Attacks Revive Debate on Encryption

HackersAttorney general says it makes it harder to conduct surveillance, but tech firms balk at the notion of weakening security.

Friday’s terrorist attacks in Paris have revived the debate over whether U.S. tech companies should be required to build “backdoors” into encrypted phones, apps and Internet sites to let law enforcement conduct surveillance of suspected terrorists.   There has been widespread speculation among law enforcement authorities and the media that the Islamic State terrorists who attacked Paris were using some kind of encryption technology to communicate. However, American and French authorities have said there is no hard evidence to back up that assumption.   Still, the possibility has been enough to renew criticism of commercial encryption, putting pressure on U.S. companies that are increasingly using the technology to thwart hackers and reassure customers that their data will be kept private.  

“When individuals choose to move from open means of communication to those that are encrypted, it can cause a disruption in our ability to use lawful legal process to intercept those communications and does give us concern about being able to gather the evidence that we need to continue in our mission for the protection of the American people,” Attorney General Loretta Lynch told the House Judiciary Committee on Tuesday.   Lynch said the FBI and other Justice Department agencies work with Internet providers to try to find a way to enforce court orders to conduct surveillance of suspected terrorists.   However, companies are increasingly employing encryption that even they cannot break to access their customers’ data. In those cases, federal agents use other types of surveillance and intelligence-gathering tools, Lynch said.

“But it (encryption) does cause us the loss of a very valuable source of information,” she told the committee.   Despite strong criticism of encryption by the FBI, the White House announced in October that it would not seek legislation to force U.S. tech companies to build backdoors to let law enforcement get around the technology to access people’s messages and other information.   There is no indication that the White House will reverse that decision, in part because of fears that weakening encryption will lead to more hack attacks such as the one against the federal Office of Personnel Management that compromised the data of more than 20 million federal employees and their families.   Tech companies said Tuesday that the Obama administration and Congress should resist calls to force the industry to weaken encryption.

“Diluting commercial encryption won’t prevent the bad guys from using their own proprietary encryption and won’t make us safer,” said Pravin Kothari, founder and CEO of Cipher-Cloud, a cloud security company. “Dismantling privacy for the masses will only push the terrorists further underground. We cannot let fear override reason.”   Sen. Ron Wyden, D-Ore., a strong privacy rights advocate and member of the Senate Intelligence Committee, said banning strong encryption in the U.S. will only empower cyber criminals in other nations to attack Americans. “It would be a gift to foreign hackers,” Wyden told USA TODAY.  

He said federal agents can use other surveillance tools — including wiretapping, informants and even hacking — to gather information on suspected terrorists.   “Americans want safety, and they want their liberty,” Wyden said. “We should be very careful about advancing proposals that give us neither.”   Weakening encryption technology in the U.S. makes no sense unless other countries do the same, said Dwayne Melancon, chief technology officer at Tripwire, a cybersecurity company.

Erin Kelly   @ErinVKelly USA TODAY

Learn how to protect your LAN and WAN and important corporate information with Certified Ethical Hacking (CEH), Computer Forensics (CHFI), Security Analyst (ESCA), CISSP, and Cisco Security courses.

CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America for the last 6 years combined.  CED Solutions is a CompTIA Partner, EC Council Partner, and many others and is one of the largest providers of training in North America.  The Atlanta facility provides IT training for up to 300 students per day, with separate buildings dedicated to training. CED Solutions provides training for up to 10,000 students per year and students take up to 800 certification exams every two weeks.

Share this post