There's the war on terrorism, and then there's the war on how to fight the war on terrorism.
With recent attacks in Paris, Beirut and Mali, some in governments and law-enforcement agencies are renewing their calls to expand electronic surveillance to thwart potential attacks. Communications that cant be tapped or unscrambled pose aseriousnational-security risk, authorities argue, because they can be used by terrorists tohidetheir activitiesand planning. Technology companies and cybersecurity experts generally takeadifferent view: If encrypted communications can be accessed by the government or a company -- or anyone other than the sender and intended recipient -- they inherently are vulnerable to bad actors and prying eyes.
Why is this such a complex and often heated debatewith noapparentresolution in sight? For starters, encryption is really complicated. Here's what you need to know to understand the issues:
Encryption, sometimes called crypto by techies, is a fancy word for a type of code. Encryption schemes transform words into seeming gibberish. Heresa mereportionofencrypted textthat,if printed in full,would translate to"happyholidays:"
hQIMA2dX93ZaYL95AQ//ZSZ/n0VSK7ZZ9kkRk3X8nn+m2YLzHj5L4zrsrCesPOKw ZQG5FXuHz9/02Be3tyXelAiFpGdCh+Tdnx0r1wLOChitSPaydW0hcReG6cp9Nplk QZL5sYRr0NYWjx2EkwFO0j6lNcGMNo3qAoxMNe3rfENPjxpv1UCRl6nHfEmSk1BO swjBOUXrsWxbbphdJqSZtdWoPLlOnFftRjgqLe9hC9rmWF/Q7/RIkZ5TEYmSfJkI aGB3Vrf/XEwXOHuss+HgE9z/XalJtaNLCZeCgNgO/Lk26nVyS0R5XfNz9VtFszhT pjk2rpxMecOlCs4a62oSYykI63E04G0OZkZaPrUlir4GoSV4OVivFgbFDNtIq5Lk hX1TF3y/PsuVb8bF7XhvqCt/q9HF0n0LY9v+tJfMOT885c6uNX9Rm6ZUUFR++jgv X4EfNYSmX6HjmYTflqQyivWeTpGl13tQP7b+UppJr0v9vH7Wd0PmRdvLDhKHqCiq
Only a user or machine with the so-called encryption key can unscramblethe message to get its meaning. So the same phrase -- "Happy Holidays" -- would be encrypted differentlydepending on the software used and the people involved.
Once the province of spies, encryption is widely used on the Internet. The little padlock next to a Web address indicates the connection is encrypted. Wi-Fi routers, Gmail, Yahoo mail, Snapchats, tweets and 4G cellular phones all use some form of encryption,to protect personal information, such as passwords, location coordinates, bank-account and credit-card numbers and sometimes -- depending on the type of encryption used -- the text of messages and other content.
In addition to those receiving the data who need to decipher it, the companies that employ this technology typically hold keys, sothey canget to the information if they need to. Among other things, this letscustomers reset passwords, etc.It also allows companies to decrypt messages for the authorities when faced with lawful requests for customer records or the contents of communications.
In the past few years, several tech companies have adopted encryption schemes for which they say they dont hold the keys. Most notably, Apple Inc. and Alphabet Inc.s Google in 2014 released smartphone operating systems that, by default, they said precluded them from unlocking phones for law enforcement, even with a warrant.That's because the companies said they would no longer maintain a key to unlock their devices' encryption. Those keys would only be on the devices themselves and could only be unlockedwith users' passwords.Before the switch, companies could comply with court orders to unlock phones, and usually did.
Here is FBI Director James Comey -- who has called these actions an assault on law enforcement --testifying before Congress on the issue:
But tech and telecommunications companieswerecriticized after documents leaked byEdwardSnowden showedsomefirms cooperating with governmentsto allow access to some of their users' communications. Companies also said the government was overstepping its monitoring activities without their knowledge, compromising user confidence in the privacy of their information. A lot of trust between the two sides was broken. Companies say that thenew encryption protocolswill make their products safer, because thieves and spies would have a harder time seeingand stealingtheir contents or communications.
Here's Apple CEO Tim Cook, making this point at the Wall Street Journal's WSJDLive tech conference in October:
The debate has widened as U.S. and European officialsalsostarted criticizing makers of apps designed to encrypt messages, such as Wickr, Signal and Telegram.Makers of theseapps have not changedtheir systemssince the Paris attacks.ButTelegram, which features both private chat and a Twitter-like public bulletin feature, saidrecently thatit had deactivated some public channels linked to the Islamic State. The shift, if small, was notable given Telegram founder Pavel Durov's previous statements that his company "shouldn't feel guilty" for reports that the app has been used by terrorists.
There is no evidence it played a role in the shootings and bombings in Paris. To the contrary, French media have reported some of the attackers coordinated using ordinary SMS text messages, which usually are easy for law enforcement to tap. However, Islamic State members have documented that they use some messaging apps that rely on strong encryption. Some U.S. officials have said this is a problem if the goal is to prevent another Islamic State attack. Here's a tutorial used by the Islamic State to rate the relative strength of various communication apps:
Several reasons. One, technology companies in general chafe at the idea of the government telling them how to make products. When the Clinton administration in the 1990s proposed a system where the government would maintain the ability to decipher commercial communications through a so-called "Clipper chip," the proposal was beat back due to civil liberties concerns. One alternative would have technology companies maintain all or part of the so-called master key, which they would only use if faced with a court order. Technology companies don't like this solution because they fear it makes the key a target for hackers. In short, if someone steals the digital key,everything is potentially lost.It's also unclear how such a system would work in practice.
Privately,some government officials say technology companies are overstating the risks of creating such a system. But technology companies counter the risks are real. The catch is that a lot of the risks are assumed and hypothetical. Building extra keys and loopholes into secure systems could, for example, introduce weaknesses from bugs, but it's hard to know what those bugs are ahead of time. "The complexity of todays Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws," wrote 15 cryptographers in a paper published by the Massachusetts Institute of Technology this summer. There is some precedent though for this concern. Washington once required American firms sell foreign customers only weaker, more easily cracked encryption to help U.S. spies keep tabs on overseas targets. Even though that requirement was dropped in the 1990s, the weakened encryption can still be found on computers and can now be exploited by other hackers. Lobbyists for tech firms such as Apple argue these problems would only be worse now. Because companies do more business overseas, they would likely have to replicate any deal they make with the United States. For instance, Apple sells a lot of iPhones in China. What if overseas governments demand the same types of keys?
In that case, all bets could be off. For instance, if an iPhone user uses iCloud backups for the content on their phone, Apple is able to hand over the latest backup if faced with a court order, the company says.Some cloud providers automatically erase such data after a period of time, but policies and procedures vary.
In January, Mr. Obama said, If we find evidence of a terrorist plot and despite having a phone number, despite having a social media address or email address, we cant penetrate that, thats a problem. The president and Mr. Comey have said they believe Silicon Valley should be able to come up with a solution. Congress also is examining the issue. On the other hand, former NSA Director Mike McConnell and other retired national security officials have publicly said that finding a way to maintain access to encrypted communications could be bad for security. The Obama administration has indicated that, for now, it doesnt want to issue orders to tech firms or push Congress for new laws.
Here's Adm. Michael Rogers, head of the National Security Agency, at the WSJDLive conference urging government and the tech industry to bridge the gaps:
In 1999, a federal appeals court more or less ended the first "Crypto wars" when it ruled computer code, including encryption schemes, is protected speech under the First Amendment. Apple is fighting the Justice Department in a New York federal court over whether it should be forced to figure out a way to unlock an encrypted iPhone.
White House and congressional staffers have reached out to some Silicon Valley executives, asking them to come to Washington, D.C., for another round of encryption talks. Some lawmakers are seeking a so-called "Blue Ribbon" committee that would include experts from both sides of the debate. Sen. John McCain (R., Ariz.) has pledged to conduct hearings on the matter and pursue legislation. The British parliament meantime is exploring a new spy powers measure that could give authorities more power to force companies to be able to unscramble customer data.
- Encryption Software Market 2019 Size, CAGR Status, Key Players, Growth Analysis and Forecast to 2026 - The Market Publicist - December 2nd, 2019
- Global Encryption Software Market Industry Analysis and Forecast (2018-2026) - Daily Research Stack - December 2nd, 2019
- Fortinet took 18 months to strip software of flawed crypto cipher and keys - The Daily Swig - December 1st, 2019
- Mobile Encryption Market Competitive Research And Precise Outlook 2019 To 2025 - The Market Publicist - December 1st, 2019
- NordPass: Get rid of password stress. Forever. - EE Journal - December 1st, 2019
- Apple patents anti-snooping technology that would stop police from tracking locations and messages - Stock Daily Dish - December 1st, 2019
- Encryption Software Market Research Report by Geographical Analysis and Forecast 2017-2027 - Kentucky Reports - November 28th, 2019
- Encryption Key Management Software Market : Industry Research, Growth Trends And Opportunities For The Forecast Period 2019-2029 - News Description - November 28th, 2019
- iStorage cloudAshur is named: Security Innovation of the Year at the UK IT Industry Awards 2019 - ResponseSource - November 28th, 2019
- Database Encryption Market Analysis Report by Product Type, Industry Application and Future Technology 2025 (International Business Machines... - November 28th, 2019
- The IT Guide to Enforcing Full Disk Encryption Windows Edition - Security Boulevard - November 28th, 2019
- Why The FBI's Former Top Lawyer Now Embraces Encryption - Law360 - November 28th, 2019
- Big Boom in Cloud Encryption Market over 2019-2026 with CipherCloud Inc., Hytrust Inc., Gemalto NV, IBM Corporation and more - Market Expert - November 28th, 2019
- Encrypted Flash Drives Market Size, Growth, Global Industry Analysis, Share, Segments and Forecast 2019-2024 - Space Market Research - November 28th, 2019
- Encryption Software Market 2019 Global Industry Status, Segment by Region, Type and Future Forecast To 2026 - Financial News - November 28th, 2019
- FBI worried about criminals having unfettered access to encryption technology - KTVI Fox 2 St. Louis - November 23rd, 2019
- What Is End-to-End Encryption? Another Bulls-Eye on Big Tech - The New York Times - November 23rd, 2019
- Think of the children: FBI sought Interpol statement against end-to-end crypto - Ars Technica - November 23rd, 2019
- Security Expert Comments On NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - ISBuzz News - November 23rd, 2019
- Global Hardware-based Full Disk Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report... - November 23rd, 2019
- Moniker makes a statement with The Encryption EP - The Untz - November 23rd, 2019
- Global Mobile Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report 2019-2024 - BeetleVersion - November 23rd, 2019
- NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - BleepingComputer - November 23rd, 2019
- Encryption Key Management Software Market Research Report: Market Analysis on the Future Growth Prospects and Market Trends Adopted by the... - November 23rd, 2019
- Microsoft Windows 10 To Natively Support DNS Over HTTPS Encryption And Obfuscation Technique Making Internet Traffic Monitoring Near Impossible -... - November 23rd, 2019
- Import EFS File Encryption Certificate and Key (PFX file) in Windows 10 - TWCN Tech News - November 23rd, 2019
- What Is Homomorphic Encryption? And Why Is It So Transformative? - Forbes - November 19th, 2019
- FBI Recruits Interpol to Condemn End-to-End Encryption - WebProNews - November 19th, 2019
- Is encryption to blame for WhatsApp snooping? - Livemint - November 19th, 2019
- BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups in the field - Security Boulevard - November 19th, 2019
- Astonishing Growth in Global encryption software market size was valued at USD 2.98 billion in 2018. It is projected to post a CAGR of 16.8% from 2019... - November 19th, 2019
- Encryption Software Market Overview, Latest Analysis and Future Forecast 2019 2025 - Markets Gazette 24 - November 19th, 2019
- With end-to-end encryption, we wouldn't be able to listen in even if we wanted to, says Facebook's Stan Chudnovsky - Mumbrella Asia - November 19th, 2019
- Microsoft Jumps on the DoH Train Company to Introduce Encrypted DNS - Computer Business Review - November 19th, 2019
- Global Mobile Encryption Technology Market 2018 Manufacturers, Types and Application, Analysis History and Forecast 2025 - Galus Australis - November 19th, 2019
- Hardware Encryption Market Growth Forecast Analysis by Top Manufacturers, Regions, Product Types and Application (2019 - 2026) - News Obtain - November 19th, 2019
- The Best Encryption Software for 2019 | PCMag.com - October 21st, 2019
- What is data encryption? - October 19th, 2019
- USB Enforced Encryption - Endpoint Protector - October 19th, 2019
- Authenticated encryption - Crypto++ Wiki - October 19th, 2019
- Tinder's Lack of Encryption Lets Strangers Spy on Your ... - October 19th, 2019
- 'Without Encryption, We Will Lose All Privacy': Snowden ... - October 18th, 2019
- Security pros reiterate warning against encryption backdoors - October 18th, 2019
- Encryption - servicepro.wiki - October 18th, 2019
- Mozy Encryption - October 18th, 2019
- Optical Encryption Market Size, Share, Trends and Forecast ... - October 18th, 2019
- MySQL Enterprise Transparent Data Encryption (TDE) - October 18th, 2019
- What is Encryption? - Definition from WhatIs.com - October 17th, 2019
- How to Set Up BitLocker Encryption on Windows - October 2nd, 2019
- Encryption: What It Is, and How It Works for You | Tom's Guide - October 2nd, 2019
- Security Encryption Systems | HowStuffWorks - October 2nd, 2019
- What is The Difference Between Hashing and Encrypting - October 2nd, 2019
- How Encryption Works | HowStuffWorks - September 5th, 2019
- encryption - How secure is AES-256? - Cryptography Stack ... - June 2nd, 2019
- The World's Email Encryption Software Relies on One Guy, Who ... - May 5th, 2019
- Encryption breakthrough could keep prying eyes away from your ... - May 5th, 2019
- What Is Data Encryption? Definition, Best Practices & More ... - May 1st, 2019
- IronClad Encryption Partners with Data443 Risk Mitigation ... - April 30th, 2019
- What Is Encryption? An Overview of Modern Encryption ... - April 30th, 2019
- Symmetric vs. Asymmetric Encryption What are differences? - April 29th, 2019
- Difference Between Hashing and Encryption - ssl2buy.com - April 29th, 2019
- What is Advanced Encryption Standard (AES)? - Definition ... - April 29th, 2019
- How to Encrypt Your Wireless Network - Lifewire - April 29th, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 ... - April 22nd, 2019
- Email encryption - Wikipedia - April 8th, 2019
- What is Encryption, and Why Are People Afraid of It? - April 8th, 2019
- Data encryption | cryptology | Britannica.com - April 8th, 2019
- How to Enable Full-Disk Encryption on Windows 10 - April 1st, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 Race - March 27th, 2019
- AES and RSA Encryption Explained - March 27th, 2019
- Encryption: What it is and why its important - Norton - March 23rd, 2019
- Authenticated encryption - Wikipedia - March 19th, 2019
- Email Encryption Options for MDaemon Email Server - March 14th, 2019
- How to Encrypt Files on Windows - Tutorial - Toms Guide - March 6th, 2019
- Encryption, Key Management - bank information security - March 5th, 2019
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019