Israeli data extraction firm Cellebrite announced the ability to break into any iPhone or Android device for law enforcement agencies near the same time Trump administration officials weighed the pros and cons of banning encryption law enforcement can’t break.
Senior Trump officials met Wednesday to discuss whether to seek legislation that would crack down on end-to-end encryption in a move that would reignite a feud between federal law enforcement and Silicon Valley stemming from the San Bernardino iPhone case.
While companies like Apple and Google bill the encryption as a privacy and safety feature, law enforcement agencies argue the feature hinders investigations into terrorism, drug trafficking and child pornography.
“The two paths were to either put out a statement or a general position on encryption, and [say] that they would continue to work on a solution, or to ask Congress for legislation,” an anonymous source from the meeting told Politico.
The DOJ and the FBI argue that catching criminals and terrorists should be the top priority, even at the expense of hacking risks but such measures would also make it easier for hackers and spies to steal Americans' private data by creating loopholes in encryption that are designed for the government but accessible to anyone who reverse-engineers them.
Cellebrite’s bold claims also come after Apple added new security measures that crippled a separate iPhone cracking tool, GreyKey, which had already become popular among US law enforcement agencies.
SecurityFirst Chief Marketing Officer Dan Tuchler said there's a fine line between positions on this issue with no grey area.
“An authoritarian government will always seek to exert control by monitoring its citizens, using the reasoning that safety of citizens is more important than any erosion of their rights,” Tuchler said.
“The United States has a long history of mottoes such as “Live Free or Die” emphasizing the common conviction that the balance should always lean towards freedom of speech," he said. "We don’t like it when suspected terrorists have the ability to communicate on encrypted channels, but we need to catch them a different way, so that we can protect one of our most important fundamental rights.”
Tuchler added that phone vendors will need to improve their ability to protect our private data, using stronger encryption.
Lucy Security CEO Colin Bastable called the argument of eliminating encryption for protection an excuse.
“The police will use this technology to go for low-hanging fruit, as always, like speeding motorists and jaywalkers, whilst terrorists and drug cartel barons will carry on regardless,” Bastable said. “The USA crippled its IT security industry in the ‘90s by limiting strong crypto to domestic use only, selling easily cracked crypto to foreigners, who rightly built their own, superior, security products.”
Bastable added that end-to-end encryption ensures privacy and consistency and integrity of data and delivers immediate communication, for fast business and personal interaction.
Willy Leichter, vice president of Virsec said the encryption debate resurfaces frequently because it frustrates law enforcement while pointing out that banning encryption or opening back doors simply won’t work and can potentially undermine overall internet security.
"Encryption is simply advanced mathematics, and banning math is like banning an idea – it won’t just go away," Leichter said. "Practically unbreakable encryption algorithms are widely available – if a US-based service can’t provide end-to-end encryption, then dozens more will pop up outside the country that are equally effective."
In addition, Leichter said that if one government requires “secret” backdoors, then many others will follow, and the encryption needed for privacy and day-to-day business will no longer be effective and will ultimately undermine the competitiveness of US tech firms, and weaken security for businesses and consumers.