Last month during a National Security Council meeting, White House officials discussed whether to seek legislation that would prohibit tech companies from utilizing so-called “end-to-end” encryption that is largely unbreakable by law enforcement. Officials from several key agencies reportedly discussed how encryption in popular messaging apps – including WhatsApp, iMessage, Signal, and Wickr amongst others – are sent over IP (Internet Protocol). As a result, they are not tied directly to the provider of the network or handset.
Moreover, tech firms including Apple, Facebook, and Google have built end-to-end encryption into their respective devices and software. The encryption means that only the sender and recipient of a message can get it, and this has been seen as a positive for privacy and security advocates.
Government Agencies are divided on End-to-end encryption
However, this is can be a frustrating feature for law enforcement during investigations – notably of suspected terrorists and drug traffickers – but also in cases involving child pornography and theft of intellectual property. This level of encryption makes it almost impossible for law enforcement to crack it, and the government said this essentially allows those using to be seen as “going dark.”
According to reports from Politico, which first reported on the National Security Council meeting, even the various government agencies are mixed on what this encryption means – and more importantly on how the government should address it.
The Department of Justice (DoJ) and FBI took the hard-line approach that catching criminals and stopping potential terrorist attacks should be a top priority, even if that means that less effective encryption would result in an increase in hacking risks. Immigration and Customs Enforcement and the Secret Service each noted that encryption can be a roadblock during investigations.
The Commerce and State Departments disagreed and pointed to the economic, security, and diplomatic consequences of installing so-called encryption “backdoors.” Politico noted that the Department of Homeland Security (DHS) was more divided on the issue, and the Cybersecurity and Infrastructure Security Agency (CISA) saw an importance of encryption for sensitive data, especially those involving critical infrastructure operations.
Tech Experts Weigh In on end-to-end encryption
Various tech experts see the complexities of the issue, but most agree that banning end-to-end encryption won’t solve all the problems.
“The encryption debate resurfaces frequently because it frustrates law enforcement, but banning encryption or opening back doors simply won’t work and can potentially undermine overall internet security,” Willy Leichter, vice president of software-based security firm Virsec, explained in an email to ClearanceJobs.
“Encryption is simply advanced mathematics, and banning math is like banning an idea – it won’t just go away,” added Leichter. “Practically unbreakable encryption algorithms are widely available – if a US-based service can’t provide end-to-end encryption, then dozens more will pop up outside the country that are equally effective. And if one government requires ‘secret’ backdoors, then many others will follow, and the encryption needed for privacy and day-to-day business will no longer be effective.”
What about Government contracts that require encryption?
There is also the issue of how this ban could affect government contracts that may even call for this encryption.
“If a rule is passed by any governing body which regulates a portion of a government contract, then we would expect that all products used to fulfill the contract, and all services used to fulfill the contract, would be subject to these regulations,” explained Dan Tuchler, CMO of cybersecurity firm SecurityFirst.
“This means that they would have to provide a way to break the encrypted channel, either by providing a back door or otherwise loosening the security of the channel,” Tuchler told ClearanceJobs. “Meanwhile, our adversaries could use any cryptographic methods available in the public domain to create unbreakable channels. This would put us in the unfortunate position that our own communications could be exposed while our adversary’s would be impenetrable.”
Tuchler added that often there is a fine line between positions on an issue. “On this one there is no grey area,” he suggested. “An authoritarian government will always seek to exert control by monitoring its citizens, using the reasoning that safety of citizens is more important than any erosion of their rights. We don’t like it when suspected terrorists have the ability to communicate on encrypted channels, but we need to catch them a different way, so that we can protect one of our most important fundamental rights. So yes, phone vendors will need to improve their ability to protect our private data, using stronger encryption.”
Any ban could also impact the American tech industry in other ways.
“Banning end-to-end encryption will have one real effect – it will undermine the competitive of U.S. tech firms,” warned Leichter, “And weaken security for businesses and consumer when it is more important than ever.”