The dark side of encryption is also the light side

by: Kris CarlonFebruary 11, 2016
450

DataEncryptionLocked

Generally speaking, we typically think of encryption as a good thing. It protects our data even if our device is lost or stolen, keeps hackers out of our private information and arguably adds a bit of mobile peace of mind to our electronic lives. But a couple of recent events have uncovered the darker side of encryption, and the uphill battle it faces to become the norm.

nexus 5x first look aa (22 of 28)See also: Study finds 87% of Android devices are insecure due to lack of security updates73

The San Bernadino terrorist attack in California in late 2015 has recently been in the headlines again because the FBI is reportedly still unable to decrypt one of the attackers’ cell phones. FBI Director James Comey is once again using the failure to publicly deride encryption as a law-enforcement foil, claiming the encrypted data could reveal possible co-conspirators or explanations for the bag of home-made pipe bombs left behind by one of the attackers.

The FBI’s failure to decrypt terrorist communications, even after their capture or death, is becoming an increasingly high-profile political hot potato. As Comey stated, “encrypted cellphones and text messaging apps have made it harder for investigators and intelligence services to track suspected plots in real time, or trace locations and connections once they acquire a suspect’s device”.

lock screen lockscreen security

While this is undoubtedly true, online commenters are claiming these incidents are just being used as highly-charged political pawns to get encryption banned. While Edward Snowden’s revelations back in 2013 demonstrated just how adept the NSA was at cracking online encryption, end-to-end encryption in messaging apps like Telegram and full disk encryption on devices are proving to be more difficult. And it’s not only the FBI that isn’t happy.

PRIVACY AND SECURITY IN ANDROID:

When two state bills, one introduced by a Republican in New York and the other by a Democrat in California, showed identical wording recently, they very quickly got noticed. The bills aim to ban the sale of encrypted devices in both states, except for those that could be unlocked by the manufacturer, with hefty fines for OEMs that failed to comply. This is almost exactly what the FBI Director has been calling for.

california-bill-encryption

In response, a new bi-partisan bill has been introduced in the House of Representatives that aims to smother the state-level bills in their cribs. The Ensuring National Constitutional Rights of Your Private Telecommunications Act of 2016 (or ENCRYPT) aims to override the state level bills, with its bi-partisan creators saying they are deeply concerned about the implications of enforcing a ban on the sale of encrypted devices in certain U.S. states.

Whether the state level bills – or another apparently in the Senate pipelines that sound a lot like them – are secretly being orchestrated by the NSA, FBI or CIA to assist in unmasking terrorist activities or are simply designed to maintain unfettered access in the pursuit of complete surveillance, we’re unlikely to ever find out. But it seems that for every opponent of encryption there is an equally strong champion.

smartphone privacy security 2 Shutterstock

Tech companies that have been courted by the government have steadfastly refused to provide back doors to their encryption. Deciding whether the prospect of tracking a fraction of nefarious actors warrants the exposure of an entire population is set to be a critical debate this year. One that is only going to intensify as high-profile incidents continue to be used as political punching bags, casting one side as in the public’s best interest when it perhaps is not and the other as protecting terrorists while it simultaneously protects the innocent.

The encryption debate is shaping up to a David and Goliath confrontation, with the American public on one side and the American government on the other, with the tech industry wedged firmly in the middle. The right to privacy versus the duty to protect. End-to-end encryption versus court ordered back doors. Online security versus national security. The lines are clear but neither side is backing down.

Which side do you fall on? Who do you think will win in the end?

Up next: AT&T CEO wants Silicon Valley to leave encryption regulation to politicians

  • Virtual Anomaly

    I will win….MHAHAHAHAHA…..NO GOVERNMENT CAN WITHSTAND ME…NOR ANY PUBLIC

  • Terrorists use Telegram – totally encrypted – (but so do I, haha). It really makes no difference what the government decides because if the terrorist can get his or her hands on encryption, he or she will use it, laws or no laws. So… what is the government going to do? It’s not like they will know someone uses encryption and come looking for that person to jail them, because, well, they can’t find them because the terrorist is using….. encryption. This is a very dead discussion.

    • Paul M

      telegram *should* be a good example of a cryptographically secure messaging service.
      however, its implementation is woeful.

      • How so? It offers two options. Are you saying that both options are bad or just one?

        • Alpha Blocker

          Telegram uses some self-made cryptography—that’s generally considered a bad idea. For example, Threema (one of the best secure messengers out there, IMHO) uses NaCl by Daniel Bernstein.

          • Very good, only drawback is that you pay for it, but I understand that is not problematic. Thanks for the info.

          • Alpha Blocker

            Well, you know the saying: “If you’re not paying, you’re product.” And compared to what you pay for a secure messenger these days (Threema is two bucks, I believe), handing out your user data seems to be way more expensive.

    • John Doe

      A phone can be found if it is encrypted or not.. Encryption is only used for the data on the phone and the communications between users. If a government agency needs to find you and you have your phone turned on .. you can be tracked.

      • VPN – SIM + PRIVACY CASE. Really simple actually. Take out your SIM, add VPN for WIFI, use Telegram messaging and voice messages. Use Signal or Ostel to make calls. When you are not using your phone, stick it in privacy case. How would the government get through that?

        To make it even more fun, use a MIFI for your WIFI, and… no one still has any idea who you are. The problem is really the SIM card. You skip that problem, and its pretty easy to disappear.

        • Fred

          Few months ago, the french police recovered the messages of the terrorists on Telegram.
          Guess what? The authorities did not bother to criticize the encryption of the app. So it gives you a clue about the so called encryption.

          Also the police made a backup of thousand of phones and computers during theirs interventions. And they never asked the owners to give their password.
          Same thing for the MOSAD. Did you ever heard them complaining about an encryption?

          • Maybe because the phones they were using had no serious protection to get in? On an android if you don’t have 5.0 or above it’s pretty easy to get in. And 4 digit passwords on an iOS as well. So… I guess it would depend on how the phone was.

        • John Doe

          The issue is not just the SIM card, but the IMEI serial number embedded in each phone. Yes, the SIM card is used to contactidentify you to your carrier, but the IMEI number identifies the phone and user (if the phone is not stolen).
          There are ways to read IMEI numbers via WiFi..
          Anyways, these are neither here nor there.. and the US Gov and other Gov’s can access most of everything we do via backdoor access to carriers, etc.
          Now if E Snowden has killed that by his releasing of state secrets then the NSA might have the hands tied, but we as citizens will never truly know…. (when has any Government been truthful about anything??)
          The only true secure communication is to build your own walkie-talkies with proprietary encryption, tho distance would obviously be an issue, this way you say off the grid.

          • Don’t you get the IMEI from the SIM connection? In other words, if the SIM is out and I am using VPN, how do they get the IMEI?

  • GoatsLegsUK

    The intelligence agencies should be preventing attacks from occurring in the first place, not whinging about not being able to decrypt a phone after the event.

    They want to uncover connections s between (suspected) terrorists? Then examine the meta data of calls and messages. If anything is found, then issue a court order requiring the network operators to record every phone call and text message.

    • Paul M

      metadata IS data. often it’s more important than the content.

  • Read about this the other day on MSN, reminded me I need to encrypt my phone tonight when I get home.

  • Eh?

    Who’s the middle guy in David vs Goliath?

  • John Sullivan

    If encryption is banned, the criminals and terrorists will simply encrypt anyway with their own tools, disguise traffic, etc. They could even just take much of their communication off the grid entirely. Meanwhile, *every* law abiding citizen will be put at risk *when* (and it would be when) the back doors are hacked open. The opening of the back door, in itself, could result in an economically devastating cyber attack.

    Anyone proposing deliberately weakening or outright banning end to end encryption is, at best, being very shortsighted.

    • Jake

      Exactly, what’s to stop criminal organizations from developing their own encryption tools and technique to protect their data? Just because you ban encryption for general public use does mean it will stop people from creating their own encryption tools and techniques to circumvent those laws. As creating your own encryption tools and technique could be argued as protecting ones own personal privacy and freedom of personal expression.

  • Paul M

    When using encryption makes you an outlaw, only outlaws will have encryption.

    There was a time when encryption was classed as a munition. So doesn’t the 2nd amendment protect the right to bear arms and thus munitions and encryption?

  • John Doe

    Encryption Good, Government Bad ..

  • Jura

    Who was the “…Republican in New York.” that proposed the bill?

    Just curious.

  • Butters

    The light side of a butter knife: you can spread delicious, creamy butter onto a toast.
    The dark side of a butter knife: you can stab someone with it.

  • JimAlaska

    The genie is already out of the bottle and can’t be put back. All banning encryption will do is take it away from honest people. The bad guys will still have it.

  • Dtect

    To even ask such a question about encryption is ridiculous. Why are we worrying about the so called ‘dark side’ of encryption and not worrying about what the US government actually does in other countries? Do you think these terrorists pop out nowhere or without provocation? How is banning encryption going to stop anyone from encrypting their devices or their data? Nonsense. Let’s move on to something worth discussing.