Wednesday, September 29, 2010

FBI Drive for Encryption Backdoors Is Déjà Vu for Security Experts

From Wired Magazine via the New York Times,

The FBI now wants to require all encrypted communications systems to have back doors for surveillance, according to a New York Times report, and to the nation’s top crypto experts it sounds like a battle they’ve fought before.

Back in the 1990s, in what’s remembered as the crypto wars, the FBI and NSA argued that national security would be endangered if they did not have a way to spy on encrypted e-mails, IMs and phone calls. After a long protracted battle, the security community prevailed after mustering detailed technical studies and research that concluded that national security was actually strengthened by wide use of encryption to secure computers and sensitive business and government communications.

Now the FBI is proposing a similar requirement that would require online service providers, perhaps even software makers, to only offer encrypted communication unless the companies have a way to unlock the communications.

In the New York Times story that unveiled the drive, the FBI cited a case where a mobster was using encrypted communication, and the FBI had to sneak into his office to plant a bug. One of the named problems was RIM, the maker of BlackBerrys, which provides encrypted e-mail communications for companies and governments, and which has come under pressure from India and the United Arab Emirates to locate its severs in its countries.

According to the proposal, any company doing business in the States could not create an encrypted communication system without having a way for the government to order the company to decrypt it, and those who currently do offer that service would have to re-tool it. It’s the equivalent of outlawing whispering in real life.

Read the full article here.


lucy said...

I found this article and argument really interesting in the context of my growing understanding of the complexities of privacy in the internet domain. It's an easy claim to make to want encryption software and security settings on your personal communications online, like Skype and email etc in an attempt to deter hacking and non active parties from gaining access, but this article brings up the role of the government as both a protector and a third party invader. When we discussed information aggregator sites like Lexus-Nexus in class, there seemed general disapproval in the internet's ability to compile personal information on an individual, which led to further conversations about the new infringement of privacy that the internet has catalyzed. This article reminds me of the ever-overbearing, and rather longstanding relationship of the government as "big brother." We are frightened (and rightfully so) about how much is sharable about us on the internet, but we forget how much the government has always known about its individuals. I've talked a lot in class about how i care less about some privacy features because i dont consider myself a target for any major hacking jobs. But the american government certainly has a bullseye on its chest. So while it seems logical, as this article details, for the government to ask for backdoors to these major companies so that it might help protect citizens from "the badguys", they themselves by virtue become another weakspot for hacking in addition to becoming a badguy themselves, in the way that they now hold the information we wanted to keep private only so that it may be kept private from others? if that sounds confusing, that's because it is. I guess im glad to know my government is awake to the problems of hacking and trying to be the act of justice in the world, but it also scares me that theres just another group that gains access to my personal information.

Kevin Milmoe said...

This drive to include backdoors in secure online communication would seem to defeat the purpose of having those secure lines. If there is a backdoor it can be assumed that someone smarter than the company programmers and FBI employees will be able to get themselves in and compromise the security of these messages. Incorporating backdoors for the sake of security is counterproductive, it just provides another opening through which antagonistic parties can take advantage of the system. I doubt that the FBI can prevent the exploitation of these proposed openings, especially seeing as how security is never ahead of the criminals who are constantly looking to find ways to wiggle into important systems. The importance of this target would attract too many unwanted eyes for the implementation of this to be useful and safe.