Encryption: Safe Harbor for Kiddie Porn or Protection for Country, Business and Consumer?
At the height of the Apple Encryption debate, Arizona Senator Jon McCain stated that by not taking action on encryption, meaning by mandating backdoors for law enforcement that “we are furthering the cause of child pornographers and human traffickers.”
Wow. Even for a person operating in an arena that all too often rewards hyperbole and flash over considered thought, this is pretty strong stuff. And sadly, badly mistaken.
So, where did Senator McCain go wrong? Well, it turns out he went wrong in a couple places.
First, many technologies have a variety of potential uses and many things which in general bring considerable value and utility to society can also be turned to evil. In many cases the evil uses are rare corner cases. For example, the airplane. Incredibly useful when you need to travel vast distances in short times and responsible for bringing the world together more than just about any other recent invention. That said, it is possible to abuse the power of flight and do things like crash airplanes into buildings as the 9/11 terror attacks showed. That’s obviously a problem, but a rare one and one for which we were able to take countermeasures that did not entirely destroy the usefulness of the airplane, efforts of United and the TSA not withstanding.
Trucks have proven incredibly useful as well. Now goods from around the world can be transported cheaply, reliably and quickly without the many drawbacks of alternatives such as horses. Remember, it was little more than a hundred years ago when The Times predicted that London would be buried under 9 feet of manure. However, as the recent Nice attack illustrated, it is possible to turn a truck into a highly effective weapon. Fortunately, there has been little call to cripple or ban the global truck fleet.
Getting back to encryption, when you build back doors into encryption, you weaken security. In the words of Dean Garfield, Information Technology Industry Council chief executive:
“Weakening security with the aim of advancing security simply does not make sense…creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy.”
But it’s not just industry that gets it, many in government do as well. We have been highly impressed with Representative Will Hurd from Texas (watch him grill the Social Security Administration CISO — yes, worth the click and yes, this is the type of guy you want protecting your private data).
Indeed, in an interview with The Daily Dot, Hurd states “Here’s the reality: Right now, you don’t need any new legislation mandating a backdoor to encryption… Encryption is good for out national security. Encryption is good for our economy. We should be trying to strengthen encryption.” Remember, while highly educated, Hurd is not some ivory tower academic, he is one of the guys who in his decade of service in the CIA was making things happen in dark alley ways at 4 in the morning.
Representative Hurd has nailed it. While there are undoubtedly examples of bad guys using encryption to do bad things, the reality of encryption is much more things like honest, hard working consumers buying things with a credit card, debit card or over the web than it is radicalized nutcases hatching sinister plots in the basement. The further reality is that one would hope that for the really high risk types that we are keeping a physical eye on them and be ready to take remedial steps should they do things like buy a large truck, several tons of high nitrate fertilizer, a couple drums of diesel and a box of blasting caps.
Another problem with encryption is that even if you make everyone software company in America cripple their encryption offerings, the world outside of America has plenty of software companies and hungry developers most eager to fill any sort of vacuum we might create with well intended but mistaken back door legislation. What would happen is that we would first effectively destroy domestic encryption as a business and we would help rebuild the same outside the US. The bad guys would still be free to use it, but we would create weakness and vulnerabilities for our financial systems and significantly degrade our ability to protect vital intellectual property, trade secrets and other important information from those who would seek to steal and profit from such.
At HyTrust we are in the business of making virtual and cloud networks safer and more trustworthy. Part of that includes encryption and systems that help our customers deploy and manage encryption. Some of our customers include government and military and some of the data we help protect saves lives and helps protect the national interests of the United States. We have personal and professional reasons to want these encrypted systems to be a secure as possible and the only way we have figured out how to do secure encryption is to build it right — with no back doors and in support of strong standards like NIST 800–125B and FIPS 140–2. Hopefully, with the help of people like Dean Garfield, Will Hurd and others who have shown that they actually know something about security and encryption, we will be able to ensure that the legislative situation and reality stay in sync on Capitol Hill.