Why encryption is inevitable
In a new white paper on encryption, the Chertoff Group argues that law enforcement access to encrypted products would open a Pandora's box of problems.
What: "The Ground Truth about Encryption and the Consequences of Extraordinary Access," a white paper from the Chertoff Group.
Why: Law enforcement has been seeking greater access to encrypted communications and devices, and although the shootings in San Bernardino, Calif., might appear to have strengthened its case, some big names in security are arguing otherwise.
In its white paper, the Chertoff Group sides with Apple in a dispute with the FBI over whether to provide law enforcement agencies with special software to bypass security features in the iPhone. Apple executives have argued that developing software to unlock the phone of one of the San Bernardino shooters would unleash a technological "cancer" that could affect tens of millions of customers.
The Chertoff Group -- which was co-founded by former DHS Secretary Michael Chertoff and former DHS Chief of Staff Chad Sweet and which counts former CIA Director Michael Hayden as a principal -- largely concurs with Apple's assessment.
The debate over strong encryption has heated up in the past year because device manufacturers have adopted policies that implement local encryption by default, instead of having users opt in. That approach is quickly becoming the norm, and strong consumer encryption around the world is "inevitable." Although strong encryption has been an impediment to law enforcement over the years, "the magnitude of that impediment is modest," the paper states.
The Chertoff Group added that it could not find evidence of a successful terrorist attack that would have been stopped by law enforcement's use of decryption technologies and said social media has been a more effective investigative tool than breaking into smartphones. Furthermore, the paper states that engineering exceptional access capabilities into existing encryption systems is a "massively complex undertaking" that could bring its own set of problems because "the more complex a system is, the less secure it is."
Mandating exceptional access threatens to hobble or outright damage innovation in the U.S. encryption and security technology markets, the Chertoff Group concluded. The paper also notes several cases in which damaging, long-term intrusions were perpetrated with the use of pilfered encryption keys.
Verbatim: "Candidly, in the highly dynamic, ever-changing world of cyberthreats, vulnerability, and defenses, we are cautious about any governmentally imposed obligation. In the absence of any decisive demonstration of need, our instinct is to permit the market of ideas and technological development to function without governmental interference, lest we have the collateral and unintentional effect of delaying or preventing the development of an appropriate response."
Click here to read the full report.