There's the war on terrorism, and then there's the war on how to fight the war on terrorism.
With recent attacks in Paris, Beirut and Mali, some in governments and law-enforcement agencies are renewing their calls to expand electronic surveillance to thwart potential attacks. Communications that cant be tapped or unscrambled pose aseriousnational-security risk, authorities argue, because they can be used by terrorists tohidetheir activitiesand planning. Technology companies and cybersecurity experts generally takeadifferent view: If encrypted communications can be accessed by the government or a company -- or anyone other than the sender and intended recipient -- they inherently are vulnerable to bad actors and prying eyes.
Why is this such a complex and often heated debatewith noapparentresolution in sight? For starters, encryption is really complicated. Here's what you need to know to understand the issues:
Encryption, sometimes called crypto by techies, is a fancy word for a type of code. Encryption schemes transform words into seeming gibberish. Heresa mereportionofencrypted textthat,if printed in full,would translate to"happyholidays:"
hQIMA2dX93ZaYL95AQ//ZSZ/n0VSK7ZZ9kkRk3X8nn+m2YLzHj5L4zrsrCesPOKw ZQG5FXuHz9/02Be3tyXelAiFpGdCh+Tdnx0r1wLOChitSPaydW0hcReG6cp9Nplk QZL5sYRr0NYWjx2EkwFO0j6lNcGMNo3qAoxMNe3rfENPjxpv1UCRl6nHfEmSk1BO swjBOUXrsWxbbphdJqSZtdWoPLlOnFftRjgqLe9hC9rmWF/Q7/RIkZ5TEYmSfJkI aGB3Vrf/XEwXOHuss+HgE9z/XalJtaNLCZeCgNgO/Lk26nVyS0R5XfNz9VtFszhT pjk2rpxMecOlCs4a62oSYykI63E04G0OZkZaPrUlir4GoSV4OVivFgbFDNtIq5Lk hX1TF3y/PsuVb8bF7XhvqCt/q9HF0n0LY9v+tJfMOT885c6uNX9Rm6ZUUFR++jgv X4EfNYSmX6HjmYTflqQyivWeTpGl13tQP7b+UppJr0v9vH7Wd0PmRdvLDhKHqCiq
Only a user or machine with the so-called encryption key can unscramblethe message to get its meaning. So the same phrase -- "Happy Holidays" -- would be encrypted differentlydepending on the software used and the people involved.
Once the province of spies, encryption is widely used on the Internet. The little padlock next to a Web address indicates the connection is encrypted. Wi-Fi routers, Gmail, Yahoo mail, Snapchats, tweets and 4G cellular phones all use some form of encryption,to protect personal information, such as passwords, location coordinates, bank-account and credit-card numbers and sometimes -- depending on the type of encryption used -- the text of messages and other content.
In addition to those receiving the data who need to decipher it, the companies that employ this technology typically hold keys, sothey canget to the information if they need to. Among other things, this letscustomers reset passwords, etc.It also allows companies to decrypt messages for the authorities when faced with lawful requests for customer records or the contents of communications.
In the past few years, several tech companies have adopted encryption schemes for which they say they dont hold the keys. Most notably, Apple Inc. and Alphabet Inc.s Google in 2014 released smartphone operating systems that, by default, they said precluded them from unlocking phones for law enforcement, even with a warrant.That's because the companies said they would no longer maintain a key to unlock their devices' encryption. Those keys would only be on the devices themselves and could only be unlockedwith users' passwords.Before the switch, companies could comply with court orders to unlock phones, and usually did.
Here is FBI Director James Comey -- who has called these actions an assault on law enforcement --testifying before Congress on the issue:
But tech and telecommunications companieswerecriticized after documents leaked byEdwardSnowden showedsomefirms cooperating with governmentsto allow access to some of their users' communications. Companies also said the government was overstepping its monitoring activities without their knowledge, compromising user confidence in the privacy of their information. A lot of trust between the two sides was broken. Companies say that thenew encryption protocolswill make their products safer, because thieves and spies would have a harder time seeingand stealingtheir contents or communications.
Here's Apple CEO Tim Cook, making this point at the Wall Street Journal's WSJDLive tech conference in October:
The debate has widened as U.S. and European officialsalsostarted criticizing makers of apps designed to encrypt messages, such as Wickr, Signal and Telegram.Makers of theseapps have not changedtheir systemssince the Paris attacks.ButTelegram, which features both private chat and a Twitter-like public bulletin feature, saidrecently thatit had deactivated some public channels linked to the Islamic State. The shift, if small, was notable given Telegram founder Pavel Durov's previous statements that his company "shouldn't feel guilty" for reports that the app has been used by terrorists.
There is no evidence it played a role in the shootings and bombings in Paris. To the contrary, French media have reported some of the attackers coordinated using ordinary SMS text messages, which usually are easy for law enforcement to tap. However, Islamic State members have documented that they use some messaging apps that rely on strong encryption. Some U.S. officials have said this is a problem if the goal is to prevent another Islamic State attack. Here's a tutorial used by the Islamic State to rate the relative strength of various communication apps:
Several reasons. One, technology companies in general chafe at the idea of the government telling them how to make products. When the Clinton administration in the 1990s proposed a system where the government would maintain the ability to decipher commercial communications through a so-called "Clipper chip," the proposal was beat back due to civil liberties concerns. One alternative would have technology companies maintain all or part of the so-called master key, which they would only use if faced with a court order. Technology companies don't like this solution because they fear it makes the key a target for hackers. In short, if someone steals the digital key,everything is potentially lost.It's also unclear how such a system would work in practice.
Privately,some government officials say technology companies are overstating the risks of creating such a system. But technology companies counter the risks are real. The catch is that a lot of the risks are assumed and hypothetical. Building extra keys and loopholes into secure systems could, for example, introduce weaknesses from bugs, but it's hard to know what those bugs are ahead of time. "The complexity of todays Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws," wrote 15 cryptographers in a paper published by the Massachusetts Institute of Technology this summer. There is some precedent though for this concern. Washington once required American firms sell foreign customers only weaker, more easily cracked encryption to help U.S. spies keep tabs on overseas targets. Even though that requirement was dropped in the 1990s, the weakened encryption can still be found on computers and can now be exploited by other hackers. Lobbyists for tech firms such as Apple argue these problems would only be worse now. Because companies do more business overseas, they would likely have to replicate any deal they make with the United States. For instance, Apple sells a lot of iPhones in China. What if overseas governments demand the same types of keys?
In that case, all bets could be off. For instance, if an iPhone user uses iCloud backups for the content on their phone, Apple is able to hand over the latest backup if faced with a court order, the company says.Some cloud providers automatically erase such data after a period of time, but policies and procedures vary.
In January, Mr. Obama said, If we find evidence of a terrorist plot and despite having a phone number, despite having a social media address or email address, we cant penetrate that, thats a problem. The president and Mr. Comey have said they believe Silicon Valley should be able to come up with a solution. Congress also is examining the issue. On the other hand, former NSA Director Mike McConnell and other retired national security officials have publicly said that finding a way to maintain access to encrypted communications could be bad for security. The Obama administration has indicated that, for now, it doesnt want to issue orders to tech firms or push Congress for new laws.
Here's Adm. Michael Rogers, head of the National Security Agency, at the WSJDLive conference urging government and the tech industry to bridge the gaps:
In 1999, a federal appeals court more or less ended the first "Crypto wars" when it ruled computer code, including encryption schemes, is protected speech under the First Amendment. Apple is fighting the Justice Department in a New York federal court over whether it should be forced to figure out a way to unlock an encrypted iPhone.
White House and congressional staffers have reached out to some Silicon Valley executives, asking them to come to Washington, D.C., for another round of encryption talks. Some lawmakers are seeking a so-called "Blue Ribbon" committee that would include experts from both sides of the debate. Sen. John McCain (R., Ariz.) has pledged to conduct hearings on the matter and pursue legislation. The British parliament meantime is exploring a new spy powers measure that could give authorities more power to force companies to be able to unscramble customer data.
More here:
Does Encryption Really Help ISIS? Heres What You Need to ...
- WhatsApp overhauling status tab with encrypted Snapchat Stories-like feature - 9 to 5 Mac [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- GOP demands inquiry into EPA use of encrypted messaging apps - CNET [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Encryption Apps Help White House Staffers Leakand Maybe Break the Law - WIRED [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- World Wide Web Creator Calls for Internet Decentralization & Encryption - The Data Center Journal [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- What It Means to Have an 'Adult' Conversation on Encryption - Pacific Standard [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Confide in me! Encryption app leaks sensitive info from Washington DC - SC Magazine UK [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Gmail v7.2 Prepares to Add Support for S/MIME Enhanced Encryption - XDA Developers (blog) [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Top 6 Data Encryption Solutions - The Merkle [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Your Guide to the Encryption Debate - Consumer Reports - ConsumerReports.org [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Google helps put aging SHA-1 encryption out to pasture - Engadget [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Decipher your Encryption Challenges - Infosecurity Magazine [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How the Politics of Encryption Affects Government Adoption - Freedom to Tinker [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How Encryption Makes Your Sensitive Cloud-Based Data an Asset, Not a Liability - Security Intelligence (blog) [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Set up VMware VM Encryption for hypervisor-level security - TechTarget [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How The Media Are Using Encryption Tools To Collect Anonymous Tips - NPR [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Encryption patent that roiled Newegg is dead on appeal | Ars Technica - Ars Technica [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Research proposes 'full-journey' email encryption - The Stack [Last Updated On: March 1st, 2017] [Originally Added On: March 1st, 2017]
- Database-as-a-service platform introduces encryption-at-rest - BetaNews [Last Updated On: March 1st, 2017] [Originally Added On: March 1st, 2017]
- Encrypted Messaging Service 'Signal' Adds Video Call Option - Top Tech News [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Germany, France lobby hard for terror-busting encryption backdoors ... - The Register [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- How to Send Encrypted Nudes, a Guide for the Discerning Lover - Inverse [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Ironclad Encryption Corporation Announces New Ticker Symbol OTCQB: IRNC - Yahoo Finance [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- The Best Email Encryption Software of 2017 | Top Ten Reviews [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- No, you shouldn't delete Signal or other encrypted apps - TechCrunch [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Best encryption software: Top 5 - Computer Business Review [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Encryption Backdoors, Vault 7, and the Jurassic Park Rule of Internet Security - Just Security [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- That Encrypted Chat App the White House Liked? Full of Holes - WIRED [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- What the CIA WikiLeaks Dump Tells Us: Encryption Works - New York Times [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Snake-Oil Alert Encryption Does Not Prevent Mass-Snooping - Center for Research on Globalization [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Customer Letter - Apple [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Don't Let WikiLeaks Scare You Off of Signal and Other Encrypted Chat Apps - WIRED [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- BT to offer customers encryption service for data - Capacity Media (registration) [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Encryption - technet.microsoft.com [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Use FileVault to encrypt the startup disk on ... - Apple Support [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Viber launches secret chats to go beyond encryption - SlashGear [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- Zix wins 5-vendor email encryption shootout - Network World [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- A lesson from the CIA WikiLeaks dump: Encryption works - The Seattle Times [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- What the CIA WikiLeaks Dump Tells Us: Encryption Works - NewsFactor Network [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Panicked Secret Service Says It Lost Encrypted Laptop But It's Fine, Everything's Fine - Gizmodo [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Google Cloud adds new customer-supplied encryption key partners ... - ZDNet [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Preseeding Full Disk Encryption - Linux Journal [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Bypassing encryption: 'Lawful hacking' is the next frontier of law enforcement technology - Boston Business Journal [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- SecurityBrief NZ - Gemalto introduces on-prem encryption key solution for 'highly regulated' organisations - SecurityBrief NZ [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- 'Always Be Concerned': US Court Slaps Down Fifth Amendment Defense of Encryption - Sputnik International [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Quantum Key System Uses Unbreakable Light-Based Encryption to Secure Data - Photonics.com [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Wikileaks Only Told You Half The Story -- Why Encryption Matters More Than Ever - Forbes [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- EPA Sued For Withholding Info On Encrypted Text Messages | The ... - Daily Caller [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- Opinion Data encryption efforts ramp up in face of growing security threats - Information Management [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- Bypassing encryption: Lawful hacking is the next frontier of law enforcement technology - Salon [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- NeuVector Announces Container Visualization, Encryption, and Security Solution for NGINX Plus - DABCC.com [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Is encryption one of the required HIPAA implementation specifications? - TechTarget [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Paper Spells Out Tech, Legal Options for Encryption Workarounds - Threatpost [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Encryption debate needs to be nuanced, says FBI's Comey - TechTarget [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Comey Renews Debate Over Encryption - 550 KTSA [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- UK minister says encryption on messaging services is unacceptable - Reuters [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- The why and how of encrypting files on your Android smartphone - Phoenix Sun [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- UK targets WhatsApp encryption after London attack - Yahoo News [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Critical flaw alert! Stop using JSON encryption | InfoWorld - InfoWorld [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- SecureMyEmail is email encryption for everyone - TechRepublic - TechRepublic [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Apple iOS 10.3 will introduce encryption which makes it MORE difficult for cops and spooks to crack into ISIS nuts ... - The Sun [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- How to Analyze An Encryption Access Proposal - Freedom to Tinker [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Questions for the FBI on Encryption Mandates - Freedom to Tinker [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Justice Department anti-terror chief keeps pressing on encryption - Politico (blog) [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- UK government can force encryption removal, but fears losing, experts say - The Guardian [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Encryption FAQs [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Why isn't US military email protected by standard encryption tech? - Naked Security [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- How have ARM TrustZone flaws affected Android encryption? - TechTarget [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- Keeping the enterprise secure in the age of mass encryption - Information Age [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- Lack of encryption led to Dallas siren hack - WFAA [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Internet Society tells G20 nations: The web must be fully encrypted - The Register [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Make Encryption Ubiquitous, Says Internet Society - Infosecurity ... - Infosecurity Magazine [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Can we encrypt the web while giving governments a backdoor to snoop? - SC Magazine UK [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Why we need to encrypt everything - InfoWorld [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Hacked Dallas sirens get extra encryption to fend off future attacks - Computerworld [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- SHA-1 Encryption Has Been Broken: Now What? - Forbes [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Hewlett Packard Enterprise touts encryption tool for federal clients - The Hill [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Encryption on the Rise in Age of Cloud - Infosecurity Magazine - Infosecurity Magazine [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Lawmaker Pushes Bill That Requires Encryption by Pennsylvania State Employees - Government Technology [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Disk encryption - Wikipedia [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- The apps to use if you want to keep your messages private - Recode [Last Updated On: April 15th, 2017] [Originally Added On: April 15th, 2017]