Why Outlawing Encryption Is Wrong - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
10/22/2014
08:06 AM
Connect Directly
LinkedIn
Twitter
RSS
50%
50%

Why Outlawing Encryption Is Wrong

Putting data encryption solely into the hands of government employees won't prevent bad things from happening -- and it might encourage wrongdoing.

In a chilling move toward an all-knowing police state, FBI Director James Comey is making the news rounds to equate data encryption with letting child pornographers, kidnappers, and terrorists roam unchecked. The assertion: Law enforcement will have no tools to catch bad guys if encryption works as designed. So all of a sudden other advances in law enforcement technology are trumped? Let's get real.

I'm not a law enforcement officer, but I've been serving military and law enforcement technology needs for 20-plus years. I have an "outsider on the inside" point of view. And let me preface my arguments by saying that I'm a huge fan of law enforcement officials having the lawful tools they need to do their jobs. I'm grateful every day when they protect our community and country.

[Another retailer gets hit. Read Several Staples Stores Suffer Data Breach.]

But balance is needed in what is a serious matter of public concern. Law enforcement officials always want maximum, broad powers. And who can blame them? New IT system administrators always want maximum, broad powers. But our country works best when there's a balance of power, among the law enforcement and judicial system; legislators; and local, state, and federal executive leaders.

Outlawing data encryption that the government can't decrypt is wrong for many reasons. Here are a few.

The human element
I'm preaching to the choir when I say this to InformationWeek readers, but if law enforcement has key escrow, or a "master key" to all data encryption, that assumes there's a sound mechanism for ensuring that those keys don't fall into the hands of the bad guys, and that the good guys never use them for the wrong reasons. Those assumptions are laughable.

Bruce Schneier is an authority on why security back doors are a terrible idea: The bad guys inevitably find them and use them. Believe him.

Also know that law enforcement officers are a population like all populations, with good and bad eggs. If you think that no officer, anywhere, will use a back door to find out things that he or she shouldn't find out, think again.

Officers and other employees charged with keeping us safe can misbehave like any other company employee. I assure you that small indiscretions happen every day that the general public never knows about. Only when things blow up do we see the headlines, like the ones made by former FBI agent and turncoat Robert Hanssen, who was at one time an internal affairs investigator and who became known as a "computer expert" in the bureau.

Putting data encryption solely into the hands of government employees won't prevent bad things from happening.

Competitive disadvantage
Arbitrary spying creates a competitive disadvantage for our country. The NSA's spying on US citizens and businesses without due process created an atmosphere in which some foreign businesses are now reluctant to locate in this country. Indeed, analysts predict that US tech companies could lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.

For the US to restore confidence, legislation must protect -- not remove --

Jonathan Feldman is Chief Information Officer for the City of Asheville, North Carolina, where his business background and work as an InformationWeek columnist have helped him to innovate in government through better practices in business technology, process, and human ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
Laurianne
100%
0%
Laurianne,
User Rank: Author
10/22/2014 | 10:18:13 AM
Agreed
I agree with JF's point-of-view: Too much power, too few safeguards. We need to think hard about what tools, electronic and physical, should be with law enforcement in the first place.
Pablo Valerio
100%
0%
Pablo Valerio,
User Rank: Ninja
10/22/2014 | 11:07:21 AM
Re: Agreed
I cannot agree more! I have been following this issue for many years and, as European, I believe that privacy needs to be protected over the need of accessing information.

Recently the EFF responded to James B. Comey saying that "the FBI is trying to convince the world that some fantasy version of security is possible—where "good guys" can have a back door or extra key to your home but bad guys could never use it"
glipham007
100%
0%
glipham007,
User Rank: Apprentice
10/22/2014 | 3:01:34 PM
Agreed
Who watches the Watchmen?
Thomas Claburn
100%
0%
Thomas Claburn,
User Rank: Author
10/22/2014 | 6:39:17 PM
Re: Agreed
Worst of all is the deja vu...we already had this argument and common sense prevailed.

From a Bruce Schneier blog post on the topic: 

We've seen this game before. During the crypto wars of the 1990s, FBI Director Louis Freeh and others would repeatedly use the example of mobster John Gotti to illustrate why the ability to tap telephones was so vital. But the Gotti evidence was collected using a room bug, not a telephone tap. And those same scary criminal tropes were trotted out then, too. Back then we called them the Four Horsemen of the Infocalypse: pedophiles, kidnappers, drug dealers, and terrorists. Nothing has changed.
Yanda
50%
50%
Yanda,
User Rank: Apprentice
10/22/2014 | 6:41:20 PM
Re: Agreed
"Quis custodiet ipsos custodes?" Which my twelve year old daughter translated as, "who will clean up after these custodians?". Will the FBI director insist on everybody removing their bedroom curtains next? After all, only criminals want to conceal anything from him.
mak63
50%
50%
mak63,
User Rank: Ninja
10/22/2014 | 6:41:48 PM
Let's get real
"FBI Director James Comey is making the news rounds to equate data encryption with letting child pornographers, kidnappers, and terrorists roam unchecked."

How many times we heard this argument in the past? It's getting old. Congress will never pass such a law. Doing so will hindered our rights under the constitution.

Let me be the first to laugh.

Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
10/23/2014 | 2:05:21 AM
Re: Agreed
Indeed, the point about good eggs and bad eggs is well taken.

I had a client whose ex-wife left him for a local cop.

Surprise, surprise, he was not treated well by local police after that.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Author
10/23/2014 | 2:06:55 AM
Boo-hooism
This whole thing is ridiculous.  Yes, it makes their job "more difficult" -- in the sense that closed/locked doors, coat pockets, and the Fourth Amendment make their job "more difficult."
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
10/23/2014 | 9:33:03 AM
Re: Agreed
Encryption is an on-going business, it has to be on-going otherwise security standards will not increase and businesses will not be able to protect their customers. It hurts the economy if data is compromised, Target and Home Depot are a few examples -- carrying cash is a waste of human time resources as each additional trip to the ATM is not adding anything to the GDP.

The number of players in the market that are developing encryption is too large, collecting and securing back-door keys from each firm is going to cost a government. Keys will need to be collected from firms that are operating outside the economic region. Keys will need to be shared with other economic regions as well, because their governments also want to catch their bad guys.

One solution could be that the government should setup a super computer facility for decryption (that will cost lot of capital). This way, law enforcement agencies could queue the facility much like scientists would queue for super computer resources to run their models. It would be transparent because lots of people would be involved, for instance, a judge making the decision that a certain user's information should be decrypted and next, an IT team viewing and decrypted data.

If anyone has a solution, please do share it with us.
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
10/23/2014 | 10:59:23 AM
Re: Agreed
I agree that allowing for back doors in current encryption systems is a terrible idea.  From all the info we have found out about the NSA they don't need a back door, they already can and did access our data.  I understand the point that government employees are people too with their good and bad traits.  A bad employee can really do huge damage to a person or entity by access such information through a back door. 
Page 1 / 2   >   >>
News
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Commentary
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll