Encryption: The New Front in the Clash between Privacy and Public Safety

 

By Haley DeLeon

Encryption has been making headlines of late with Apple’s refusal to build a “backdoor” into its iPhone for law enforcement agencies investigating the San Bernardino terrorist shootings.

The Federal Bureau of Investigation wants access to a passcode-protected iPhone used by one of the killers. But, in order to do so, Apple contends it would have to turn over the software “equivalent of cancer” – a backdoor, or exceptional access, to the phone’s encrypted data.

Related: Get our independent review of one of the most popular access management solutions

The standoff is now the focus of courtroom arguments, congressional hearings and presidential debates. It comes as more U.S. technology companies are offering their customers end-to-end encryption, which means that only the sender and intended recipient can decrypt messages.

Apple and other firms say their customers expect to have their privacy guarded when using smartphones and other digital devices.

However, federal investigators complain that encryption handcuffs their ability to fight criminals and terrorists, a dilemma they call “Going Dark.”

Related: Sign up to our weekly newsletter to have our product reviews sent as they’re published

The Public Safety Argument

FBI Director James Comey has said that no tech company should be allowed to create “warrant-free spaces.” He argues that the nation’s founders understood the need for investigators to enter private spaces with appropriate oversight.

Being unable to access evidence will “have ongoing, significant impacts on our ability to identify, stop, and prosecute these offenders,” Comey wrote in a blog post on the FBI website.

Federal officials have painted their request in the Apple case as narrow and specific. They note that the iPhone in question wasn’t owned by the gunman, but rather by his employer, a county agency.

Law enforcement leaders say there must be a balance between privacy and public safety.

“We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly,” Comey has written. “We don’t want to break anyone’s encryption or set a master key loose on the land.”

The Privacy Argument

In the digital age, our smartphones and tablets hold some of our most personal information, from financial transactions to healthcare records and confidential communications. To hackers, these mobile devices represent a treasure trove.

In hopes of outpacing online intruders, tech companies such as Apple and WhatsApp have developed increasingly sophisticated cybersecurity measures, including end-to-end encryption.

In a letter to Apple’s customers, CEO Tim Cook said encryption is the primary way of keeping customer data safe, to the point where the company has “even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

Creating a software key to decipher this encryption would set a dangerous precedent for privacy rights and undermine the security of all iPhone users, Cook said.

This sentiment is echoed by other tech industry leaders. Microsoft’s president and chief legal officer has warned of the implications of weakening encryption. “The path to hell starts at the backdoor,” Brad Smith said recently.

Additionally, a 2015 report from the Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Laboratory identified three major issues with law enforcement requesting exceptional access to encrypted information:

  • Existing best practices would be nullified, including “forward secrecy,” which entails the immediate deletion of decryption keys after use to prevent potential compromise.
  • Creating a so-called backdoor would increase system complexity, including in testing and deployment.
  • Exceptional access would tip off hackers about potential targets and vulnerabilities.

The Tussle for Cybersecurity Professionals

The iPhone dispute is playing out in the public arena as fears grow over the threat posed by cyber attackers, whether individual hackers, criminal gangs or enemy nation states.

The Center for Strategic and International Studies places the estimated costs of cyber crime at more than $455 billion annually, or about 1% of global income. The implementation of cybersecurity safeguards continues to increase, meanwhile, with Gartner estimating worldwide spending on information security at $75.4 billion in 2015.

As Apple and the FBI wrestle over the San Bernardino case, tech firms, retail companies, government agencies and military branches are tussling over a limited pool of qualified cybersecurity professionals, including encryption experts.

Globally, there’s an estimated shortage of more than 1 million analysts, specialists and other cyber defenders. In the United States alone, employment of information security analysts is projected to jump by 18% between 2014 and 2024.

As the federal Comprehensive National Cybersecurity Initiative notes: “In order to effectively ensure our continued technical advantage and future cybersecurity, we must develop a technologically-skilled and cyber-savvy workforce and an effective pipeline of future employees.”

 

Haley DeLeon writes about cybersecurity and information technology on behalf of Florida Tech’s 100% online graduate degree programs.