Mar 14, 2016

Encryption wars heat up as governments fight for less security

The government push against encryption will make everyone less safe -- individuals, companies, governments themselves.

Bernard Keane — Politics editor

Bernard Keane

Politics editor

The war of governments on encryption is now ramping up on both sides of the Atlantic, fueled by either profound ignorance on the part of policymakers or a genuine desire to make the internet and mobile communications less secure for all users -- including governments themselves. On the weekend, Barack Obama, attending a major tech conference, said that law enforcement agencies had to be allowed access to all encrypted communications devices. The President cited the need to stop child pornographers and terrorists -- continuing the long tradition that no politician can discuss electronic privacy without accusing defenders of helping paedophiles -- and called tech industry supporters of encryption "absolutists". Data, Obama said, was just another area where the community had to accept a trade-off between privacy and security. “This notion that somehow our data is different and can be walled off from those other trade-offs we make, I believe, is incorrect,” he said. While he didn't mention it, the immediate context for his remarks is the legal stand-off between Apple and the FBI over writing a backdoor to the operating system on the iPhone of one of the San Bernardino murderers in order to enable the FBI to "brute force" the password encrypting the phone. Problematically, though, the FBI's case has been undermined by its admission that it badly bungled its handling of the phone -- the FBI accidentally locked the phone itself in the aftermath of the attacks. While Obama was selling the case for undermining privacy, another case emerged of law enforcement agencies pressuring IT companies to attack their own security. WhatsApp, a communications app owned by Facebook that is now end-to-end encrypted, is in a stand-off with the Justice Department over a case in which the latter is demanding access to messages as part of a criminal investigation (not related to terrorism). Government officials are said to be considering waiting until there's a sufficiently high-profile terrorism case in order to launch a full-scale assault on WhatsApp. A Facebook executive in Brazil was recently arrested in that country for refusing to provide WhatsApp data. Meantime in the UK, the Cameron government, in addition to dramatically widening the powers of security agencies to monitor citizens' communications -- including a data retention scheme for every citizen's browsing history -- will also establish a legal requirement for tech companies to defeat their own encryption on the orders of bureaucrats. As a "compromise" the government recently amended its bill to remove a requirement for companies to remove encryption even when it literally couldn't be done. Worryingly, if such laws were introduced here, they'd receive little critical scrutiny from Parliament's Joint Committee on Intelligence and Security, which is now chaired by an open critic of any debate on security laws, Andrew Nikolic, and includes a former counter-terrorism policeman in its ranks. In the aftermath of the Paris terrorist attacks last year, Malcolm Turnbull -- who is well known for using ephemeral and encrypted apps like Wickr and WhatsApp rather than SMSing, which he complains is poorly secured -- flagged the government was looking at encryption, saying he had “asked that ASIO and other relevant agencies work with our international intelligence partners to address the challenge of monitoring terrorist groups in this new environment”. Obama's framing of the encryption issue is telling. In addition to the inevitable invocation of paedophiles, he has framed it as an issue of balance between privacy and security. As Crikey has long explained, this framing is based on a lie that there is any balance between privacy and security. Politicians love to claim that a particular extension of national security powers "gets the balance right" (it's probably the No. 1 cliche in the entire communications security debate). But the balance only ever tips further in favour of security every time laws are changed -- there are very few cases of laws re-balancing back in favour of privacy, even when security threats are judged to have receded, and in Australia even draconian, sunsetted laws end up being extended. The rollback of NSA surveillance powers by Congress last year was an almost unique example of sunsetted legislation being substantially amended, although it is likely the NSA simply used self-serving interpretations of other legislation to continuing the bulk data collection it ostensibly lost the power to undertake. But the concept of balance between privacy and security simply doesn't apply when it comes to undermining encryption. As Apple, other tech companies and tech experts across the world have explained, the only balance is between more security and less security -- for everyone. Creating backdoors into encryption, even if technically feasible, means malicious actors -- criminals, foreign governments, corporate spies, domestic intelligence agencies with anti-democratic agendas -- have more tools at their disposal to access data they shouldn't have access to -- whether it's the data created by individuals, corporations or governments themselves. In December, a prominent cybersecurity company revealed that "unauthorised code" had been inserted into an encryption product widely used by US government agencies including the Pentagon, most likely by exploiting deliberately flawed random number generation code that the NSA itself had developed. That the Pentagon was placed at risk as a result of the NSA deliberately undermining encryption tools is schadenfreude-worthy, but it also demonstrates the very real way in which this debate is not about privacy versus security, but about more security versus less security. And the Obama administration and the Cameron government are on the side of less security.

Free Trial

You've hit members-only content.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

One thought on “Encryption wars heat up as governments fight for less security

  1. AR

    Interesting that Obama (and crikey) use the phrase “privacy & security” as a corruption of the 1755 Benjamin Franklin quote which he trashed late last year – “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.“.
    As noted in the article,though the NSA supposedl;y lost some legal right they just carry ruight on doing so – no spook or cop every refrains from doing something just coz it illegal.
    After all, they serve a Higher Cause… which is secret to protect it from scrutiny and rightly so according to Nikolic et al. We can be assured that Hastie fully concurs.

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details