Strong encryption|Government Kryptonite
From all sides of the news, we continue to see support from media outlets on the issue of allowing or requiring Federal Government agencies to access token or a ‘back-door’ to the devices that currently have an encryption algorithm they can’t decipher.
Using what happened in Paris 2 weeks ago, Federal and Local Government anti-privacy advocates like Senator Diane Feinstein, NYC Police Commissioner William Bratton, Jeb Bush and CIA Director John Brennan make the case against private companies deploying technology that government agencies cannot crack. They warn that if they don’t have access to all wireless devices, then they may never know about terrorists planning attacks. Perhaps they didn’t know:
Every time there is an attack, we discover that the perpetrators were known to the authorities…What this shows is that our intelligence is actually pretty good, but our ability to act on it is limited by the sheer numbers.
-François Heisbourg, French counterterrorism expert and former defense official.
Today, I read an opinion piece by Sarah Garossino from National Observer, a self-glossed progressive news outlet from Toronto. In it, she attempts to make the case using arguments that might look like great material for a Facebook meme, but don’t stand up to common sense.
What authorities seek is that encrypted messaging apps code in a “key” that allows police (operating under warrant) to intercept communications and track militant extremists and terrorists in a manner similar to tapping a phone.
If we don’t master this, we’ll turn police into 19th century London bobbies, while ISIS roams the Internet virtually at will.
ROAMING THE INTERNET AT WILL
First of all, everyone is supposed to be able to ‘roam the Internet virtually at will’. There is nothing against the law about roaming the Internet. End-to-end messaging encryption doesn’t provide or afford the opportunity to use the Internet with anonymity. And providing authorities with a token to encrypted messaging apps won’t prevent ‘ISIS from roaming the Internet at will.’
OPERATING UNDER WARRANT
If LEO’s and Federal Government agencies have a warrant to wire-tap, that means they had to have been able to muster up compelling enough evidence to justify that warrant. If they are gathering intelligence on the individual mentioned on the warrant, then how is he not ALREADY being tracked?
The Government has already shown its propensity to collect and clone all electronic communications from Wireless Data Providers:
Why would they request a warrant if they already have the data?
What makes anyone believe that if the government had access to a decryption key, that they would be able to prevent it from being compromised? The personnel employed with government agencies that are responsible for intelligence gathering and protecting US Federal Government information security initiatives are apparently not the *industry’s brightest. If they were, they wouldn’t be complaining about needing legislation requiring private companies to compromise the privacy of their customers.
The issue isn’t the need for more access. More access equates to more data, and more data means more to process. The government isn’t able to process the data they already collect because of the sheer amount of data they collect. It is counter intuitive to think they can add more data-streams piped into the massive data repo they have, and be able to process it with any methodology that doesn’t rely on getting lucky.
Irrespective of that, there is the internal security component. The Government can’t keep itself safe when it comes to information security. The Office Of Personnel Management announced that they were subject to a data breach. I should disclose that my personal information was compromised, as was the information of millions of other government contractors and government civilians.
If the government cannot keep the data on Defense and Intelligence employees safe on the infrastructure they manage, how can they secure the keys with which they monitor the communications of private citizens on infrastructure they don’t own? Of the 47 OPM systems compromised, 11 of them belonged to the OPM’s own IT Department until they got owned by hackers:
We would be doing all involved, especially those in the federal government, a favor if we held fast on the vocal support for the government to have access to hundreds of private companies and developers encryption algorithms. Douching them with more information to process is simply a match on the fire. What they need is a faster way to process the data they already have, or to establish an efficient way to prioritize the processing ‘process’, so they don’t have to process it all.
In the journey to fighting terrorism while preserving Liberty, all roads lead to more competent Human Intelligence, not broader data collection.
*Edited. I went to public school.