X
Tech

Why are we still talking about backdoors in encryption? No, really

FBI's director says he's not a "maniac" about encryption. The experts disagree.
Written by Zack Whittaker, Contributor

It's the conversation that just won't end.

In case you hadn't noticed, in recent months there's been fervent discussion both for and against encryption, which has law enforcement and experts at odds.

The debate began in the wake of the Edward Snowden affair after Apple began encrypting iPhones and iPads running the latest software. By cutting out Apple from the data demand process, law enforcement must go directly to the device owner. That -- as you might imagine -- incensed law enforcement and intelligence agencies, because that requires informing suspects that they're under investigation.

Without any congressional backing, the feds asked for the only thing they could: "backdoor" access to tech companies' systems to pull data on suspected criminals and terrorists.

On Tuesday, more than a dozen elite cryptographers and security experts penned a letter effectively calling on the feds to stop flogging an already dead horse.

From the report in The New York Times:

"The group -- 13 of the world's preeminent cryptographers, computer scientists and security specialists -- will release the paper, which concludes there is no viable technical solution that would allow the American and British governments to gain 'exceptional access' to encrypted communications without putting the world's most confidential data and critical infrastructure in danger."

Their argument is simple: there is no such thing as a secure backdoor. If there's a way in that allows the feds to access data at will (even with a warrant or court-order), hackers will inevitably find it and use it for their own gain.

From Business Insider, widely-respected security expert Bruce Schneier explained why there "really is no way" to keep users' data safe while providing backdoors. He said:

"I have two options. I can design a secure system that has no backdoor access, meaning neither criminals nor foreign intelligence agencies nor domestic police can get at the data. Or I can design a system that has backdoor access, meaning they all can."

And that should be the end of it. If the brightest minds in the world cannot come up with something the FBI wants in its wildest dreams, someone has to back down. You can't just push ahead with something if it's not technically feasible.

But that's not stopping FBI director James Comey, who on Wednesday made his case -- for the millionth time -- that encryption will prevent his agency (and others) from finding the bad guys.

In a brief (yet still rambling) opinion piece for Lawfare, the FBI director aimed for "healthy discussion" but failed to retain his point once he promised he was "not a maniac (or so at least [his] family says so" -- which, by the way, is exactly what a maniac would say.

Comey wrote:

"In universal strong encryption, I see something that is with us already and growing every day that will inexorably affect my ability to do that job. It may be that, as a people, we decide the benefits here outweigh the costs and that there is no sensible, technically feasible way to optimize privacy and safety in this particular context, or that public safety folks will be able to do their job well enough in the world of universal strong encryption."

At least he managed to avoid using the word "backdoor" in his piece. He redeemed himself when, in Wednesday's testimony, Comey said that the FBI was "not seeking a backdoor." (For those not watching C-SPAN, he then proceeded to describe a backdoor.)

At one point during his testimony, the FBI director specifically said, dodging the question by Sen John Cornyn (R-TX), that he doesn't want to "scare people by saying I'm certain people will die."

He, and others, are blind to the fact that undermining encryption by installing backdoors won't prevent crime. In a tweet, security expert and researcher Matt Blaze, one of the cryptographers who also signed the aforementioned letter, said: "'Crypto causes crime' deserves no more consideration than 'vaccinations cause disease'."

The debate on encryption that Comey wanted has come and gone -- and he lost. He failed at the first hurdle. It's time to let it go.

Editorial standards