The Myth Of A Secure Back Door For Encryption

the Fourth Amendment to the Constitution, which states that “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated.” Isn’t that the point of encryption?

The second issue is whether a golden key would, in fact, help the FBI and other law enforcement agencies be more effective. The FBI’s Comey, for example, has focused on the fatal shooting of a man in Illinois in June, and suggested that police would have been able to track down the shooter but for encryption built into both of the victim’s two phones. He failed to mention that one of the phones – a Samsung Galaxy S6 – isn’t encrypted by default.

A related point is the oft-cited fact that the Manhattan district attorney’s office encountered locked iPhones on 74 occasions over a nine-month period. Bear in mind that the DA’s office handles about 100,000 cases in the course of a year, and then do the math. You’ll see that officials encountered encryption in less than 0.1 percent of cases. Also, the DA has never explained how even one of these 74 encrypted iPhones blocked a successful prosecution.

The golden key issue has put Silicon Valley at ground zero in a tug of war. Apple, Microsoft, Google, and other technology companies have been encrypting more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers. Law enforcement and intelligence agency leaders counter that such efforts thwart their ability to monitor terrorists and criminals, but Silicon Valley is standing firm.

I’m hardly the only technology industry observer who argues that development of a golden key is fruitless. A few months ago, The New York Times reported that the Massachusetts Institute of Technology published a paper by leading technologists arguing that such a key is technically impractical and would expose consumers and businesses to a greater risk of data breaches. “(An encryption golden key) is unworkable in practice, raises enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm,” wrote the report’s 15 authors, who included Whitfield Diffie, one of the inventors of modern encryption.

Globally, companies are now spending more than $76 billion annually to protect themselves, and often their customers, from cyber attacks. We need to deploy the most effective techniques and technologies available to protect our sensitive information and the foundations of our digital economy—including encryption.

Our law enforcement and intelligence communities are tasked with a vitally important and very difficult job, no doubt made more difficult by advances in technology. This has been the case for decades and will continue to be the challenge going forward. That said, lowering the standards of protection for data and communications cannot, and will not, be the answer. Rather, here too we need to focus on new innovative approaches to identifying the bad actors that represent a threat to our society. Innovation is the answer. Compromising our defenses is not.

[Editor’s note: To tap the wisdom of our distinguished group of Xconomists, we asked a few of them to answer a question heading into 2016: “What is the most pressing issue for the innovation community?” You can see other questions and answers here.]

 

Author: Robert R. Ackerman

Robert R. Ackerman Jr. is the founder and managing director of AllegisCyber, an early stage venture capital firm specializing in cybersecurity, and a co-founder and executive at DataTribe, a cybersecurity startup studio in metropolitan Washington D.C.