Top global security experts defend encryption

Security experts have published a paper arguing that allowing government agents special access to communications would have detrimental effects

sdn nsa monitoring spying

As government officials continue to plea the case against strong encryption, a group of high-profile international security experts have published a paper arguing that allowing government agents special access to communications would have detrimental effects on personal privacy, enterprise security, and our national economy.

"In the long run, what would help law enforcement and make us secure is that we do the best we can to make the infrastructure as secure as possible," said Hal Abelson, the lead author on the paper. "The calls for adding exceptional access -- whether front doors or back doors -- are going in the opposite direction."

Abelson, who is a well-known professor of computer science and engineering at MIT, is also a founding director of Creative Commons and Public Knowledge, and a director of the Center for Democracy and Technology.

He added, however, that government officials have not released any details about what they would like to see happen.

"The devil is in the details," he said.

For example, he said, if a vendor must give government agents access to customer communications, then that means that the vendor themselves has that access.

"If you knew that Apple has access to all of your communications, would you use that if you were Microsoft?" he asked.

Vendors would prefer to have as little ability to access customer information as possible, he said.

For example, keys to encrypted communications are typically destroyed automatically after every interchange, he said.

But that means that there's no way for law enforcement to get at this data, either, he said.

"This is a very complicated issue and it's not going to go away," he said.

FBI Director James Comey called it "Going Dark."

"Changing forms of Internet communication are quickly outpacing laws and technology designed to allow for the lawful intercept of communication content," he told the Senate Intelligence Committee Wednesday.

Terrorist groups such as ISIL are using modern communications methods, he said -- but the laws haven't kept up.

For example, traditional telephone companies are required to have the capability to provide wire taps to law enforcement, but there's no such requirement on Internet technology companies.

"Such services can be developed and deployed without any ability for law enforcement to collect information critical to criminal and national security investigations and prosecutions," he said.

In addressing the Senate Judiciary Committee that same day, Comey went even further, saying that there were more and more criminal cases relying on data stored on computers or mobile devices -- and that strong encryption would hinder prosecution in these cases.

"If we cannot access this evidence, it will have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders," he said.

Richard Blech, CEO at Secure Channels

Comey stopped short of making any concrete proposals, but urged for more discussion of how "encryption as currently implemented poses real barriers to law enforcement’s ability to seek information in specific cases of possible national security threat."

The government is between a rock and a hard place, said Richard Blech, CEO at Secure Channels.

"You cannot have a backdoor that only the 'good guys' can use, it will be exploited by the bad guys," he said.

Kunal Rupani, principal product manager at Accellion, said that existing communication protocols actually don't go far enough in protecting privacy and security.

The paper published this week by security experts focused on protecting content, he said. "A big piece that is missing is metadata -- and the metadata can be even more useful than the content."

Metadata, which is usually transmitted in unencrypted form, allow marketers, criminals, and agents of both local and foreign governments to track how messages are communicated, he said.

"Who am I sharing the file with? What time did I look at the file?" he asked. "Very few people really talk about this information."

Other metadata can be used to track online behavior, physical locations, and much more.

There are efforts underway to close down some of these security holes.

But, according to Rupani, there is government opposition, and this restricts innovation and hurts competitiveness.

"As we globalize, the need for open communications increases, and the actions that the government is trying to take is definitely concerning," he said.

Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)