Recently, a California court requested Apple hack into an iPhone seized from one of the terrorists in the San Bernardino shooting. The FBI claimed that encrypted documents make it difficult to track terrorists. To that end, the government wants their own special backdoor access around encryption to combat illegal activity.
Apple, for their part, didn’t want to contribute. They said that such an action would threaten the security of their customers. It is pretty well understood by just about every computer user that actively working to decrypt files would be bad for security.
Even though Intelligence Director Clapper’s motives appear pure in the San Bernardino incident, he also has a pretty careless opinion on the nature of cyber security. Last year, he testified to Congress that there should be harsher penalties for hackers, rather than the obvious and more tenable goal of strengthening government computer security.
Legal action won’t do much to combat hackers. The only way to protect from cyber attacks is to lock data and systems as securely as possible.
When it comes to protecting government data, Clapper talks tough. However, when Clapper wants access to others data, he expects a spare key. The contradiction needs to be pointed out because lack of a clear means for protection is a gaping hole for security efforts in general. Simply put, Clapper would have nothing to worry about if the government was smarter with their own data.
People that don’t understand encryption may agree with the government intervention. Encryption is designed for people to hide. It involves the encoding of files, folders, drives or networks with passcodes that only the creator or the recipient can access. This has become an increasingly common feature the last few years and it obviously is creating some headaches for the government. So, on a surface level, it is easy to support the greater good and make this one exception.
However, that would be a slippery slope.
Encrypting files is easy and, if you don’t know how, here’s a simple introduction on how to encrypt most commonly used tools. Decrypting files, however, doesn’t have a simple how-to method. It takes a sophisticated hack to break into files. A hardware or software manufacturer, such as Apple, could presumably create a program to break through the security networks of their own devices. Apple has not invented such technology and it would not seem to be in their best interest to do so.
There is danger letting the rabbit out of the hat. Creating a program to unlock the one specific iPhone in question sets the template for unlocking other iPhones. In other words, for the sake of breaking into one iPhone, all iPhones are suddenly vulnerable to intrusion. Moreover, setting a precedent that one situation calls for decrypting sensitive information enables a culture in which others find reasons to decrypt information and the system weakens.
Despite Clapper’s naiveté, the need to keep networks secure is also common government knowledge. A few former top-ranking government officials released a statement that fears over encryption are overblown. It was pointed out that the fears of the last quarter century have proven unfounded and they directly stated, “We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.”
Even for the national security purpose of combatting terrorism, if the government is able to get into terrorist’s documents, that also means that terrorists can get into government’s documents. This is a two way street. The government would be quite naive to try to open this Pandora’s box.
Of course, encryption by itself means little. There are a multitude of checks and double checks that an individual or organization needs to follow through with to keep safe. Mostly, these are housekeeping issues like not leaving passwords openly accessible, or frivolously downloading chincy apps or email phishing scams. These little things require a concerted effort to keep in line. Trying to keep up with sophisticated threats is not something that should have to be a worry. Locking the safe door should make people feel safe, not vulnerable.
Even with a reputable source and a good reason, blind trust is never a good idea. The government is no exception. If they’re not willing to trust people, they probably also shouldn’t be trusted. The NSA has been dealing with headaches for a few years since Edward Snowden exposed them, but even Snowden will be the first to admit that without the ability for encryption any lazy web surfer could do damage so severe.
The cost of data breaches are enormous and would sink most enterprises. Cyber security is a serious matter and corners should not be cut. Not even the FBI should be granted special powers for hacking. The price we pay for not knowing what the next terrorist is up to, we reap in not letting a terrorist infiltrate our own systems. On the whole, it should be understood that encryption creates security. Decryption creates vulnerabilities.