Monday, December 26, 2016

USA encryption working group report. Will encryption and privacy become obsolete?



On February 16, 2016, a federal magistrate judge in the U.S. District Court for the Central District of California issued an order requiring Apple, Inc. to assist the Federal Bureau of Investigation (FBI) in obtaining encrypted data off of an iPhone related to a 2015 shooting in San Bernardino, California. Apple resisted the order. This particular case was resolved when the FBI pursued a different method to access the data stored on the device. But the case, and the heated rhetoric exchanged by parties on all sides, reignited a decades-old debate about government access to encrypted data.


The law enforcement community often refers to their challenge in this context as “going dark.” In essence, “going dark” refers to advancements in technology that leave law enforcement and the national security community unable to obtain certain forms of evidence. In recent years, it has become synonymous with the growing use of strong default encryption available to consumers that makes it increasingly difficult for law enforcement agencies to access both real-time communications and stored information. The FBI has been a leading critic of this trend, arguing that law enforcement may no longer be able “to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.” As a result, the law enforcement community has historically advocated for legislation to “ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to keep America safe.”

Technology companies, civil society advocates, a number of federal agencies, and some members of the academic community argue that encryption protects hundreds of millions of people against theft, fraud, and other criminal acts. Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system that gives law enforcement exceptional access to encrypted data without also compromising security against hackers, industrial spies, and other malicious actors. Further, requiring exceptional access to encrypted data would, by definition, prohibit some encryption design best practices, such as “forward secrecy,” from being implemented.

These two outlooks are not mutually exclusive. The widespread adoption of encryption poses a real challenge to the law enforcement community and strong encryption is essential to both individual privacy and national security. A narrative that sets government agencies against private industry, or security interests against individual privacy, does not accurately reflect the complexity of the issue.

full report here:  Encryption Working Group Report -- 24.12.2016

No comments:

Post a Comment