Encryption. In today’s world, it is a vital part of privacy and security, and should be a part of protecting our communications, our passwords, our location, and everything else we can share online.
In recent years, the Federal Bureau of Investigation (FBI), and other law enforcement partners in the U.S. and internationally, have come under fire from privacy advocates and security leaders for perceived attempts to diminish security by asking for encryption to be weakened or compromised so that law enforcement can gain easier access to possible criminal or terrorist activity. Notably, in recent Congressional testimony, not once but twice in two days before the House and Senate, FBI Director Christopher Wray clearly argued against having backdoors. More on that in a moment. Let’s start with what encryption is.
To start, encryption is an often heard term but one that may leave some uncertain of exactly what it means. To define that, let us use Cloudflare’s definition:
Encryption is a way of scrambling data so that only authorized parties can understand the information. In technical terms, it is the process of converting human-readable plaintext to incomprehensible text, also known as ciphertext. In simpler terms, encryption takes readable data and alters it so that it appears random. Encryption requires the use of a cryptographic key: a set of mathematical values that both the sender and the recipient of an encrypted message agree on.Cloudflare, What is encryption?
Encryption keeps data private between sender and recipient and denies others from snooping into whatever you may be sharing, whether its your location, your device’s IP address, your text message, your email, your passwords, etc. When possible, encryption should always be used. But this causes a challenge for law enforcement. If they’re conducting an investigation and can’t access the data, then they’re essentially blind and criminals and terrorists could use encrypted communications to conceal their communications from law enforcement’s curious eyes.
Using encrypted platforms isn’t only for criminals! Text communications like Signal, or email such as ProtonMail, or use of a VPN such as ProtonVPN, protect all individuals’ communications and, in some parts of the world especially, are absolutely critical to protect the privacy of citizens from their governments. But even in Western democracies, privacy is important, as is the use of encrypted communications. That is part of the reason why ProtonMail recently received a bit of criticism after sharing information about a climate activist with the French police. Even if a platform provides secure, protected communications, they may be required by law to share information when properly and legally requested by authorities. The ProtonMail example is a good one and more can be read in these two posts:
- Important clarifications regarding arrest of climate activist (06 Sep 2021)
- Enhancing protection and information for activists (24 Sep 2021)
The FBI and other government partners have called for greater access to encrypted communications for years.
- The FBI wants a backdoor only it can use – but wanting it doesn’t make it possible (The Guardian, 24 Feb 2016)
- Apple’s fight with Trump and the Justice Department is about more than two iPhones (CNBC, 16 Jan 2020)
Privacy advocates and security professionals have pushed back, often loudly, against this as ideas about potential backdoors bring on a variety of concerns – including violations of civil rights and the potential that deliberate compromises (“backdoor access) – would certainly create opportunities for criminals and hostile nations to access what should be protected private data.
As citizens and organizations protest potential backdoors and access to encrypted data, many would likely agree that proper legal requests and Constitution-respecting procedures are appropriate and necessary. To that end, Director Wray’s recent remarks are encouraging. On 21 and 22 Sep, Director Wray repeated:
We are not asking for, and do not want, any “backdoor,” that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else.FBI Director Christopher Wray
- Threats to the Homeland: Evaluating the Landscape 20 Years After 9/11. Statement by Director Christopher Wray before the Senate Homeland Security and Governmental Affairs Committee (21 Sep 2021)
- Worldwide Threats to the Homeland: 20 Years after 9/11. Statement by Director Christopher Wray before the House Homeland Security Committee (22 Sep 2021)
That is encouraging to see. While the FBI does need to be explicit about what they do want, respecting privacy and the need to protect data is a good start. As the FBI works with Congress to achieve its goals, privacy champions such as the Electronic Frontier Foundation (EFF) and reason, will continue to pushback on perceived over-reach to protect the privacy rights and safety of Americans.
- The Senate’s New Anti-Encryption Bill Is Even Worse Than EARN IT, and That’s Saying Something (EFF Senior Staff Attorney, Andrew Crocker, 24 Jun 2020)
- The EARN IT Act Is the New FOSTA (Reason, Senior Editor, Elizabeth Nolan Brown, 18 March 2020)
And not only privacy advocates, but security professionals have also argued against backdoors as inherently dangerous.
Cybersecurity people have been generally outspoken that backdoors are bad. When governments or intelligence agencies suggest that a phone, cryptography tool, or product have a backdoor installed, both blue and red teams agree that it’s a very bad idea.Greg Young
- Backdoors Are Hard to Spot, But Not Who Is Using Them (TrendMicro, Vice President of Security, Greg Young, 16 Dec 2020)
- Tech Responds to Calls to Weaken Encryption (Information Technology Industry Council, 19 Nov 2015)
- Apple, Google and Microsoft: weakening encryption lets the bad guys in (The Guardian, Consumer Technology Editor, Samuel Gibbs, 23 Nov 2015)
- Trusted Encryption; #nobackdoors (Sophos)
After Apple’s chief executive Tim Cook’s claims that “any backdoor is a backdoor for everyone”, the Information Technology Industry Council, which represents 62 of the largest technology companies worldwide, said: “Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety.”via The Guardian, link above.
These debates are an important part of a free society and healthy as our country, and our world, continue to work through changing technologies, security concerns, and the rights of of the people, as part of the delicate balance between security and privacy. In the meanwhile, consider using platforms that will protect your communications and keep your private information private.
Note One. The title of this post is a variation of an oft quoted line made famous in Mel Brooks’ Blazing Saddles: “Badges? We don’t need no stinkin’ badges!” The longer background on that quote can be read on Wikipedia.