Encryption backdoors – necessary or not?
Over the course of his recently concluded tenure as FBI Director, James Comey has repeatedly called for built-in backdoors to get around encryption on devices such as smartphones and tablets. Citing national security needs, Comey has on many occasions attempted to work with domestic organizations (and most recently, members of the international community) to implement a standard for backdoors.
“The ubiquitous default full-disk encryption on devices is affecting now about half of our work,” testified Comey during his testimony for the Clinton email investigation. “First six months of this fiscal year, FBI examiners were presented with over 6,000 devices for which we have a lawful authority search warrant or court order to open and 46 percent of those cases we could not open those devices with any technique. That means half of the devices that we encounter in terrorism cases, in counterintelligence cases, in gang cases, in child pornography cases, cannot be opened with any technique. That is a big problem.”
Encryption is a standard security practice used on millions of devices today, in which data is converted into a code in order to prevent unauthorized access. Comey’s intention is that companies that produce such devices, like Apple and Microsoft, would build a backdoor to allow authorized third parties, in the name of the law, or national security, to bypass encryption without the user’s consent.
The subject of encryption has been shrouded in debate since the FBI took on Apple earlier in 2016 when they needed access to a smartphone they believe contained information pertinent to their investigation of the San Bernardino shooting. In an effort to gain access to the terrorist’s smartphone, the FBI wanted Apple to create a backdoor system that would allow them to bypass any type of encryption at any time. The argument was that a “golden key” like this would allow the “good guys” to always have a way to make sure the “bad guys” weren’t hiding anything. Apple refused and ultimately won the day, both in terms of its own liability and in the court of public perception.
Even then, Comey didn’t give up. Even as recently as March of this year, Comey suggested the idea of an International Encryption Backdoor Partnership in the global community.
“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” said Comey at the University of Texas during a national security symposium.
Despite the fact that Comey is no longer the FBI Director, the debate over the need for built-in backdoors around device encryption still stands – does it threaten and undermine personal privacy rights? Or is it ultimately necessary in order to uphold national security?
As Comey has stated on numerous occasions, encryption is a serious obstruction of justice when it comes to investigating terrorists and criminals that have potentially used encrypted devices to communicate with other contacts and store vital data. With a backdoor in place, the FBI could simply circumvent the encryption and access the data in question, potentially speeding up the investigation, making better use of government time and resources, and in the most dire of circumstances, saving lives.
However, that’s a lot of “ifs”. By the very nature of the situation, the FBI will never truly know whether they’re bypassing encryption to get usable data or not; it’s only once they’ve gotten in that they’ll know whether using the backdoor was worth it. At best, the implementation of backdoors isn’t a guarantee for stronger national security, and effectivity on the part of the FBI – it’s an educated guess.
Furthermore, the fact of the matter is that it’s not in the interest of companies like Apple to willingly compromise their user’s security (even when legally compelled to do so, as was the case with the San Bernardino shooting), and so there likely won’t be an initiative to implement backdoors on the developer side.
So what’s at stake if backdoors were to be implemented across devices?
If companies like Apple and Microsoft were to create built-in back doors for the FBI to bypass encryption, it would fundamentally weaken personal security across the nation. Many watchdogs and personal users involved in the debate worry about two key points: where the FBI will draw the line when it comes to using the backdoor on a case by case basis; and how likely it is that cybercriminals could steal the backdoor access from the FBI once it’s been created.
That said, if a backdoor in your device (and everyone else’s) would speed up investigations, prevent attacks, protect innocents, and ultimately save lives, some would argue that the infringement on personal security would be justified.
Given that Comey is no longer director of the FBI, for now, the debate will continue. What do you think? Are backdoors justifiable in the name of the judicial process and homeland security? Or will their abuse by government organizations and hackers be inevitable?
For more cybersecurity news, be sure to visit the {company} blog. For more information about security solutions for your business, reach out to us right away at {phone} or {email}.