Federal law enforcement agencies are reportedly stepping up efforts to force tech companies to facilitate easier access to encrypted data, an effort that should be resisted.
According to The New York Times, FBI and Justice Department officials have convened talks with security researchers about ways of getting access to protected data.
As part of this process, Justice Department officials have become convinced that it’s possible to develop mechanisms within smartphones and other devices that give law enforcement access to encrypted information without compromising the security of the device.
“That’s a bold claim, given that for years the consensus in the technical community has been exactly the opposite,” notes the Electronic Frontier Foundation. After all, the idea of engineering the perfect vulnerability into a system that can’t then be exploited by cybercriminals, terrorists or tyrannical governments is a far-fetched one.
Yet, based on these discussions and assumptions, law enforcement officials are floating the idea of pushing for Congress to enact legislation to make this happen. Any effort to compromise the privacy and security of Americans for the mere convenience of some in law enforcement should be rejected by any American who values liberty, privacy and security.
This is just the latest push by law enforcement for a legal mandate to force tech companies to build vulnerabilities into their security systems.
Last year, Deputy Attorney General Rod Rosenstein touted the idea of “responsible encryption,” lamenting that “mass-market products and services incorporating warrant-proof encryption are now the norm.”
The highest profile clash on this issue previously was the push by the FBI in the aftermath of the San Bernardino terrorist shooting to pressure Apple into creating a backdoor to one of the attacker’s phones. Ultimately, though Apple refused to create such a vulnerability, the FBI was able to access the phone with the help of an external vendor.
Many at the time suspected the FBI and other law enforcement groups were exploiting that particular incident to gain support for a legal mandate to force companies to create a backdoor to encrypted systems.
A new report from the Department of Justice’s Office of the Inspector General provides some troubling details of this within the FBI, finding that the FBI did not exhaust its options for accessing the iPhone before publicly confronting Apple.
Notably, then-FBI assistant director Amy Hess became concerned that the head of the FBI’s Cryptologic and Electronics Analysis Unit “did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple.”
The CEAU chief also “expressed disappointment” upon learning that the head of the FBI’s Remote Operations Unit had sought the help of an outside vendor to access the iPhone, reportedly asking the chief, “Why did you do that for?” Just because some in law enforcement would like to see the security of every encrypted product compromised, we can’t let that happen. Americans must reject efforts to use fearmongering to undermine encryption.
— The Orange County Register, April 3