Why Outlawing Encryption Is Wrong - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
10/22/2014
08:06 AM
Connect Directly
LinkedIn
Twitter
RSS
50%
50%

Why Outlawing Encryption Is Wrong

Putting data encryption solely into the hands of government employees won't prevent bad things from happening -- and it might encourage wrongdoing.

the ability of citizens and businesses to secure their data in such a way that meets the approval of credible global security experts. That means no back doors.

Slippery slope
As more and more of our life goes digital, those of us who are skilled at translating manual processes into automated ones understand what back-door, automated access to our digital lives would look like.

Your photos will be instantly accessible. Jennifer Lawrence recently had firsthand experience with the risks that all Americans will have: Hackers were able to access (and then distribute) her private photos, created for her boyfriend and placed on Apple's iCloud, because of poor security.

Your love notes, similarly so. Your "private" journal, where you write ugly thoughts that nobody else should ever read -- also accessible.

Where does it end? The answer is that it doesn't. And just as law enforcement doesn't have back-door, automated access to your personal life today, it shouldn't have back-door, automated access to your business life, either.

Criminals favored
Thankfully, open-source encryption software without back doors has existed for a long time. If we outlaw data encryption and replace it with something that has a back door, we basically declare that law-abiding citizens won't have privacy, but criminals and other malcontents will.

The FBI's Comey says unchecked encryption could lead us to a place in which murderers, child abusers, and other criminals roam free. So are we to believe that murderers and child abusers won't use freely available open-source encryption software to cover their tracks if it's against the law to use strong encryption? Please. The only thing that outlawing data encryption will do is take it out of the hands of law-abiding citizens.

I'm sympathetic to the notion that law enforcement officials need a range of tools to catch the bad guys. And they continue to add new tools: DNA analysis, better systems to search fingerprints and perform forensics, predictive intelligence software, geographic information systems, log correlation, metadata… the list goes on.

Adding access to all US-based encrypted data is tantamount to enabling physical searches without warrants. Proponents will say that law enforcement will use due process, but that's not a given. People notice when a police officer walks into their house and reads their journal. It's a lot harder to notice an officer using a back door for nefarious purposes.

There's no reason to assume that law enforcement officials will be less effective simply because they must stick to tools legally at their disposal. And following Comey's call to outlaw encryption will lead to a police state that most law enforcement officials won't be comfortable with, once they realize the true impact on society.

You've done all the right things to defend your organization against cybercrime. Is it time to go on the offensive? Active response must be carefully thought through and even more carefully conducted. This Dark Reading report examines the rising interest in active response and recommends ways to determine whether it's right for your organization. Get the new Identifying And Discouraging Determined Hackers report today (free registration required).

Jonathan Feldman is Chief Information Officer for the City of Asheville, North Carolina, where his business background and work as an InformationWeek columnist have helped him to innovate in government through better practices in business technology, process, and human ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
ashepard233
50%
50%
ashepard233,
User Rank: Apprentice
11/3/2014 | 4:59:36 PM
Founding Fathers believed in strong encryption.
  Founding fathers of America used strong, very strong encryption that was not broken untill 1942 with Alan Touring's computer at Blechly park.

Source: en.wikipedia.org/wiki/Jefferson_disk

    "First invented by Thomas Jefferson in 1795, this cipher did not become well known and was independently invented by Commandant Etienne Bazeries, the conqueror of the Great Cipher, a century later. The system was used by the United States Army from 1923 until 1942 as the M-94.  "

    Imagine using encryption that would not be broken for over 100 years or past our death.
 
    Even if it is encrypted, message traffic shows connections of criminals. Enough for law enforcement to figure out who might be a bad guy.

   People use hard encryption now. The FBI put out a call for people who speak ebonics because the FBI does not. "Damn, the shizzel dog." (in English - "It is true my friend")

   A new worry. What happens when a person tells the truth "I forgot the key" and they can not un-encrypt a message under court order?  How many times do we forget passwords of systems we are using let alone a message encrypted years ago.

  This is still a new area of law IMO.
PaulS681
50%
50%
PaulS681,
User Rank: Ninja
10/25/2014 | 5:28:21 PM
Crazyness
This is just crazy. The FBI is admitting they can't decrypt everything so the answer is outlaw any encryption it can't decrypt? The crazy part is how do they plan to enforce this? Or do they think the bad guys will help them out?

 
asksqn
50%
50%
asksqn,
User Rank: Ninja
10/25/2014 | 1:40:30 PM
Freeh Redux
Considering that Comey & co.'s fairy tale villans of the Infopocalypse have been debunked time and again with facts, it is comical that he continues to speak against encryption.   Further, it is clear that he does not grasp the concept of encryption since he attempts to pay lip service to the Fourth Amendment and then immediately contradicts himself.  We've seen this struggle over encryption in the 90s when Louie Freeh as director so all this happening now is just warmed over crap with the government desperately hoping to usurp civil liberties in the name of apprehending child molesting terrorists who kidnap. (and probably have ebola just to add to the FBIs FUD.)  Same lot of lies, different decade.
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
10/23/2014 | 10:59:23 AM
Re: Agreed
I agree that allowing for back doors in current encryption systems is a terrible idea.  From all the info we have found out about the NSA they don't need a back door, they already can and did access our data.  I understand the point that government employees are people too with their good and bad traits.  A bad employee can really do huge damage to a person or entity by access such information through a back door. 
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
10/23/2014 | 9:33:03 AM
Re: Agreed
Encryption is an on-going business, it has to be on-going otherwise security standards will not increase and businesses will not be able to protect their customers. It hurts the economy if data is compromised, Target and Home Depot are a few examples -- carrying cash is a waste of human time resources as each additional trip to the ATM is not adding anything to the GDP.

The number of players in the market that are developing encryption is too large, collecting and securing back-door keys from each firm is going to cost a government. Keys will need to be collected from firms that are operating outside the economic region. Keys will need to be shared with other economic regions as well, because their governments also want to catch their bad guys.

One solution could be that the government should setup a super computer facility for decryption (that will cost lot of capital). This way, law enforcement agencies could queue the facility much like scientists would queue for super computer resources to run their models. It would be transparent because lots of people would be involved, for instance, a judge making the decision that a certain user's information should be decrypted and next, an IT team viewing and decrypted data.

If anyone has a solution, please do share it with us.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Author
10/23/2014 | 2:06:55 AM
Boo-hooism
This whole thing is ridiculous.  Yes, it makes their job "more difficult" -- in the sense that closed/locked doors, coat pockets, and the Fourth Amendment make their job "more difficult."
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
10/23/2014 | 2:05:21 AM
Re: Agreed
Indeed, the point about good eggs and bad eggs is well taken.

I had a client whose ex-wife left him for a local cop.

Surprise, surprise, he was not treated well by local police after that.
mak63
50%
50%
mak63,
User Rank: Ninja
10/22/2014 | 6:41:48 PM
Let's get real
"FBI Director James Comey is making the news rounds to equate data encryption with letting child pornographers, kidnappers, and terrorists roam unchecked."

How many times we heard this argument in the past? It's getting old. Congress will never pass such a law. Doing so will hindered our rights under the constitution.

Let me be the first to laugh.

Yanda
50%
50%
Yanda,
User Rank: Apprentice
10/22/2014 | 6:41:20 PM
Re: Agreed
"Quis custodiet ipsos custodes?" Which my twelve year old daughter translated as, "who will clean up after these custodians?". Will the FBI director insist on everybody removing their bedroom curtains next? After all, only criminals want to conceal anything from him.
Thomas Claburn
100%
0%
Thomas Claburn,
User Rank: Author
10/22/2014 | 6:39:17 PM
Re: Agreed
Worst of all is the deja vu...we already had this argument and common sense prevailed.

From a Bruce Schneier blog post on the topic: 

We've seen this game before. During the crypto wars of the 1990s, FBI Director Louis Freeh and others would repeatedly use the example of mobster John Gotti to illustrate why the ability to tap telephones was so vital. But the Gotti evidence was collected using a room bug, not a telephone tap. And those same scary criminal tropes were trotted out then, too. Back then we called them the Four Horsemen of the Infocalypse: pedophiles, kidnappers, drug dealers, and terrorists. Nothing has changed.
Page 1 / 2   >   >>
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll