Too secure? Encryption and law enforcement

By Mark Lanterman

The U.S. government is reviving a push to force technology companies to undermine their own security by creating backdoors for the sake of easier law enforcement access. This past July, Attorney General William Barr revived the anti-encryption fight that most of us have probably already heard during a speech at the International Conference on Cyber Security at Fordham University. The main idea, as set forth by Barr, is the primary argument that’s been put forth previously: “While encryption protects against cyberattacks, deploying it in warrant-proof form jeopardizes public safety more generally. The net effect is to reduce the overall security of society.” Since criminals often use encryption to hide their activities from law enforcement, in other words, law enforcement should be granted a backdoor into the safeguards that keep the average user optimally secure from cybercrime. 

Just as in response to the San Bernardino terrorist shooting, in which Apple’s security was targeted in order to gain access to a suspect’s phone, tech companies are having to defend their pursuit of optimal security. One of these methods is an increasing use of encryption for consumers who want the best in data protection. Though Barr insists that law enforcement access must be made possible by weakening encryption, security experts agree that any purposefully created security vulnerability is a vulnerability that anyone may be able to exploit. No matter how skillfully implemented, it would remain entirely possible—if not likely—that it would only be a matter of time until unauthorized individuals or entities take advantage.

Encryption provides a valuable layer of security within organizations and for individual users by making data unreadable unless accessed with the correct key. Organizations rely on encryption to best protect client data. Without encryption, confidential data would be more readily available to cybercriminals.

Broad implications

More personally, the implications of weakened encryption for the average user are far-reaching. For the sake of making criminal investigations allegedly easier for law enforcement to conduct, each and every individual who uses encryption to better secure their data would be more at risk of compromise. Easier law enforcement access would create easier access for all, including foreign governments.

The law enforcement community has needed to adjust to the ever-changing and expanding network of challenges posed by technology. The smartphones most people carry in their pockets contain huge amounts of information pertaining to our daily lives, not to mention the stores of information contained on our other devices. These devices are huge potential sources of evidence for law enforcement, and it is absolutely true that immense hurdles often need to be overcome in order to access them effectively, if at all. It is also often true that critical information pertaining to a case may only be gathered through accessing a device. 

Drawing the line

But weakening everyone’s security cannot be an antidote for stymied criminal investigations. Technology companies are yet again being placed in a position where they have to defend the security of their devices—albeit, in this case, for being too secure. The burden must ultimately be placed on law enforcement to get creative when it comes to accessing digital devices. The way the majority of people bank, access health information, pay bills, and store their personal information cannot be purposefully compromised. Dangerous repercussions would result from forcing large organizations to use weakened encryption (or none at all). It is in everyone’s best interest that the data stored on our devices be kept as secure as possible. 

Barr believes that “making our virtual world more secure should not come at the expense of making us more vulnerable in the real world.” What he fails to realize is that without digital security, we cannot have “real world” security. Our digital spaces are entirely intertwined with our real world. Technology certainly can be used for malicious or terroristic purposes. That is, unfortunately, a reality of our society that cannot be denied. But strengthening cybersecurity is going to assist the vast majority in protecting themselves against crime while continuing to take advantage of the vast array of benefits that technology offers.

MARK LANTERMAN is CTO of Computer Forensic Services. A former member of the U.S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security/forensic experience and has testified in over 2,000 matters. He is a member of the MN Lawyers Professional Responsibility Board.