Experts weigh in on call to make encrypted apps accessible to government

U.S. and U.K. move to weaken online privacy, grant deeper citizen surveillance

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Two bold pronouncements—one in the Unit­ed States and the oth­er in the U.K.—have poured kerosene onto the flick­er­ing debate about pri­va­cy vs. the need for surveillance.

First came Pres­i­dent Trump’s exec­u­tive order, issued March 6, sig­nal­ing that trav­el­ers enter­ing the U.S.—including attor­neys with cloud access to client information—could have their dig­i­tal devices sub­ject­ed to search with­out a warrant.

Then on March 26, con­ser­v­a­tive British politi­cian Amber Rudd called for law enforce­ment and intel­li­gence agen­cies to be grant­ed access to What­sApp and oth­er encrypt­ed mes­sag­ing ser­vices. Rudd react­ed to reports that the British extrem­ist who killed four peo­ple out­side Par­lia­ment used What­sApp a few min­utes before he began his attack.

Relat­ed sto­ry: Pri­va­cy, patri­o­tism or prof­its? Apple’s fight with FBI goes deep­er than iPhone encryption

Pro­po­nents of deep­er sur­veil­lance argue that unfet­tered gov­ern­ment access to dig­i­tal con­tent is need­ed to com­bat ter­ror­ism. That includes data stored in a cloud ser­vice, and acces­si­ble via a smart­phone. Civ­il lib­er­ties advo­cates say such poli­cies are dra­con­ian. Here’s how cyber­se­cu­ri­ty experts react­ed to Rudd’s proposal:

Paul Calatayud, chief tech­nol­o­gy offi­cer, Fire­Mon:

Paul Calatayud, Fire­Mon chief tech­nol­o­gy officer

What­sApp is a com­mu­ni­ca­tion appli­ca­tion that has built-in secu­ri­ty enabling end-to-end encryp­tion. If the bad guys feel that this appli­ca­tion has been com­pro­mised by gov­ern­ment offi­cials and back­doors become avail­able, this leads to a sim­ple response by the bad guys—use a dif­fer­ent application.

What­sApp is a third-par­ty appli­ca­tion on a mobile device. Noth­ing pre­vents the bad guys from mov­ing to a less­er-known third-par­ty appli­ca­tion. Plus, any­one who is look­ing to com­pete with What­sApp may see this new back­door fea­ture as an oppor­tu­ni­ty to chal­lenge their rivals, pro­mot­ing the lack of back­door in their prod­uct as a true “for-the-peo­ple” product.

David Meltzer, chief tech­nol­o­gy offi­cer, Trip­wire:

David Meltzer, Trip­wire chief tech­nol­o­gy officer

You can have true end-to-end encryp­tion that nobody but the par­tic­i­pants can read, or you can have a sys­tem where a cen­tral author­i­ty can decrypt any mes­sage they want. It doesn’t make any sense to sug­gest that you can have both. It is either one or the other.

It is a rea­son­able pol­i­cy posi­tion to believe you should have a gov­ern­ment back­door in mes­sag­ing sys­tems, but this always wor­ries secu­ri­ty experts because that same back­door you cre­ate for the gov­ern­ment inevitably cre­ates the poten­tial for mis­use, abuse and being exploit­ed by others.

Philip Lieber­man, pres­i­dent, Lieber­man Soft­ware:

Philip Lieber­man, Lieber­man Soft­ware president

Gov­ern­ments can read What­sApp streams and most oth­er appli­ca­tions run­ning on Android and iPhone. But the capa­bil­i­ty requires the use of tech­niques to sub­vert the inher­ent secu­ri­ty of those devices. The deci­sion to forcibly over­ride the inher­ent secu­ri­ty of a device is gen­er­al­ly done with­out the coop­er­a­tion of the device manufacturer.

The demand that all soft­ware and devices be eas­i­ly and con­ve­nient­ly con­trolled for sur­veil­lance as a fea­ture of the device is a non­starter for most west­ern soci­eties. As with most things in gov­ern­ment, the death of cit­i­zens has a way of chang­ing pub­lic opin­ion about privacy.

John Gunn, chief mar­ket­ing offi­cer, VASCO Data Secu­ri­ty:

John Gunn, VASCO Data Secu­ri­ty chief mar­ket­ing officer

Tragedies such as the recent Lon­don attack touch us all, but many peo­ple have the mis­tak­en impres­sion that if mobile OS and app providers are forced to build-in back­doors, then sud­den­ly law enforce­ment offi­cials will have a mag­i­cal and last­ing back­door to all encrypt­ed information.

If back­doors are forced upon us, then two things will hap­pen: Crim­i­nals and ter­ror­ists will still keep their secrets using any one of the more than 100 third-par­ty encryp­tion prod­ucts, and aver­age cit­i­zens will be left more vul­ner­a­ble to crim­i­nal and state-spon­sored hacking.

More sto­ries relat­ed to data privacy:
Who’s lis­ten­ing? Pri­va­cy ques­tions echo across the Inter­net of Things
Fair or foul? New foren­sics tools raise pri­va­cy concerns
Don’t expect Trump to leave inter­net rules, reg­u­la­tions intact

 


Posted in Data Privacy, Featured Story