The Feds Fear of Unbreakable Encryption

October 7, 2014 / Conversation, Security / 0 Comments


Recently Apple announced they have strengthened encryption on its mobile (IOS) devices to the point that it can no longer decrypt their contents on behalf of the government, even when presented with a valid search warrant. Google followed suit, announcing that Android devices would be encrypted by default.

On the heels of the unauthorized release of nude pictures of many celebrities, apparently purloined from iCloud with stolen/hacked credentials, many might see these moves as being strongly in the interest of consumers’ privacy.

The director of the FBI, James Comey, begged to differ. Attorney General Eric Holder followed suit. Both cited concerns about such encryption hindering criminal investigations.

The US government has been fighting strong cryptography for years. Cryptography has been classified as armaments and subject to export controls. The US (and the UK) benefitted strongly from a cryptographic advantage in World War II and through much of the cold war: the US could break its enemies’ cyphers but not vice-versa. In 1993 the NSA introduced the clipper chip and tried to make it a standard. This effort failed spectacularly as the market completely rejected a chip that contained a backdoor for the NSA.

Cloak Labs is committed to protecting data privacy. The very idea of a master key or a backdoor into a security system is anathema to those who are serious about security.

The security industry’s efforts to improve security were bolstered by Edward Snowden’s revelations about widespread NSA wiretapping activities in 2013. For example there are now a number of secure email systems (ex: Proton Mail).

I believe that what is really concerning the US government is the idea that encryption is moving from being something optional that is hard and error-prone to configure to something that is standard, default, and easy (specially given Apple’s focus on ease of use). Criminals might not bother to setup security or might set it up incorrectly. Now Apple and Google are protecting even the dumb criminals who are just buying phones at their local store.

By abusing their surveillance powers so egregiously for so many years the US government has lost significant goodwill with a large segment of the American public. Not only do consumers want to be protected from lawless hackers, many of them no longer trust their own government. Parallel reconstruction, where an intelligence agency that nominally targets foreign intelligence targets provides secret intelligence to domestic law enforcement agencies who then reconstruct it in order to make it admissible in court, makes a mockery of the rules of evidence.

It’s extremely unlikely that congress will pass legislation that requires companies such as Apple and Google to make it possible/easier for the government to access private information. If they did, it would cripple American products in global markets.

Device encryption will force the government to get a suspect to provide their password (or fingerprint) to unlock it to access evidence. In some cases the courts have held that a defendant cannot be compelled to provide a password since they might incriminate themself by doing so. In other cases the courts have compelled a defendant to reveal their password. This might make for an important Supreme Court case someday.