Wednesday, 27 May 2015

FBI Push To Weaken Cell Phone Security, Skirt Encryption Alarms Privacy Advocates

The FBI’s push to ensure a backdoor into cellphones so that federal agents can skirt around tricky encryption technology in order to track terrorists is evoking backlash from privacy groups and technology companies.

Last fall, FBI Director James B. Comey said he wanted to work together with technology companies to find a way for investigators to unlock the photos, emails and contacts stored in cellphones when tracking down terrorists. That information is especially valuable at crime scenes, discovered on battlefields or when taken from a suspect.

Mr. Comey said companies like Apple and Google had “gone too far” in offering fully encrypted cellphones that neither the FBI nor the companies selling the devices could crack. Suggestions have been made that American companies should refrain from providing any products secured by encryption unless they also weaken their security so they are able to decrypt their customers’ data at the government’s request.

Now, just as new terror threats against the homeland are resurfacing, advocates of encryption technology are asking President Obama to reject any proposal from the FBI or other administration officials that deliberately aims to weaken the security of cellphones and other technology products.

“Whether you call them ‘front doors’ or ‘back doors,’ introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers,” more than 60 privacy advocates and computer experts said in a May 19 letter addressed to President Obama. “Every computer security expert that has spoken publicly on this issue agrees on this point, including the government’s own experts.”

The letter went on to read: “We urge you to reject any proposal [in which] U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad.”
The renewed push to block the FBI from skirting around encryption technology walls surfaced less than a week before the U.S. and Canada had to scramble jets to intercept commercial aircraft after someone claimed that chemical weapons were on board. The new threat surfaced Memorial Day, when thousands of Americans were returning from holiday vacations.

Federal authorities were eventually able to determine the threat was not credible, said a law enforcement official familiar with the FBI’s ongoing investigation.

Still, if the threat is credible, encryption technologies hinder authorities who need to track down a terrorist cell or a lone-wolf agitator determined to commit a horrific attack, said Ron Hosko, president of Law Enforcement Legal Defense Fund and the FBI’s former assistant director.

The FBI typically operates in “response mode” to the multiple threats that criminal actors and extremist organizations launch against the homeland, he said.
Those agents need to be able to quickly track potential terrorists and bypass technology roadblocks, like cellphone encryption software, in order to locate the conspirators involved in trying to kill — or merely rattle — thousands of Americans.

However, if the FBI is allowed to enter an individual’s cellphone through less encryption, a foreign entity or hacker looking to crack into the device will also have an easier time, civil liberties advocates warn.

“There are a lot of governments and criminal enterprises out there, and they are trying to steal American information, and there is no way to design a system that allows the FBI in and keeps the Chinese government out,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union.

For federal agents and other law enforcement officers, however, that logic poses a serious problem because it would hinder their ability to gather information about the nefarious activities that America’s adversaries are planning, Mr. Hosko said.

“If they cannot collect the dots, then how can they connect the dots?” he said.
In a press conference on cyberissues last week, Mr. Comey said when he read the letter to Mr. Obama, he concluded that the writers either were incapable of seeing both sides of the issue or simply not fair-minded individuals.

“A group of techno companies and some prominent folks wrote a letter to the president yesterday that I frankly found depressing, because their letter contains no acknowledgment that there are societal costs for universal encryption,” he said. “Look, I recognize the challenges facing our techno companies: competitive challenges, regulatory challenge overseas, all kinds of challenges. I recognize the method of encryption [has value on those matters]. But I think fair-minded people also have to recognize the cost associated with that.”
Encryption tools used to be used by groups of people who really wanted to protect themselves. But at least since former National Security Agency contractor Edward Snowden stole classified government documents and made public sensitive global surveillance programs, encryption has become a standard feature of the majority of Internet communication, said security researcher Karsten Nohl.

Most websites now offer secure Web servers, and almost all sensitive smartphone applications and popular messaging applications almost always offer encryption — even when customers do not specifically request that technology, he said.

Law enforcement analysts agree that Mr. Snowden’s actions had a major impact on the views of privacy advocates, who strongly think personal data should be kept private. The latest letter to Mr. Obama is further evidence of the negative impact Mr. Snowden has had on the public’s perception of their government, Mr. Hosko said.

“This is an outcropping from the Snowden disclosures and a belief that there is this monolithic federal monster sucking up all forms of data and that you have nefarious actors in federal government that have nothing else to do with their time and [that] they’re swimming around in private data,” he said.
But computer security experts argue the FBI can easily connect those dots without carving out a backdoor entrance.

Criminals may use encryption software to conceal what they say and privacy technology to conceal who they are, but law enforcement officials have been able to bypass those obstacles by infiltrating criminal organizations, said Mr. Nohl.

“Criminals have had access to encryption technology for a long time. Skype, for instance, could not be intercepted by the FBI prior to its acquisition by Microsoft,” he said. “As another example, the BlackBerry Messenger was believed to use very strong encryption, so it was very popular among criminals. The recent uptake of encryption among noncriminals to protect [against] unwarranted espionage should therefore have little effect on the FBI’s ability to intercept criminal communication, which has already been predominantly encrypted for years.”

But the head of the FBI maintains technology is outpacing the federal government’s ability to keep up, and said “we may get to a place where the U.S. Congress forces this” on American manufacturers.

Source:
Washington Times

Image credit: siliconangle.com

No comments: