WONG: Mandate encryption for all devices

Strong, mandatory encryption is more important than ever

The most publicized battle over encryption began in early 2016, when the U.S. Department of Justice sought to force Apple to create a “backdoor” (i.e. security vulnerability) in its product after it was unable to access the iPhone of San Bernardino shooter Syed Farook. Apple refused to do so in a rare public letter, claiming, “Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case… we fear this demand would undermine the very freedoms and liberty our government is meant to protect.” The court case ended abruptly after the DOJ claimed to have found a third party capable of unlocking the device; however, this incident highlights the need — moreso more than ever — for the support of encryption.

Encryption is, in essence, “the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.” As a result, encryption is used to protect nearly every aspect of modern society, including Internet users, confidential documents and files, credit cards and ATM transactions and phone calls. Indeed, failing to encrypt devices oftentimes leads to disaster — on Nov. 15, 2016, a purported “backdoor” was found to have been inserted in Android devices by Shanghai Adups Technology Company, which allowed Adups to transmit the text messages, contact lists, call logs, IP addresses and other data of at least 120,000 phone users to a Chinese server. Although Adups denied any malicious intent behind its actions, stating it “was just there to provide functionality that the phone distributor asked for,” U.S. authorities stated that “it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.”

Richard Clarke, former national security official, has noted the dangerous ramifications if the federal government was able to undermine encryption efforts in the United States. According to Clarke, “this is a case where the federal government, using a 1789 law, is trying to compel speech. And courts have ruled in the past, appropriately, that the government cannot compel speech…. They want the precedent that the government can compel a computer device manufacturer to allow the government in.” In addition, former NSA inspector general Joel Brenner has noted: “the likelihood that others will gain access is quite high” if a company creates a security vulnerability in its own product.

Some may argue that the creation of a “backdoor” system would facilitate communication between the federal government and the private sector in the event of a terror attack. The FBI, for example, argues “When changes in technology hinder law enforcement’s ability to exercise investigative tools and follow critical leads, we may not be able to identify and stop terrorists who are using social media to recruit, plan and execute an attack in our country…. Of course, encryption is not the only technology terrorists and criminals use to further their ends.” The FBI, however, can only blame itself for its inability to bypass these security measures. Covering the Apple case, The Washington Post reported the FBI unlocked the San Bernardino shooters’ phones “with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw…. They were paid a one-time flat fee for the solution.” It is not the responsibility of the private sector to account for the FBI’s failures; weakening encryption so that the FBI has “easier access” to devices would carry grave effects for American privacy and safety.

In today’s ever-connected society, the need for strong, mandatory encryption for all devices is more important than ever. Current events have shown us the dangers which an unencrypted society faces — from losses of personal information to leaking critical vulnerabilities in our nation’s infrastructure. If the federal government wants to ensure a greater degree of safety (and privacy) for its civilians, it should reverse its stance on encryption and learn to embrace it as a valuable security tool.

William Wong is an Opinion columnist for The Cavalier Daily. He can be reached at w.wong@cavalierdaily.com.

related stories