Though gov't agencies deride default device encryption, no changes expected in tech, experts say
FBI and NSA staffers have repeatedly voiced concern over default encryption, but it doesn't seem to have hindered any tech companies' decisions to proceed with their plans.
In a freshly penned editorial in The Wall Street Journal, Executive Assistant Director of the Federal Bureau of Investigation (FBI) Amy Hess picked up where her colleagues left off and warned of possible repercussions from default device encryption.
“The notion that electronic devices and communications could never be unlocked or unencrypted – even when a judge has decided that the public interest requires accessing this data to find evidence — is troubling,” she said.
Her thoughts echo the same worries FBI and National Security Agency (NSA) staffers have been expressing for months, namely since Apple announced it would enable default encryption on iOS 8. Hess' editorial also follows up on a recent comment made by NSA Director Adm. Michael Rogers during a speech at Princeton University.
“I don't want a back door [into devices],” he said. “I want a front door, and I want the front door to have multiple locks. Big locks”
Put more simply, Rogers wants device makers and companies to create multiple keys that can be held by various entities, said Jeremy Gillula, staff technologist, Electronic Frontier Foundation (EFF), in an interview with SCMagazine.com.
This would, in Rogers' mind, relieve concerned citizens of their worries about the government abusing decryption privileges or a single back door. Instead, it would have to work with companies and provide legal documentation, or search warrants, to receive the digital keys to a device.
“It's another way to decrypt the data of ordinary citizens without their consent,” said Gillula. “It may alleviate some of the trust issues in terms of who's trusted to decrypt your data, but it still creates more attack surfaces that hackers and foreign governments could use to break into.”
Hess' editorial continued to build the FBI's case, however, and provided the agency's stance, saying, “We believe private industry, academia, the American public, and our government can work together to strike the proper balance by putting in place the appropriate combination of laws, regulations, procedures, technology, and oversight to ensure meaningful and secure access to electronic devices and communications for law enforcement when authorized by a judge.”
At the crux of Rogers' and Hess' comments is an argument that encryption could enable criminals to get away with crimes. Manhattan District Attorney Cyrus Vance evoked this fear in January when he said murder investigations and crimes against children could go unstopped.
In reality, decryption can still be completed, but it will require more money and time on government agencies' side, Robert Neivert, COO of Private.me, told SCMagazine.com during an interview.
“It's getting more expensive to do what they do, but it prevents abuse,” he said. “You can't really say you can't do it.”
Stingray devices can still pick up on phone calls, for example, and older methods, though outdated, still work, Neivert said.
Apple devices are already encrypted by default, as are plenty of other services, including Gmail and WhatsApp messaging. Governments are on the losing side of this battle, and Gillula doesn't anticipate any companies majorly backpedaling on their recent encryption push.
“We as a society value very strongly our right to communicate privately,” he said. “So I don't think there's going to be any more progress [on the government's side].”
The agencies, Neivert said, could work to gain back lost trust and restore citizens' faith in their government law enforcement.