in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

US Government Committee Concludes (Yet Again) That Encryption Backdoors Undesirable

As the year draws to a close – and what a year! – we finally have some good, sensible news: the US government has found that "any measure that weakens encryption works against the national interest," and so encryption backdoors are an untenable scenario. This should be the final and decisive nail to the coffin of an issue that brought encryption and encryption backdoors to the forefront of public consciousness in the US and the world.  

Apple v. FBI

Each year has its milestones but 2016 feels like it has had more than its fair share. Brexit; Trump as president-elect; a European Union that's showing signs of becoming fractured; Volkswagen and most of the car industry caught with its pants down; South Korea embroiled in scandal after a Rasputinesque figure is yanked from the shadows; US elections possibly influenced by outside influences; US elections influenced by a federal agency; the biggest data breach in history; the Panama papers… the list really does go on in the year of the Red Monkey.

And in that list is an FBI that in essence asked Apple to create a backdoor of sorts to the iPhone's encryption, a consequence of the San Bernardino shooting in February 2016.

The federal agency insists that they weren't asking for a backdoor but they, in fact, were. It was the encryption equivalent of "sorry not sorry." While the FBI ultimately backed off the case did trigger something else: the Encryption Working Group (EWG), a congressional investigation into the viability of encryption backdoors that was composed of both Democrats and Republicans.  

The Encryption Working Group Conclusions

  1. Any measure that weakens encryption works against the national interest.
  2. Encryption technology is a global technology that is widely and increasingly available around the world.
  3. The variety of stakeholders, technologies, and other factors create different and divergent challenges with respect to encryption and the "going dark" phenomenon, and therefore there is no one-size-fits-all solution to the encryption challenge.
  4. Congress should foster cooperation between the law enforcement community and technology companies.

The EWG found that strong encryption is vital to national interest in many ways – be it personal freedom or ensuring national defense or protecting infrastructure; the use of encryption is varied and widespread – and so anything that works to weaken encryption is a bad idea. Law enforcement's concerns regarding encryption are valid but an approach other than backdoors must be established.

A solution may possibly lie in more cooperation between private industry and government, which is already present and established but could be furthered. Apple, for example, already provides law enforcement with data saved to the cloud. (In a case of cynically comical footinmouthitis, some in law enforcement used this cooperation as proof of Apple's "hypocrisy" regarding encryption.)

The EWG noted that the FBI's approach request for a backdoor (or whatever it was they wanted to call it at the moment) was the wrong one since the use and provision of encryption is global and open source. Nothing would prevent "bad actors" from using encryption that is not crippled with backdoors. Any advantages the government receives from backdoors would be short-sighted and short-term.

Aside from the above, the EWG also looked into whether "legal hacking" and compelled disclosure by individuals should be given more priority (working within a legal framework, of course).  

Play Those Encryption Wars Again, Sam

Of course, none of this is new. When the original "encryption wars" was "fought" in the 1990s, the issues and resulting conclusions were essentially the same. If anything, today's environment shows how prescient those conclusions from 20 years ago were. And, the issues debated back then haven't been supplanted by others in the interim. You know why that is?

It's because the issues being debated were fundamental in nature, and now with plenty of supporting proof. Not that that's ever stopped anyone from challenging an issue.  

 

Related Articles and Sites:

https://it.slashdot.org/story/16/12/24/1649258/us-congressional-committee-concludes-encryption-backdoors-wont-work

https://judiciary.house.gov/wp-content/uploads/2016/12/20161220EWGFINALReport.pdf

 
<Previous Next>

iPhone Encryption: FL Appeals Judge Says "OK" to Compel Password

Netherlands Officially Files 5,500 Breach Notifications In 2016

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.