• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » News » Has the deciding shot been fired in the crypto wars?

Has the deciding shot been fired in the crypto wars?

by Adi Gaskell
3 August 2020
in News
0
Young woman using cell phone to send text message on social network
0
SHARES

The battle for the privacy of our digital devices stretches back to 1993, when the National Security Agency (NSA) developed the Clipper chip, which would provide the government with backdoor access to any mobile device the chip was installed in.  It sparked what came to be known as the “crypto wars” between the government and the phone manufacturers, who eventually won out when the project was scrapped in 1996.

This desire to allow the state to overcome increasingly sophisticated encryption didn’t die there, however, with the NSA working to weaken encryption standards and get hold of master keys, whether by agreement or force.  The Edward Snowden leaks revealed how far these efforts had gone, with the intelligence agencies capable of bypassing the encryption of both iOS and Android smartphones.  The leak prompted both Apple and Google to redo their encryption so that this technical capability ceased to exist.

This famously culminated in a legal battle in 2016 after the FBI were unable to access the iPhone of one of the shooters involved in the San Bernardino terrorist attack.  The phone was designed to delete all of its data after ten failed attempts to log in. After the NSA were unable to assist the FBI in accessing the phone, the pair tried to strong arm Apple into not only providing access to the phone, but developing a new version of iOS with various security features disabled.

The fatal blow

Step forward to June 23, 2020, and potentially the deciding shot in the crypto wars, as US Senators Marsha Blackburn, Tom Cotton and Lindsey Graham introduced the Lawful Access to Encrypted Data Act, which would force technology companies operating in the US to give the government and law enforcement agencies access to encrypted data when asked to do so.

The bill has three main provisions.  Firstly, it allows courts to order operating system providers, device manufacturers, communication service providers, and so on to assist the government in any request for information sought via a search warrant.  What’s more, stakeholders will now be mandated to ensure they are able to provide that assistance, which will include requiring them to report “any technical capabilities that [are] necessary to implement and comply with anticipated court orders”.

The bill effectively marks the end of digital service providers being able to offer unabashed, end-to-end encryption to users that are truly secure and private to all comers.  Indeed, it marks the end of being able to offer any form of encryption that does not contain a back door for government law enforcement agencies to access.

Why it matters

It might seem that this is, and has always been, a somewhat cherlish argument.  After all, if law enforcement agencies want to have access to something, they should be able to have it, right?  The problem with this is not so much in the theory behind it as it is in the way it could be achieved.

For the government to access data, it will require either encryption backdoors to be built in, or a key escrow.  Thankfully, key escrows don’t appear to be discussed as a viable option as it would require a copy of the encryption key to be stored somewhere so that it could be accessed under subpoena from the courts.  In itself, that would present a major security risk.

Instead, the plan is to utilize encryption backdoors.  This is where the seeds that are fed to the algorithms that in turn fuel the random number generators at the heart of modern encryption is made available.  The problem is our assumption that it will only be the “good guys” who will gain access to these seeds.  History tells us that this is unlikely to be the case, and once the encryption doors have been bust open it will be easier for others to burst through, whether those are other nation state agencies or even cyber criminals.  Every defence you’ve put together to keep people out has a back door deliberately built in, which undermines every effort you’ve made to be secure.

A justified breach?

Given the fuss the FBI and NSA made during the Apple dispute, the ability to unlock any device they choose is clearly hugely appealing to the law enforcement community, but as is so often the case in such matters, such over-reach comes at the expense of law abiding citizens.  This over-reach is especially egregious because there are other approaches in evidence around the world that don’t provide such an erosion of civil liberties.

For instance in the European Union, they have clearly stated that imposing master keys and backdoors on law abiding citizens is not only morally wrong, but ineffective against criminals, who would continue using state of the art encryption to protect their data, and therefore be a step ahead of law enforcement agencies.  As such, they believe the approach used by the US will only harm honest citizens by rendering their data vulnerable.  Instead, they argue that law enforcement agencies should use the tools at their disposal, such as existing laws to compel suspects to unlock their device, the available metadata, and various other forms of surveillance.

With the tech giants in the crosshairs of legislators for various reasons at the moment, lobbying seems unlikely to yield any remediation of the bill, but we might see encryption instead utilizing truly random number generators rather than seeding a pseudo-random number generator.  This would negate the effectiveness of any backdoor.

There is likely to be a combination of technological and legal developments in a debate that may appear to have been fatally decided by the government, but which in reality is likely to rumble on for some time to come.

ShareTweetShareShare

Related Posts

Facebook says some users facing issues with Messenger, Instagram

Factbox: How Facebook, Twitter, and others are girding for inauguration threats

20 January 2021
valve logo

EU hits game distributor Valve, five others with 7.8 million euro fine

20 January 2021
google logo

Trump pardons former Google self-driving car engineer Levandowski

20 January 2021
Malwarebytes hacked by state actors behind SolarWinds attack

Malwarebytes hacked by state actors behind SolarWinds attack

20 January 2021
Next Post
Will Cathcart

WhatsApp leader: people are being spied on in horrifying ways

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    82912 shares
    Share 82901 Tweet 0
  • ProtonMail review: have we found the most secure email provider in 2021?

    61 shares
    Share 61 Tweet 0
  • Bitwarden Review

    0 shares
    Share 0 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Custom mechanical keyboards – 17 coolest ones we’ve ever seen

    442 shares
    Share 441 Tweet 0
Facebook says some users facing issues with Messenger, Instagram

Factbox: How Facebook, Twitter, and others are girding for inauguration threats

20 January 2021
Uploading on mobile screen and Data Protection on desktop screen

Privacy and data protection trends in 2021

20 January 2021
valve logo

EU hits game distributor Valve, five others with 7.8 million euro fine

20 January 2021
google logo

Trump pardons former Google self-driving car engineer Levandowski

20 January 2021
Malwarebytes hacked by state actors behind SolarWinds attack

Malwarebytes hacked by state actors behind SolarWinds attack

20 January 2021
Edvardas Šileris

Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached

20 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!