- The Washington Times - Monday, September 21, 2015

Fallout from recent hacks have given the tech industry good reason to believe Americans want assurance their data is secure. But absent a solution to the government’s “going dark” dilemma, federal attorneys say Silicon Valley engineers might have to meet them halfway when it comes to encryption.

Kiran Raj, the senior counsel to the Justice Department’s deputy attorney general, said Monday that investigators are facing a “growing problem” brought on by the development and dissemination of tools that let users encrypt their digital activity.

“There are billions of messages a day that get transmitted that are effectively warrant proof. There’s millions and millions of devices out there that come out of the box effectively warrant proof,” Mr. Raj said during a discussion on the campus of Georgetown Law in Washington, D.C. “Even if we have a warrant, it’s a brick to us.”

Law enforcement and intelligence officials have warned for years that criminal investigations are becoming harder to solve as communications become uncrackable and culprits “go dark,” so to speak. When Apple announced last year that it would largely encrypt data by default across its platform of mobile devices, FBI Director James Comey condemned the decision as enabling terrorists and kidnappers.

But in the wake of incidents that have impacted individuals ranging from government contractors affected in the OPM breach, to husbands implicated in the Ashley Madison hack, offering as much security as imaginable is quickly becoming much more than a niche selling point.

Nevertheless, Mr. Raj and a co-panelist at Monday’s event — Robert Litt, the general counsel to the Office of the Director of National Intelligence — said that the companies need to go back to the drawing board in order to figure out a way to give the government access to otherwise encrypted data for the sake of national security.

Computer scientists have argued since these debates first emerged in the early 1990s that implementing a way to give governments “backdoor” access to otherwise decipherable data would inevitably be exploited and require a complete overhaul of the technologies involved.

“We know how to build the least bad backdoor. We know how to build one of these things in a way that minimizes the possible security and privacy problems. That said, the least bad is still really, really, really bad,” said Jonathan Mayer, a junior affiliate scholar at Stanford Law’s Center for Internet and Society.

Despite two decades of discussion, however, Mr. Litt said computer scientists should go back to the drawing board and find a way that would enable data to be encrypted, but deciphered upon demand of a court.

“I don’t think we’re talking about backdoors at all. We’re talking about front doors. We’re talking about things that are done when there’s lawful authority in a relatively transparent manner,” Mr. Litt said.

“There’s not going to be an 100 percent solution; but the fact that there’s not an 100 percent solution doesn’t mean that we shouldn’t try to get a solution that provides as much as we can,” Mr. Litt said. “We don’t know that it can’t be done until people actually try to do it.”

The U.S. government believes the personally identifiable information of 21.5 million federal employees and contractors was compromised when hackers breached the Office of Personnel Management earlier this year. Separately, lawsuits have been filed across North America by former customers of dating website Ashley Madison who say the company failed to properly protect their account information, transaction records and communications from hackers who leaked the details of 46 million users this summer.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide