By Michael D. Weisberg
Few information technology issues are so contentious or divisive as the access by law enforcement to cryptographic keys. The FBI asserts that its inability to access encrypted cellphones during investigations leaves the United States less safe. A recent article in The Washington Post, however, shows that 72 percent of digital security experts surveyed by The Cybersecurity 202 disagree with the FBI. Here is some historical perspective on the debate.
- Since the 1950s, government agencies — particularly the Justice Department and the intelligence agencies — have requested back doors to encrypted information. This even rose to the extent of cryptographic technology being deemed “munitions” and restricted against export from the United States. The democratization of the internet made these restrictions impossible to enforce. Since that time, multiple attempts have been made to gain access to encrypted data.
- In the 1990s, the NSA proposed the “Clipper Chip,” a device that would permit strong encryption but had a cached key held by the government. The government’s goal was to make this the only allowed form of strong encryption by the American public. It was defeated by political indifference and the easy access to strong encryption internationally. The clipper program was terminated in 1996.
- In 2013, Edward Snowden revealed the NSA’s continued attempts to subvert encryption by weakening the pseudo-random number generators used to produce cryptographic keys.
- In 2014, the FBI reported that the internet was “going dark” and that they needed more back doors to the cryptography that was in use “for national security reasons.”
This is an ongoing battle between government interests and civilian rights. Companies have long contended that the use of weakened cryptography damages our ability to sell U.S. products in the international market. Civil libertarians carry on the fight against weakened encryption on the basis of personal privacy.
I would not expect this controversy to either go away or be resolved in the decades to come.
Michael D. Weisberg, CISSP, is Vice President, Information Security and Assurance Services, at Garnet River.