Can secure data and the FBI both be in the national interest?

24 December 2016 by Steve Blum
, ,

A bipartisan congressional review of encryption policy – particularly in regards to law enforcement access to private data – came down squarely against requiring back doors or giving master keys to cops. The top line conclusion of the study was “any measure that weakens encryption works against the national interest”. But that doesn’t mean that the encryption working group established by the house judiciary, and energy and commerce committees thinks law enforcement agencies should throw up their hands and walk away.

Quite the contrary.

The working group wants congress to “foster cooperation between the law enforcement community and technology companies” where it’s possible, and facilitate legalised cracking when it’s not…

Many stakeholders argue that, rather than building new vulnerabilities into secure products to facilitate law enforcement access, law enforcement agencies should be given the resources to exploit the flaws in secure products that already exist. Several law enforcement agencies noted that legal hacking is a time- and resource-intensive approach, and limited to the subset of cases where the agency actually knows of a flaw to exploit…Other stakeholders expressed concern that a legal hacking regime creates the wrong incentives for government agencies that should be working with private companies to patch vulnerabilities and improve cybersecurity.

That’s the crux of the problem. Government can’t play both sides of the table. There’s no such thing as law enforcement-only zero day exploits – if the FBI can figure it out, so can their Russian and Chinese counterparts, and so can criminal gangs and terrorist networks, and so can that really bright guy sitting in an Internet cafe in Lagos. It’s their job to protect the public from those threats, not join the fraternity.

Either law enforcement agencies are on the side of the vast – as in damn near everyone – majority of companies and private individuals who want to squash bugs and stop exploits cold, or they’re just crackers with a pension.