Not long after British Prime Minister David Cameron did the same, President Obama said Friday that he opposes encryption methods that are inaccessible to law enforcement. Rather naively, he advocated that the technology should still exist, but with methods of access for approved entities like police and preferred spy agencies. This is his first clear issue stance on the matter, though it is not necessarily out of step with his previous actions and statements.
Of course, cybersecurity experts collectively groaned at the President's suggestion of strong encryption that is only accessible to authorities. Taking for granted that law enforcement can be trusted - and, of course, Edward Snowden and countless others have shown us it cannot - there are a host of problems. The basic one is this: if someone other than the person doing the encryption can decrypt the information, then lots of people can do it too.
In 2005, hundreds of Greek government officials had their calls intercepted over the period of many months. How? At the behest of Vodafone, Ericsson had built a backdoor into their devices. While it wasn't enabled in Greece, hackers were able to exploit this vulnerability that was designed solely for law enforcement purposes. In 2010, Chinese hackers gained access to numerous Gmail accounts by using a backdoor built to comply with American law enforcement orders. Still-unknown entities are using a method of cell interception in Washington D.C. that is meant to only be used by the FBI.
Maybe you should think about encrypting your Android device while it's still legal.
There are a host of logistical problems as well. Most notable is that the best encryption software is open source and widely available. You can ban it, but everyone will still have it. The best they could do for this is to make it illegal to have uncrackable crypto, which sounds disturbing indeed.
Of course, it won't stop the people they are most worried about; for instance, Obama trotted out the terror boogeyman, saying, “If we find evidence of a terrorist plot…and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem.” Do we think these people won't take advantage of the abundant resources for strong encryption? Even more pertinent is whether an American ban on crypto would affect terrorists cells largely operating overseas.
Security expert Bruce Schneier has previously argued that there is yet another negative effect of undermining encryption: enabling totalitarian regimes easier control over their people. The United States, in particular, exports a great deal of technology both directly and by being imitated overseas. If our "best" protocols always have built-in vulnerabilities, the bad actors will find ways to use them. This is even truer when the bad actors have the keys.
Given the current political climate, this is likely too sticky of an issue for Obama's stance to materialize into policy. Few people use encryption on this level and the threat posed by newly-implemented cell phone encryption is overstated, given how much information on phones is stored on cloud services.
However, Republicans have traditionally been more gung ho than Democrats on security matters, so it may not be so difficult for new laws to come to fruition. The fourth amendment has often been a recourse through the courts, so groups like the ACLU and EFF will likely challenge any such policy if it does indeed come to pass. No laws on this topic specifically are in the works, though.
Source: Wall Street Journal