Generally speaking, we typically think of encryption as a good thing. It protects our data even if our device is lost or stolen, keeps hackers out of our private information and arguably adds a bit of mobile peace of mind to our electronic lives. But a couple of recent events have uncovered the darker side of encryption, and the uphill battle it faces to become the norm.
Study finds 87% of Android devices are insecure due to lack of security updates
The San Bernadino terrorist attack in California in late 2015 has recently been in the headlines again because the FBI is reportedly still unable to decrypt one of the attackers’ cell phones. FBI Director James Comey is once again using the failure to publicly deride encryption as a law-enforcement foil, claiming the encrypted data could reveal possible co-conspirators or explanations for the bag of home-made pipe bombs left behind by one of the attackers.
The FBI’s failure to decrypt terrorist communications, even after their capture or death, is becoming an increasingly high-profile political hot potato. As Comey stated, “encrypted cellphones and text messaging apps have made it harder for investigators and intelligence services to track suspected plots in real time, or trace locations and connections once they acquire a suspect’s device”.
While this is undoubtedly true, online commenters are claiming these incidents are just being used as highly-charged political pawns to get encryption banned. While Edward Snowden’s revelations back in 2013 demonstrated just how adept the NSA was at cracking online encryption, end-to-end encryption in messaging apps like Telegram and full disk encryption on devices are proving to be more difficult. And it’s not only the FBI that isn’t happy.
When two state bills, one introduced by a Republican in New York and the other by a Democrat in California, showed identical wording recently, they very quickly got noticed. The bills aim to ban the sale of encrypted devices in both states, except for those that could be unlocked by the manufacturer, with hefty fines for OEMs that failed to comply. This is almost exactly what the FBI Director has been calling for.
In response, a new bi-partisan bill has been introduced in the House of Representatives that aims to smother the state-level bills in their cribs. The Ensuring National Constitutional Rights of Your Private Telecommunications Act of 2016 (or ENCRYPT) aims to override the state level bills, with its bi-partisan creators saying they are deeply concerned about the implications of enforcing a ban on the sale of encrypted devices in certain U.S. states.
Whether the state level bills – or another apparently in the Senate pipelines that sound a lot like them – are secretly being orchestrated by the NSA, FBI or CIA to assist in unmasking terrorist activities or are simply designed to maintain unfettered access in the pursuit of complete surveillance, we’re unlikely to ever find out. But it seems that for every opponent of encryption there is an equally strong champion.
Tech companies that have been courted by the government have steadfastly refused to provide back doors to their encryption. Deciding whether the prospect of tracking a fraction of nefarious actors warrants the exposure of an entire population is set to be a critical debate this year. One that is only going to intensify as high-profile incidents continue to be used as political punching bags, casting one side as in the public’s best interest when it perhaps is not and the other as protecting terrorists while it simultaneously protects the innocent.
The encryption debate is shaping up to a David and Goliath confrontation, with the American public on one side and the American government on the other, with the tech industry wedged firmly in the middle. The right to privacy versus the duty to protect. End-to-end encryption versus court ordered back doors. Online security versus national security. The lines are clear but neither side is backing down.
Which side do you fall on? Who do you think will win in the end?