• United States



Crypto wars: FTC commissioner says to encrypt despite feds pushing for backdoors

Sep 06, 20154 mins
Data and Information SecurityEncryptionMicrosoft

The FBI and NSA may demonize encryption and call for backdoors, but the FTC commissioner advised users to embrace strong security by encrypting hard drives and setting BIOS passwords.

Surveillance is so out of control that superheroes like Captain America fight against it; even the Avengers tried to show us the dangers of militarizing the Internet. Sure, that might be coming from fictional characters, just like the cosplay activism campaign going on Dragon Con this weekend in Atlanta. Yet as Project Secret Identity points out:

From George Orwell’s Big Brother to J.K. Rowling’s Ministry of Magic, science fiction, fantasy, and other genre fiction have long explored and criticized the intrusion of government on our private lives.

Today, many of those fictions have become reality, whether it’s NSA mass surveillance, local police use of spy technology, or big data brokers scraping personal information from social media networks. Today’s threats to our privacy also include proposed backdoors into our devices, forcing us to fight to defend our right to encryption.

You can add a photo if you aren’t at Dragon Con, but here are a few cosplaying Trekkies striking out against secret backdoors and mass surveillance. Despite intelligence agencies like the FBI and NSA demonizing encryption with Chicken Little-like “the sky is falling” and “going dark” hype, a fictional Captain Jean-Luc Picard is not the only one who recently highlighted the wisdom of encrypting.

FTC Commissioner pushed back against encryption backdoors

When FTC Commissioner Terrell McSweeny wrote about data security and how encryption can help protect your personal information, she also pushed back against the FBI and NSA’s push to add backdoors to encryption.

Encryption and end-user protections can raise issues of access for law enforcement. Some argue that data storage and communications systems should be designed with exceptional access — or “back doors” — for law enforcement in order to avoid harming legitimate investigative capabilities. However, many technologists contend that exceptional access systems are likely to introduce security flaws and vulnerabilities, weakening the security of products.

Instead of warning that terrorists and pedophiles will overtake the world if tech companies embrace encryption, McSweeny praised the use of “encryption as the default for information stored on smartphones, apps that use end-to-end encryption, and services that encrypt data on devices and then back them up in the cloud.” She added, “The impact of major breaches may also be reduced the more that users’ data and communications are encrypted end-to-end.”

“If consumers cannot trust the security of their devices,” McSweeny warned, “we could end up stymieing innovation and introducing needless risk into our personal security. In this environment, policy makers should carefully weigh the potential impact of any proposals that may weaken privacy and security protections for consumers.”

“Now, more than ever, strong security and end-user controls are critical to protect personal information,” she wrote. “Each of us can play an important role in protecting our information on laptops, desktops, and smartphones by using strong end-user controls, such as disk encryption and firmware passwords. Disk encryption can protect information stored on the hard disk from unwanted access, and hardware passwords essentially prevent machines from being used without the password.”

Disk encryption, BIOS and firmware passwords were also advised by FTC Chief Technologist Ashkan Soltani after his laptop was stolen. Soltani wrote, “Strong end-user privacy and security controls, such as device encryption and firmware passwords, not only protect personal information from unwanted access – they can also make it easier to recover lost or stolen devices as well.”

In Soltani’s case, he was notified of an upcoming Apple Genius Bar visit that the laptop thief had setup. He had encrypted his hard drive and “set a firmware password, which is an end-user control that essentially prevents the machine from being booted up or reset without knowing the password. Essentially, whereas disk encryption protects information stored on the device, firmware passwords protect the actual hardware.” The firmware password not only made the device useless to the thief, it also helped Soltani recover his lost laptop.

Most Windows machines also “allow users to set BIOS passwords which prevent modification of PC settings (including settings that allow users to reset/reinstall the operating system).” So if you aren’t out and about enjoying Labor Day weekend, then maybe you could invest a bit of your time to set a BIOS password on your PC or a firmware password on your Mac and encrypt your hard drive.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.