Global tech giants back encryption

FBI director James B. Comey has for some time been a critic of encryption technologies, arguing that challenges for his agency are growing as groups they are monitoring "go dark" - a euphemism meaning they have begun encrypting their communications.

After the terrorist attacks in Paris, these objections have multiplied, despite evidence emerging that unencrypted SMS text messages were used to plan the attacks. Usually, critics of encryption are lobbying for government mandated "back doors" into encrypted systems that will allow government monitoring of communications - which is what the UK government is asking for in its renewed call for its "Snoopers' Charter" legislation.

We've already discussed some of the issues with encryption "back doors" in the context of the Snoopers' Charter, and a detailed examination by security experts can be found here. The primary concern is that commercial applications will be made significantly more vulnerable to hackers. Another point is that many encryption libraries are freely available on the Internet, and it is relatively trivial to construct your own application that uses encrypted communications.

Now the Information Technology Industry Council (ITIC) representing the tech giants has released a brief statement responding to calls to weaken encryption which repeats the concerns above.

They state that "weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy".

For a deeper appreciation of this issue it is well worth reading two recently published opposing points of view. Manhattan's District Attorney, Cyrus Vance Jr, has compiled a comprehensive report using real-life examples to argue for law enforcement access to people's phones. Nadim Kobeissi, a programmer born and raised in Beirut, is the author of encrypted chat tool Cryptocat, and has written about his perspective - the advantages to society of secure communications, and the impossibility of adding back doors that aren't accessible to everyone.

There's a delicate balance between the legitimate requirements of law enforcement agencies, our civil liberties and corporate interests when it comes to encryption. Many law enforcement agencies are still smarting from Edward Snowden's revelations of the details of global surveillance operations, and in the US, the subsequent restrictions of the USA Freedom Act. So it is unsurprising they are using the Paris attacks to justify new powers. But we must be careful to consider the negative aspects of restricting or crippling encryption technologies as well as the benefits it might give law enforcement agencies.

Posted by John Faulds in