Those considering the future of law enforcement, recall statements of British Prime Minister Cameron and US President Obama regarding encryption "backdoors." There seems to be some misunderstanding of the intricacies of encryption and the challenges of "backdoor" access.
According to reports in the press (Chabrow, January 16, 2015), although President Obama said he sees the need for law enforcement to gain access to encrypted data on a suspected terrorist's digital device, he (Obama) stopped short of calling for a law to require manufacturers to provide a so-called "backdoor" to break encryption on mobile devices.
Some people in the Information Security Industry argue that the nature of existing mathematical processes using public and private key encryption does not necessitate the need for any newly-created "backdoors". Methods exist within current encryption schemes to simply permit the use of additional password keys that would permit authorized persons to view encrypted information. Consequently, the President and the Prime Minister may be using the word "backdoor" in an incorrect context (Gibson, January 20, 2015). Notwithstanding this apparent misunderstanding of encryption, other significant challenges to the plea for backdoors remain.
Consider the following questions and scenarios:
- Will legislators worldwide have the political will to pass laws requiring governmental access to all digital devices? Will it become a crime to possess any device that uses encryption without a governmental-access backdoor?
- How would such legislation be enforced? Would anyone possessing a device that does not permit governmental access be guilty of a crime?
- Will the criminals and scofflaws just keep using the illegally encrypted devices while only the law-abiding comply?
- If future manufacturers of technology products are required to provide a method for the government to gain access to their devices, will such requirements hamper product sales? Will consumers trust "backdoor'ed" products enough to buy them?
- Unless manufacturers worldwide simultaneously comply with the call to permit backdoors, will consumers just opt to buy secure devices from manufacturers who do not provide backdoors in their devices?
- Who will be the governmental keeper of the encryption keys and passwords that permit backdoor access to devices?
- What will happen when those keys and passwords are lost, stolen, misplaced, hacked, or fall into enemy hands?
- Unfortunately, law enforcement personnel are sometimes unable to decipher encrypted data and their investigative efforts can be hampered by a suspects' use of encryption. While the call for backdoors is a well-intended plea for help in the battle against terrorism several implementation challenges remain.
References
Chabrow, E. (January 16, 2015). Obama sees need for encryption backdoor. Bank Info Security. Retrieved from http://www.bankinfosecurity.com/cameron-obama-a-7809/op-1
Gibson, S. and LaPorte, L. (January 20, 2015). #491 Cryptographic Backdoors. Twit TV. Security Now (Podcast). Retrieved from http://twit.tv/show/security-now/491
