Proposals for a U.S. federal law that would require tech companies to build backdoors into their end-to-end encrypted communications services sound like they are lifted from an authoritarian country's playbook, warned Dr. Andrea Little Limbago, chief social scientist at Virtru, in a podcast interview with SC Media.
Federal law enforcement authorities and the current White House administration have argued that terrorists and criminals are leveraging encryption messaging apps to subvert surveillance, and insist that investigators need to regain the upper hand by having a means to defeat encryption.for national security purposes.
But there's a flip side to this argument. "...The legislation that's starting to emerge sounds very similar to legislation in authoritarian regimes that want exceptional access to data. And why that's problematic is because if you build in a backdoor, it weakens the security..." said Limbago. "[E]ventually we'll see criminals, authoritarian regimes, the whole gamut of the bad actors, will find ways to also exploit that backdoor."
Limbago was a co-presenter at the 2020 RSA conference, jointly helming a session titled "Implications of the Global Push to Ban End-to-End Encryption." She was joined by Lesley Seebeck, professor at Australian National University's Cyber Institute. (Australia passed a law requiring encryption backdoors in 2018.)
While there's currently no way to build a backdoor that only law enforcement can use, Limbago did say that progress and innovation in other areas could reduce the need for encryption bans.
"There have been numerous cases over the last few years of dismantling criminal networks through multi-country collaboration, through leveraging a lot of the other data that is given to the government. And... one thing that I think get lost a lot is that it's not that the tech companies are not giving any data to the DOJ, FBI. They're actually giving troves of data, various kinds of metadata that they can get access to.
However, Limbago expressed concern that if the U.S. continues to push for breakable encryption, that it will simply drive criminals to use sophisticated phones with built-in encryption that will make even unattainable to authorities. Or they will simply use encrypted apps developed in other nations such as China, who are unlikely to cooperate with U.S. investigators, she added.
Limbago, whose jobs exists in the intersection of cybersecurity, geopolitics and sociology, also took time during the podcast to discuss why RSA Conference's theme for 2020 -- The Human Element -- is an important one to study, with the ultimately objective of developing technology that can help overcome human error and fallibility. Limbago offered insights into why employees continue to be fooled by phishing scams, and why the coronavirus is the latest in a long string of effective phishing email lure subjects.