The federal government has the difficult task of balancing the protection of consumer privacy while also aiding law enforcement in the fight against criminal behavior, spying, and terrorism. Earlier this month, the Obama administration announced that they will not call for legislation requiring companies to provide law enforcement with a “back door” to encrypted communications. Major tech companies like Apple and Amazon protest such legislation, citing that adding a back door will likely make their consumers more vulnerable and that this type of surveillance is illegal. Law enforcement agencies – like the NSA, FBI, and DHS – argue that back door access is necessary because some encryption is so advanced that only the device owner has the key, making it impossible to open even when a search warrant is issued, so alternative methods of access are necessary. Even local law enforcement can be kept out of encrypted devices, which makes investigating instances of kidnapping, public safety, or even car accidents more difficult.
The issue is far from black or white, but a group of security experts and cryptographers came together at MIT and released a paper detailing why mandated back doors are dangerous. With modern technology as advanced and pervasive as it is, the potential for damage is greater than ever before . Our systems are too broad, too complex, and too keyed in to individuals and individual devices to be able to foresee all potential security flaws across the spectrum. The experts also argue that, besides the technological unknowns that could make consumer data vulnerable, the group also brings up the complicated issues of maintaining privacy rights and ensuring proper governance of any data obtained.
So what is law enforcement doing to obtain access to encrypted data in the meantime? Law enforcement Lawmakers seem to understand that it’s unlikely they’ll be granted a mandatory back door policy, so instead they’re trying to negotiate private, often informal, agreements with companies to undermine security. While some companies are shaking hands on these deals, others – like Apple – are taking a firmer stance against the invasion of their consumers’ privacy. Apple’s official public policy states, “[We] have never worked with any government agency from any country to create a ‘back door’ in any of our products or services. We have also never allowed any government access to our servers. And we never will.”
While many companies and individuals fight for secure and private communications, there is undoubtedly a need to bolster anti-terrorist efforts in the digital sphere, which makes it difficult for lawmakers to take a strong stance on either side. No administration has enacted a policy or even taken a stance in favor of a policy that opposes informal agreements should a company so choose. Our previous post outlining the Cybersecurity Information Sharing Act demonstrates just how convoluted lawmaking can be within the digital world.
Former Director of the Department of Homeland Security, Michael Chertoff, likens the right to secure encryption to that of having a private conversation with a friend. In this interview with the Huffington Post, he says, “We don’t record conversations in public spaces so that people can’t whisper to each other and then not tell the authorities … That’s not our culture.” He stresses that law enforcement can focus on tactics like intercepting emails being sent, rather than accessing stored emails, and that to act within the law they must obtain search warrants for encrypted data. He also mentions that in many recent breaches, even the minimum requirements for security were not being met by the individuals targeted. If what Chertoff says is to be believed, there is a happy medium to be reached between law enforcement tactics, taking proper personal security measures, and major tech companies continuing to advance encryption capabilities to combat new vulnerabilities. Because as the web gets wider and more complicated, so will maintaining privacy.