It’s Labor Day! My hometown of Toronto has an over century old tradition of celebrating the day with their last chance to enjoy the Canadian National Exhibition, colloquially known as The Ex. On the other side of the border, millions of Americans will be enjoying the end of summer with backyard barbeques. Working people fought hard for liberties which are celebrated on that day with many blue collar parades and perhaps putting away their white trousers until next year. (“Don’t wear white after Labor Day!”)
On this day, people will be thinking of the workplace liberties that were achieved through many struggles in the industrial era. If people feel patriotic, they may recall John F. Kennedy’s famous words during his inaugural address in 1961. “My fellow Americans: ask not what your country can do for you--ask what you can do for your country.” But in the wake of recent controversies, is cryptography beneficial to American interests?
Is cryptography beneficial to American interests?
This summer, US Attorney General William P. Barr has been arguing that law enforcement and intelligence require encryption backdoors in order to investigate crime which may threaten the liberties of Americans. He said, “As we use encryption to improve cybersecurity, we must ensure that we retain society’s ability to gain lawful access to data and communications when needed to respond to criminal activity.”
He believes that the protection of liberty requires some sort of balance between citizens being able to encrypt their digital communications and law enforcement access. “Our societal response to advances in technology that affect the balance between individual privacy and public safety always has been—and always should be—a two-way street.” Nearly fifty-nine years ago, Kennedy suggested that Americans have a responsibility to serve their country. Barr has said that responsibility should include making it easier for police to intercept encrypted communications if they deem it necessary to investigate crime.
Not all of Silicon Valley agrees with Barr.
Apple is one of the most powerful companies in the world and hundreds of millions of people worldwide have an iPhone in their pocket. Back in 2016, Apple fought the Federal Bureau of Investigation (FBI) when they wanted access to the encrypted data on the iPhone belonging to a suspect in the San Bernardino terrorist attack. Apple won the battle to avoid granting law enforcement a backdoor, but the FBI ultimately won the war by spending about $900,000 to crack the phone’s encryption themselves. Who were the protectors of liberty in that situation? Was it Apple for doing everything they could to protect their customers’ privacy, or the FBI for being able to investigate a person they suspected to be a threat to people’s safety?
I believe that deploying cryptographic technology without government backdoors is what’s in the best interest of Americans’ liberty. Renowned cybersecurity expert Bruce Schneier wrote, “Encryption secures our data and communications against eavesdroppers like criminals, foreign governments, and terrorists. We use it every day to hide our cell phone conversations from eavesdroppers, and to hide our Internet purchasing from credit card thieves. Dissidents in China and many other countries use it to avoid arrest. It's a vital tool for journalists to communicate with their sources, for NGOs to protect their work in repressive countries, and for attorneys to communicate with their clients... Adding backdoors will only exacerbate the risks. As technologists, we can't build an access system that only works for people of a certain citizenship, or with a particular morality, or only in the presence of a specified legal document. If the FBI can eavesdrop on your text messages or get at your computer's hard drive, so can other governments. So can criminals. So can terrorists.”
And that’s the main problem with government backdoors. All backdoors threaten the strength of cryptography, even if they have a noble purpose. If backdoors are created for law enforcement, they probably will become public knowledge and available to cyber attackers. Many of the backdoors, malware, and other exploits used by the Central Intelligence Agency surfaced through Wikileaks’ Vault 7 revelations in 2017. One of those exploits was EternalBlue, which the notorious WannaCry ransomware used to harm countless Windows machines.
"All backdoors threaten the strength of cryptography"
Schneier isn’t the only computer security expert who agrees with me. During Black Hat USA 2019, Venafi surveyed 384 IT security professionals for their opinions about government-mandated encryption backdoors. 74% said countries with government-mandated encryption backdoors are more susceptible to nation-state attacks. And 84% would never knowingly use a device or program from a company that agreed to install a backdoor. Venafi’s Kevin Bocek said, “On a consumer level, people want technology that prioritizes the security and privacy of their personal data. This kind of trust is priceless. Encryption backdoors would not only make us much less safe at a national level, they also clearly have the potential to inflict significant economic and political damage.”
Trust is priceless
So, there you go. It may seem patriotic to grant the government backdoors so they can decrypt the communications of crime suspects in the interest of national safety without the hassle of asking a judge for a search warrant. But law enforcement should investigate crime without risking Americans’ privacy and ultimately weakening all encryption. Benjamin Franklin didn’t live to see modern computers, but he might have some words for William Barr. “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” So, salute the Stars and Stripes, grill me a Beyond Meat burger (I’m vegan), and encrypt your digital communications in storage and in transit. I think that’s what your founding fathers would have wanted!
Why Do You Need a Control Plane for Machine Identities?
Related posts
- Battle of the Backdoors in Networking Infrastructure: Intentional vs. Incidental
- Going Undetected: How Cybercriminals, Hacktivists, and Nation States Misuse Digital Certificates
- 86% of IT Security Professionals Say the World Is in a Cyber War
- Venafi Survey: The Negative Impact of Government Mandated Encryption Backdoors