Encrypt All The Things

I am a security guy, and my profession is to protect the good guys – all of you – from the bad guys. Although the world is not full of bad guys, there are a lot of them, and the funny thing about information security is that the most poorly-skilled bad guy out there only has to wait for one smart person to “hack” something, and then everybody can do it regardless of skill level. That’s why, as Bruce Schneier says, “Attacks always get better, they never get worse”. It is for this reason that I am firmly on the side of Apple, because no matter who comes up with the attack, be it the FBI for ostensibly good reasons, or a hacker for all the wrong reasons, those attacks quickly spread to everybody, and put everybody at risk.

I’ll first start off by saying that I am by no means a Crypto-Anarchist. Law enforcement has a huge role in protecting people from cyber crime, and they have the legal right to data that is nominally accessible to them, provided that a proper warrant has been issued and due process is followed. Dropping out of law school was the best decision ever for me, so I definitely can’t talk to all of the legal particulars about when the government can ask for certain things, but I absolutely believe that the right for the government to ask for data exists. I don’t think Apple is in the right here because the FBI is prima facie wrong to ask, or doesn’t have the legal authority.

It’s also been argued that the FBI’s request to decrypt Syed Farook’s phone, because it is an older model (the iPhone 5C), can be fulfilled without giving carte blanche to the government to decrypt all current and future iPhones; see here for one argument. Although I can certainly understand this argument at a simple level, I am certainly no expert in iPhone security to be able to determine if this is the case; at the very least, injecting new firmware to bypass programmed security controls is not undertaken lightly. Nor do I know the legality of the request (did I mention I’m not a lawyer)…the differences between physical keys and passwords can be very interesting in terms of what the case law says. But ultimately, even that is not the point.

Eventually, Apple will likely create an iPhone that even they can’t access, even with firmware updates: they have already admitted as much. So in the near future, the question of whether a company is capable of “hacking” or gaining unintended access to data will likely be a moot point. This is, in my person opinion, an entirely Good Thing. Moreover, any attempts to weaken this through “compromises” à la the Clipper Chip should be avoided.

I say this not because I purposefully want to make law enforcement’s job harder, but because of the reverse. When you get right down to it, there are far more innocent victims of theft than cold, calculated criminals who are using crypto to evade the law. Apple says that the FBI has requested access to a dozen iPhones of criminals or victims. I’m sure that a dozen iPhones are pickpocketed across this country every hour. To the extent that we can guarantee that those stolen iPhones can’t be accessed by anyone, so much the better. Because again, once an access exists, it exists.

People throw around the term “backdoor” for giving access to the government in cases like these, but it’s a term that is a misnomer. Ultimately, cryptography is math. It’s math like discrete logarithms or elliptic curves and by design, it is meant to be very, very hard to understand and compromise. To create a “backdoor” to give certain people access to data, you necessarily have to weaken the math, and there is no way you can weaken the math just for the good guys and not the bad guys. Math is math. Once you weaken the math, you will ultimately give everybody the opportunity to compromise the cryptography and access the data, whether it be for good reasons like a criminal investigation, or bad reasons like a kid stealing your credit card.

Cryptography underpins today’s economy, and its importance can’t be overstated. Every site you go to with https:// in front and the little lock symbol relies on cryptography. Just about every transaction you undertake with a credit card, even physically in a store, relies on cryptography to transmit the data securely. The world we now live in can’t exist without secure cryptography. More than that, as I said before, there are far, far more good guys out there than bad guys. Everything we can do to prevent innocent people from becoming victims of identity theft or stolen credit cards is a good thing, and that means, necessarily, that some bad guys can also use the same technology to protect their illicit activities. Just like bank robbers use cars to escape; few people think we should give the police remote access to all vehicles so we can stop bank robbers, though. It’s the same with cryptography: strong crypto may help the bad guys, but it helps the good guys orders of magnitude more.

There’s a lot of talk from law enforcement about “Going Dark”, but I think it has been vastly exaggerated. While data may be encrypted, metadata – the where, the who, the when – often isn’t encrypted and it accessible to law enforcement. The fact that person A talked to known terrorist B is often far more valuable than the content of the conversation, and the metadata about that conversation is usually much more accessible to law enforcement. Not to mention the fact that people still move around physically, talk to other people in real life, and otherwise leave traces that are not encrypted and can be hunted down with investigative work. It may not be as easy as getting access to all of a person’s text messages or a phone book, but that’s how law enforcement worked before technology anyway. Encryption will not suddenly allow bad guys to disappear from the world.

Moreover, cryptography is hard. Plenty of attempts at implementing crypto are done poorly, and in those cases, if the government can easily break it, they can go right ahead! At the same time, I firmly support companies that seek to build cryptography correctly in an unbreakable manner to protect the activities of everybody, be it buying something online, or organizing a resistance movement against an oppressive government. We will, as a whole, be better off with strong crypto.

There hasn’t been a single disruptive technology in history that hasn’t been used by bad guys for nefarious purposes. In the end, though, the positive benefits of these disruptions greatly outweigh the negative. So it will be with cryptography, but only if we make sure that we don’t deliberately weaken it to the detriment of all of the legitimate, positive uses of this technology.

Comments are closed.