‘Going dark’: Smartphone encryption debate heats up with no sign of legislative solution
A 45-page report titled ‘A Law Enforcement Perspective on the Challenges of Gathering Electronic Evidence' was released Tuesday by the International Association of Chiefs of Police and the National District Attorneys Association. It maintains that smartphones manufactured by the likes of Apple and Google should no longer come with built-in encryption, unless the government has easy access to encryption keys.
“Historically, the impact that advances in technology had on law enforcement capabilities was moderated by industry’s willingness and ability to comply with a law enforcement legal demand for access to evidence on a device or in a network,” the report reads.
Recent history is reviving the debate over mass surveillance and privacy. The November 13 attacks in Paris prompted speculation on the part of some government officials that the terrorists communicated through encrypted technology, which would explain how they were not prevented. However, a cellphone containing unencrypted text messages sent by the terrorists was found near the scene, and there is no evidence encryption was used to plot the attacks.
“The inability of law enforcement to overcome these barriers (known as ‘going dark’ in the law enforcement community) has already led to numerous instances where investigators were unable to access information that could have allowed them to successfully investigate and apprehend criminals or prevent terrorists from striking,” the report continued.
In a Washington Post interview, an unnamed lobbyist for the tech industry summed up the industry’s reaction, saying, “there’s no proof that terrorists used encrypted networks. Law enforcement, you missed this, stop trying to blame us.”
Back in March, NSA Director Mike Rogers attempted to ease tension at the heart of the debate. “I don’t want a back door,” Rogers told the Princeton University audience. “I want a front door. And I want the front door to have multiple locks. Big locks.”
Attempted compromises such as partial keys held by multiple agencies, as favored by Rogers, could ultimately be proposed as updates to current legislation. The Communications Assistance for Law Enforcement Act and the Electronic Communications Privacy Act were both targets for reform in the “Law Enforcement Perspective” report released Tuesday.
The Communications Assistance for Law Enforcement Act requires telecom companies like AT&T and Verizon to open themselves up to government taps on their data for investigative purposes, while the Electronic Communications Privacy Act gave government agents the power to collect business records, including emails, that are at least 180 days old.
The problem with any compromise aimed at both protecting encryption and keeping it unlocked for law enforcement, privacy advocates say, is that it would detract from the simplicity of encryption which is its major strength. Complicating encryption systems inevitably makes them easier to crack, but that isn’t the only problem some foresee. Even if the government had access, it doesn’t mean terrorists wouldn’t use encryption crafted outside the US or in the black market.
“You can’t tamper this way with strong encryption without making us all less secure, because the bad guys will exploit the vulnerabilities you introduce in the process. This isn’t about security versus privacy; as experts have explained again and again, it’s about security versus security,” Dan Gillmor, founding director of Knight Center for Digital Media at Arizona State University, wrote in a Medium blog post.
The Obama administration won’t be tampering with any encryption legislation, according to congressional testimony from FBI Director James B. Comey in October, “but it makes sense to continue the conversations with industry,” Comey told the Senate Homeland Security and Governmental Affairs Committee.
Testifying before the Senate Judiciary and Senate Intelligence Committee hearings in July, Comey gave a glimpse into what that conversation may sound like, saying, “a whole lot of good people have said it’s too hard. Maybe that’s so. But my reaction to that is: I’m not sure they’ve really tried… Maybe the scientists are right. But, I’m not willing to give up on that yet.”
Dean Garfield, president of the Information Technology Industry Council, told the Washington Post coming up with an encryption code solely crackable by the government and not by hackers or terrorists "simply does not make sense."
The conversation has continued, especially since the Paris attacks, in the 24 hour news media. In recent weeks, Senator Dianne Feinstein (D-California) told MSNBC, “I think that Silicon Valley has to take a look at their products. Because if you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents, whether it’s at a game in a stadium, in a small restaurant in Paris, take down an airliner. That’s a big problem.”
Fellow Democratic Senator Ron Wyden of Oregon disagreed, blogging at Medium that, “weakening encryption will make it easier for foreign hackers, criminals and spies to break into Americans’ bank accounts, health records and phones, without preventing terrorists from ‘going dark.’”