Encryption row spotlights fears on security, privacy
Washington (AFP) – Has encryption technology given the bad guys a way to operate in the dark? Or has the new tech age gifted law enforcement with unprecedented surveillance powers?
A weeks-long showdown between the FBI and Apple ended last month without a clear winner, but the debate rages on over government access to encrypted data in an era of evolving mobile technology.
Some worry new forms of encryption are creating dark corners for criminals and terrorists to conspire in secret, while others contend just the opposite — that it has led to a golden age for snooping on citizens.
On both sides, the passions run deep.
The US government dropped its legal battle to compel Apple to help unlock an iPhone used by one of the shooters in the December killing rampage in San Bernardino, California, after saying it had found a means to do so without Apple’s help.
But those involved say it’s only a matter of time before a new case emerges which tests the boundaries of law enforcement and data protection.
“This has created one of the most difficult policy dilemmas of the digital age, as encryption both improves security for consumers and businesses and makes it harder for governments to protect them from other threats,” said a policy paper from the Information Technology and Innovation Foundation, a Washington think tank.
“There is no way to square this circle, so any choice will come with tradeoffs.”
– Going dark? –
For years the debate on encryption, privacy and security had been simmering, amid warnings from the FBI and others that law enforcement was “going dark” in an age of new mobile technology, where traditional tools like wiretaps don’t always work and wrongdoers can increasingly operate unseen.
But revelations from former US intelligence contractor Edward Snowden stoked fears that electronic surveillance has on the contrary become pervasive and in some cases spun out of control.
Moves by Apple and Google to step up encryption, making it impossible for the companies themselves to use “keys” to unlock data, made the debate all the more urgent.
So did reports that attackers in last November’s Paris massacre may have used encrypted communications to avoid detection.
More recently, WhatsApp said it had implemented “end to end encryption” that would allow only those sending and receiving messages to view the content.
“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us,” said the Facebook-owned messaging service with a billion users worldwide.
Its move has drawn fierce criticism, with US Senator Tom Cotton calling it “an open invitation to terrorists, drug dealers, and sexual predators to use WhatsApp’s services to endanger the American people.”
– Absolute privacy? –
David Bitkower, a senior official in the Justice Department criminal division, notes a tendency “to understate the risks to public safety from the implementation of warrant-proof encryption” — a term cited by the FBI and others to describe encryption so tough that investigators cannot access data with a court order.
Bitkower, speaking at an ITIF forum, argued that it’s not clear “end to end” encryption will make people safer than prior generations, when companies stored data that could be requested under court order.
“It’s very important to recognize there are tradeoffs to be made,” he told the forum.
FBI director James Comey also warned of dangers from these new tools.
“I love strong encryption. It protects us in so many ways from bad people,” he told a group of students in Ohio recently.
“Many of us like the idea of a storage space in our lives that no one can get into. But it takes us to a place — absolute privacy — that we have not been to before… No matter how you feel about it, you have to understand there are costs to this new world.”
The next key chapter in the debate is set to play out in Congress, where a proposal that would require tech firms to enable law enforcement access has been drafted. Similar measures are under consideration in Britain, France and other countries.
“No entity or individual is above the law,” said Senator Dianne Feinstein, a Democrat sponsoring the measure with Republican Richard Burr.
“Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”
Meanwhile a broad coalition of technology companies and activists backing Apple have argued against any rules to allow “special access” for law enforcement, claiming these would create vulnerabilities that could be exploited by hackers or repressive governments.
– Digital ‘breadcrumb’ trail –
Critics of the FBI claim the government’s complaints about “going dark” are disingenuous — saying the digital age has made more data available, but that law enforcement is failing to use its tools productively.
“We live in a ‘golden age’ of surveillance, more so than in any other point in history,” said Amit Yoran, president of the security firm RSA, at a congressional hearing.
“In just about everything we do, we leave an incredibly insightful digital breadcrumb trail.”
Yoran said law enforcement “has an overwhelming volume of information readily available to it, creating challenges to efficiently manage and fully leverage it.”
Chris Calabrese of the Center for Democracy and Technology argued the smartphone has become a highly personal device that includes users’ most private thoughts and conversations.
“We’re not saying that the government should never be able to look at your phone,” Calabrese said.
“What we’re saying is that the phone is incredibly sensitive. It is perhaps one of the most private spaces that exist today and has ever existed in America.
“Therefore, it deserves a commensurate high level of security and we need really good arguments for why that security should be breached.”