Proposed LAED Act marks another chapter in the ongoing encryption battle between tech giants and government
ANALYSIS 2020 has been quite the year so far, with many of us adapting to a new way of living and working due to Covid-19.
In the technology realm, however, 2020 has become Groundhog Day, experts say, because of the ongoing fight between technology companies, privacy and civil rights groups, law enforcement, and the US government over encryption.
The bone of contention is end-to-end encryption, a communication approach where the keys needed to decrypt conversations are held on individual devices rather than by service providers or device manufactures.
Law enforcement and governments worldwide want to be able to access messages sent from consumer devices during criminal investigations a prospect made difficult due to modern authentication checks and encryption-based security.
Vendors, including Apple, Microsoft, and Google, will only hand over user data when legally obligated to do so even in this case, requests may be rejected if deemed too broad.
However, they have not yet been forced to deliberately weaken their own product security to make it easier for law enforcement to retrieve communications.
Throughout 2015 and 2016, Apple received requests from the FBI to unlock iPhones belonging to suspects in criminal investigations. This included a request to unlock an iPhone 5 belonging to San Bernardino shooting perpetrator Syed Rizwan Farook.
The FBI demanded that Apple bypass the mobile devices passcode, but the company contested on the basis that to comply would mean creating a backdoor that posed an inherent security risk.
A legal battle ensued, but Apple was eventually taken out of the picture after a third party found an authentication bypass iOS vulnerability, allowing law enforcement to access the device.
Encryption remains a political issue. Yet while several laws have been proposed worldwide to force technology vendors to bow to decryption demands, no country is understood to have gained backdoor-level access to commercially-made communication apps or devices.
Now, despite previous failed efforts, US legislators are making a fresh attempt to bring encryption to heel.
On June 23, Senate Judiciary Committee Chairman Lindsey Graham, alongside Senators Tom Cotton and Marsha Blackburn, introduced the Lawful Access to Encrypted Data Act (LAED), a new bill (PDF) which the US officials claim will bolster national security interests and better protect communities across the country by ending the use of warrant-proof encrypted technology by terrorists and other bad actors.
Once served with a warrant, the bill requires vendors and service providers to assist law enforcement in accessing encrypted devices or data if there are reasonable grounds to believe that the assistance required by the order will aid in the execution of the warrant.
RELATED SwigCast, Episode 2: ENCRYPTION
Furthermore, the Attorney General currently William Barr would be given the power to issue directives to companies to report on their ability to comply, including through the development of software to break their own encryption.
The Attorney General would also be able to launch a competition to award participants who create a lawful access solution in an encrypted environment.
This latest legislative play follows a succession of earlier bills that attempt to control cryptography, including the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act.
EARN IT, like LAED, also faces opposition from technologists and privacy activists such as the Electronic Frontier Foundation.
LAED would apply to manufacturers who have sold more than one million devices
Proposing the installation of backdoors into cryptographic services means that deliberate security weaknesses would be introduced that can be used not just by the police, but also could be taken advantage of by cyber-attackers.
Critics view this concept as an affront to privacy, security, and civil liberties.
In a blog post, Riana Pfefferkorn, associate director of surveillance and cybersecurity at StanfordCIS, noted that this bill also goes beyond past legislative attempts, as LAED would require encryption offered by any online service relating to stored data or data in motion to be breakable by law enforcement.
This could include mobile devices, messaging apps, operating systems, and the full remote computing services spectrum encompassing cloud storage services, email platforms, social media, and more.
RECOMMENDED US computer crime laws out of step with changing attitudes to pen tests, ethical hacking
If passed, LAED would apply to device manufacturers that have sold at least one million devices in the US since 2016 and any service provider with at least one million subscribers or users.
In a statement, Barr praised the bill, saying: I am confident that our world-class technology companies can engineer secure products that protect user information and allow for lawful access.
Pfefferkorn, however, has branded the proposed legislation as a full-frontal nuclear assault on encryption in the United States.
The new proposal prompted a collective groan on social media networks, with one Twitter user branding the ongoing battle to break vendor encryption as legislative malware.
Once again we find ourselves in the movie Groundhog Day, watching members of the Senate or House put forth legislation attempting to force mandated backdoor in encryption, Tony Cole, chief technology officer at Attivo Networks, told The Daily Swig.
Its critical that our legislators understand that this path to help law enforcement will also create significant new inroads for nation-states and criminals to find and break those backdoors.
Warren Poschman, senior solutions architect at Comforte AG, a data security firm, says that such a proposal could also degrade Fourth Amendment rights, which prevents unreasonable searches and seizures by the US government.
In short, there is an inconvenient truth: to stop encryption being a challenge for law enforcement, you would need to introduce device or software backdoors that could actually give criminals the tools required to compromise citizen services and data.
In turn, this could erode trust in device manufacturers and companies offering online services.
Seemingly at odds with emerging privacy regulations that require or incentivize full anonymization of data, the risk is that overall security, both IT and personal, is eroded with the best intents not to mention the potential for the government itself to be hacked, Poschman added.
READ MORE Low-hanging fruit: Why the US marijuana industry is a privacy disaster waiting to happen
READ MORE How an upcoming Supreme Court ruling could have serious ramifications for ethical hackers
- Could Snowflake Rival Amazon in Cloud Storage and Services? Here's What You Need to Know About the New So - Tech Times - September 15th, 2020
- How Cloud Computing Can Deal With Lightning Strikes and Hackers - Carnegie Endowment for International Peace - September 15th, 2020
- How to approach IT logging in the cloud vs. on premises - TechTarget - September 15th, 2020
- This lifetime web hosting subscription comes with up to 1TB of storage - Mashable - September 15th, 2020
- Keep It in the Cloud! Best Cloud Storage Systems of 2020 - iDrop News - September 6th, 2020
- Impact of COVID-19 on Cloud Storage Software Market 2025 Expected to reach Highest CAGR including major key players Amazon Web Services, Microsoft,... - September 6th, 2020
- Facebook adds cloud storage providers Dropbox and Koofr to its photo and video portability tool - Digital Information World - September 6th, 2020
- Cloud storages you need to know - The Star, Kenya - September 6th, 2020
- How COVID-19 is Impacting the Consumer Cloud Storage Services Market by Industry Analysis, by Type, Application and Top Players:Apple, Google, Box,... - September 6th, 2020
- Cloud Storage Gateway Market to Witness Stunning Growth by 2027; Key Players are Riverbed Technology, SoftNAS, Inc., Oracle, Microsoft, Nasuni... - September 6th, 2020
- COVID-19 Is Driving a Cloud Computing Surge That Will Only Continue | Opinion - Newsweek - September 6th, 2020
- Asia Pacific Personal Cloud Market Industry Analysis and Market Forecast (2019-2026) _ Hosted Types, Revenues, User Type, and Geography. - Galus... - September 6th, 2020
- Amazon's Blink Unveils New Wireless Security Cameras with HD Video, Flexible Storage Options, and New Battery Expansion Pack Cameras Start at $79.99... - September 2nd, 2020
- Cloud Storage Software Market Will Raise Beyond Imagination over Period 2025 | Microsoft, Oracle, Rackspace Hosting, Red Hat, IBM - Scientect - September 2nd, 2020
- Stand Alone Cloud Storage Market Current Industry Size and Future Prospective with Key Players, Drivers and Trends - The Daily Chronicle - September 2nd, 2020
- Media And Entertainment Storage TAM To Exceed $16B By 2025 - Forbes - September 2nd, 2020
- The Launching Ceremony for XnMatrix Wrapped Up, the Next Generation of Cloud Computing Eco-System Sets Sail - PRNewswire - September 2nd, 2020
- Why not open our own Container Registry, muses GitHub as it gives orgs a hand at resource-sharing DEVCLASS - DevClass - September 2nd, 2020
- Sharing responsibility: Why we need to work together to keep the cloud secure - ComputerWeekly.com - September 2nd, 2020
- Data breach exposes tens of thousands of NSW drivers licences online - ABC News - September 2nd, 2020
- 10 Key Takeaways From NetApp CEO George Kurian: Cloud, Coronavirus And Growth - CRN: Technology news for channel partners and solution providers - September 2nd, 2020
- Responding to Cloud Misconfigurations with Security Automation and Common-Sense Tips - Security Boulevard - September 2nd, 2020
- How to Prepare for the Next Time the Cloud Goes Down - Gizmodo - September 2nd, 2020
- Demand for Consumer Cloud Storage Services Market from Major End-use Sectors to Increase in the Near Future - The Scarlet - August 29th, 2020
- Prevent the storage and data security risks of remote work - TechTarget - August 29th, 2020
- Samsung kills Gallery Sync and Drive support in favor of OneDrive - Android Central - August 29th, 2020
- 4 great Android apps to edit the perfect photo - Phandroid - News for Android - August 29th, 2020
- Google Cloud and STS to Automate US Navy Maintenance Inspections Using AI and ML Technology - PRNewswire - August 29th, 2020
- New innovative report on Cloud Storage Gateway Market Future Growth Analysis, Business Demand and Opportunities to 2027 - The Scarlet - August 29th, 2020
- Global Cloud Based Storage Market 2020 Industry Outlook, Comprehensive Insights, Growth and Forecast 2026 - Good Night, Good Hockey - August 29th, 2020
- In quest to go paperless (and save money), Mizuho to start charging for bank books - Japan Today - August 29th, 2020
- NetApp posts strong Q1, plots big re-organisation Blocks and Files - Blocks and Files - August 29th, 2020
- The Handiest Video Doorbells to Remotely Test Who's At your Doorstep - Herald Planet - August 29th, 2020
- Explore the best free cloud backup services on the market - TechTarget - August 26th, 2020
- Integrated Media Technologies Joins the Active Archive Alliance - Sports Video Group - August 26th, 2020
- Storj Labs and FileZilla Collaborate to Offer Secure File Storage in the Remote Work Era - Database Trends and Applications - August 26th, 2020
- Cloud Compliance Frameworks: What You Need to Know - Security Boulevard - August 26th, 2020
- Reevert Unveils Advanced Tools to Enhance Network Security and Efficiency for Remote Workforces - PRNewswire - August 26th, 2020
- Enhancing Network Visibility for SD-WAN in the Era of Cloud and SaaS - The Fast Mode - August 26th, 2020
- Where to Back Up Your Smartphone Photos Online (and Why You Should) - Lifehacker - August 24th, 2020
- NordLocker encryption heads to the cloud - IT PRO - August 24th, 2020
- What Is the OneDrive File Size Limit? Microsoft's 2020 Updates - Cloudwards - August 24th, 2020
- A Security Flaw In 'Manage Versions' Feature Of Google Drive Could Allow Malware Attackers Trick Victims Into Installing Rogue Code - Digital... - August 24th, 2020
- Medical Image Cloud Market Expected to Witness High Growth over the Forecast Period 2020 2025 - The Daily Chronicle - August 24th, 2020
- What Is OneDrive? A 2020 Guide to Microsoft's Cloud Storage - Cloudwards - August 20th, 2020
- Stand Alone Cloud Storage Market Growth, Industry Verticals and Forecast to 2026 - Scientect - August 20th, 2020
- Outlook on the Healthcare Data Storage Global Market to 2026 - Opportunity Analysis for New Entrants - ResearchAndMarkets.com - Business Wire - August 20th, 2020
- Personal Cloud Storage Market by Top Manufacturers with Production, Price, Revenue (value) and Market Share to 2026 - The Daily Chronicle - August 16th, 2020
- Pure Storage and Cohesity in Partnership to Deliver Rapid Recovery at Scale - insideHPC - August 16th, 2020
- Cloud Storage Systems Market Analysis, Size, Regional Outlook, Competitive Strategies and Forecasts to 2025 - eRealty Express - August 16th, 2020
- Cloud Storage Market Size by Top Companies, Regions, Types and Application, End Users and Forecast to 2027 - Bulletin Line - August 16th, 2020
- How to install the Seafile cloud storage solution on Ubuntu Server 20.04 - TechRepublic - July 31st, 2020
- Five on-premise and cloud options for network-attached storage - ComputerWeekly.com - July 31st, 2020
- Want to back up the worlds largest SSD? Use this 100TB cloud storage - TechRadar - July 31st, 2020
- 4 reasons why Tresorit is the best cloud storage service - Tech Advisor - July 31st, 2020
- Cloud Technologies Your Business Needs in 2020 - The Seeker - July 31st, 2020
- FBI Alerts to Rise in Targeted Netwalker Ransomware Attacks - HealthITSecurity.com - July 31st, 2020
- The entire Netflix movie archive will fit on this 90PB storage system - TechRadar - July 31st, 2020
- Student discounts: the best offers in 2020 - Creative Bloq - July 31st, 2020
- Cloud Storage Market to Grow at a CAGR of 21.9% from 2020 to 2027 to Reach $222 Billion by 2027 - PRNewswire - July 23rd, 2020
- Google Cloud Claims Another Win With Box Partnership - Forbes - July 23rd, 2020
- Stand Alone Cloud Storage Market Size, Share, Growth Rate, Revenue, Applications, Industry Demand & Forecast to 2025 - 3rd Watch News - July 23rd, 2020
- Global Enterprise Cloud Storage Market 2020 by Company, Regions, Type and Application, Forecast to 2025 - Cole of Duty - July 23rd, 2020
- Stand Alone Cloud Storage Market: The Development Strategies Adopted By Major Key Players And To Understand The Competitive Scenario - 3rd Watch News - July 23rd, 2020
- BitDam Advanced Threat Protection now available on Microsoft Azure Marketplace - Help Net Security - July 23rd, 2020
- Nexsan Unity taps into cloud and Assureon archive - TechTarget - July 23rd, 2020
- IPVanish July sale: three months of VPN cover for the price of one with this deal - Tom's Guide UK - July 23rd, 2020
- Commvault integrates Hedvig with HyperScale X appliance Blocks and Files - Blocks and Files - July 23rd, 2020
- Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc - Security Boulevard - July 23rd, 2020
- Life After COVID 19: E-Discovery Considerations for Attorneys and Clients - JD Supra - July 23rd, 2020
- 4 Ways to Advance Your Tech Without Sacrificing Security - Security Boulevard - July 7th, 2020
- Cloud Storage Market Is expected to Witness Significant Growth between 2020 to 2028| Top Key Players- AWS, IBM, Microsoft, Google, Oracle, HPE - Owned - July 7th, 2020
- Software-defined storage: It's a Thing Blocks and Files - Blocks and Files - July 7th, 2020
- Microsoft takes legal action against COVID-19-related cybercrime - Microsoft on the Issues - Microsoft - July 7th, 2020
- How Vodafone is helping MSMEs gear up for their business revival - YourStory - July 7th, 2020
- IP Video Surveillance And VSaaS Market Growth Analysis By Manufacturers, Regions, Types and Application Forecast - Apsters News - July 7th, 2020
- Alternatives to banned apps Shareit and Xender for file transfer - Digit - July 4th, 2020
- I Don't Care How Great These OneDrive Improvements Are, I'm Not Using It - Gizmodo UK - July 4th, 2020
- Cloud Based Storage Market with Report In Depth Industry Analysis on Trends, Growth, Opportunities and Forecast till 2024 - AlgosOnline - July 4th, 2020
- Global Cloud Storage Software Market 2020, Analysis by Growing Demand, Types, Application, Top Trends, User-Demand and Opportunities Assessment till... - July 4th, 2020