The FBI Director has once again called for encryption backdoors to be created in mobile devices so that authorities can exclusively use them to access data stored on citizens’ devices.
Christopher Wray says encryption has weakened the FBI’s ability to deal with cases involving terrorism, child exploitation, organised crime and trafficking.
While addressing a gathering at the International Conference on Cyber Security in New York, Wray said that mobile phone companies must create encryption backdoors that only authorities will be able to exploit, thereby ensuring that such backdoors will stay out of reach of cyber criminals and enemy states.
We wish Wray could sincerely believe what he was saying, for technology doesn’t understand good or bad. It simply is what it is. If there’s a hack available for authorities, there’s a hack available for everyone else.
In the past year, security researchers and technology companies in the UK have been fighting the government’s desire to create encryption backdoors for the sake of national security. A number of MPs have vented their frustration at firms for not succumbing to their demands, despite accepting the fact that any encryption backdoors could be exploited by malicious hackers.
Last week, Minister of State for Security Ben Wallace went so far as to say that the government would tax social media firms harder in the future if they continue to deny it access to encrypted communication.
The story is no different across the pond. You may recall how Apple engaged in a long-drawn battle with the FBI a few years ago after the latter asked it to create a backdoor to an alleged terrorist’s iPhone. The FBI had to pay a third party firm to ultimately hack into the iPhone, but the feud left a bitter taste in the mouths of technology firms and citizens alike.
It was believed back then that the FBI would use the ruse of national security to hack into every device which it confiscated from alleged criminals, traffickers and those who indulged in sexual exploitation. In his speech, Wray confirmed those fears after he admitted that the FBI was unable to unlock or decrypt over 7,700 mobile phones that it had seized from alleged criminals.
‘Being unable to access those devices is a major public safety issue and impacts our investigations across the board. This problem will require a thoughtful and sensible approach. We have people devoted to working with stakeholders to find a way forward. We need the private sector’s help,’ he said.
He bemoaned that despite deploying cyber task forces and national cyber action teams at every FBI field office, the agency couldn’t perform its tasks effectively as it couldn’t bypass encryption protocols in mobile phones or decrypt them.
What Wray needs to understand is that end-to-end encryption in mobile phones and messaging apps like iMessage, WhatsApp and Telegram ensure that messages sent and received by users are so well scrambled that the services themselves cannot access or read them. In such a case, it is impossible for them to share details with enforcement agencies that they themselves cannot access.
The information that WhatsApp can, and does, provide to authorities includes the name of an account, the date it was created, the last time it was accessed, the IP address of the device which was used to access it and the associated email address.
A number of technology companies and security experts have argued that end-to-end encryption protects the privacy of the public at large. Any backdoor created to enable authorities to access encrypted communications could also be exploited by hackers to obtain more sensitive information about users.
At the same time, such backdoors could be used by despotic governments to target journalists, human rights activists, defectors, and dissenters, thereby putting their very lives at great risk.
Talking about why rash measures on part of the government, like weakening encryption, could undermine the cyber security of a nation as a whole, Jonathan Evans, an ex MI5 chief who retired in 2013, said that while the use of encryption has hampered the ability of security agencies to access communications between terrorists, banning encryption altogether would also impact the cybersecurity of the society as a whole.
‘I’m not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cybersecurity more broadly. While understandably there is a very acute concern about counter-terrorism, it is not the only threat that we face. The way in which cyberspace is being used by criminals and by governments is a potential threat to the UK’s interests more widely,’ he said.
‘It’s very important that we should be seen and be a country in which people can operate securely – that’s important for our commercial interests as well as our security interests, so encryption in that context is very positive,’ he added.