cryptography in the marketplace, the NSA supported loosening the export controls.<\/p>\n

This was a time when NSA itself was facing a new reality. Encrypted communications had become the norm in government work \u2013 and not just for technologically sophisticated nations<\/a>. NSA adapted. Details are shrouded in secrecy, but we know that just like hackers, NSA takes advantage of unpatched vulnerabilities<\/a> to break in to targets. NSA also relies heavily on communications metadata<\/a>, the when, where, how long \u2013 and sometimes who \u2013 of a communication. And NSA apparently uses stealthy techniques, such as intercepting communication equipment<\/a> while being shipped, to install eavesdropping tools. The result? Despite widespread use of encryption by its targets, NSA is largely able to obtain the information it seeks.<\/p>\n

Adapting to an encrypted world<\/h2>\n

Today, the FBI is facing a similar situation to the NSA\u2019s two decades ago. Consumer products and apps like WhatsApp regularly use strong encryption<\/a> to protect communications and devices. And sometimes that prevents investigators from viewing potential evidence \u2013 as it did in San Bernardino, for a time<\/a>. The bureau can keep fighting the battle to weaken encryption, which it has been losing for decades, or it can follow the NSA\u2019s lead<\/a> and adapt.<\/p>\n

Police without a back door<\/a> into encryption systems have several options. Since at least the early 2000s, the FBI has been getting court orders letting agents hack into criminals\u2019 computer and communication systems<\/a> to install recording and surveillance software. But that\u2019s not the only possibility for investigators.<\/p>\n

Other kinds of nonencrypted data may provide valuable information that can serve as an alternative, and computer systems can be enormously helpful in finding and analyzing that data. In the wake of the 1993 World Trade Center bombing, investigators had to wade through paper copies of phone company records to discover who talked to whom when, and from there draw connections between members of the bombing conspiracy. Modern software \u2013 and digital phone, financial and other records available with a warrant \u2013 can make that analysis immeasurably faster<\/a>.<\/p>\n

\n