The election of Donald Trump has alarmed privacy advocates who worry that the self-described “law-and-order” president will take a more heavy-handed approach towards issues of security and privacy. Of particular concern are fears that there will be attempts to weaken or otherwise disable the encryption that is widely used to protect sensitive data and maintain user privacy.
Based on the proposed cabinet-level nominees put forth by Trump, these fears may be well-founded.
The nominee for the Director of the CIA, Mike Pompeo, is on record as saying that the use of strong encryption is a “red flag” of nefarious activity. The nominee for the US Attorney General, Senator Jeff Sessions, has also been very hawkish when it comes to forcing companies to comply with law enforcement surveillance efforts. Trump himself went so far as to call for a boycott of Apple for its stance on encryption as it pledged to fight a court’s ruling to help the FBI unlock the iPhone used by the shooter in the San Bernardino terror attack.
In fact, in response to the Apple — FBI spat that occurred earlier this year, Sens. Diane Feinstein (D-Calif.) and Richard Burr (R-NC) introduced legislation called the “Compliance with Court Orders Act of 2016” which would have forced tech companies to bypass their own encryption when given a court order to do so. Will we now see the reintroduction of the Feinstein/Burr encryption backdoor bill — this time with White House support?
In light of this uncertainty, companies would be well advised to ask themselves what they can do to better prepare (or protect) themselves from possible encryption backdoor mandates. Just as importantly, can the set of actions taken also provide other tangible benefits to companies and/or their customers?
Limiting the Collection of Raw Data
For starters, the easiest and most straightforward thing to do would be to find ways to limit the raw amount of data being collected. This is important since it is very likely that any encryption backdoor mandate will be predicated by policies that will try to compel commercial enterprises to collect, store, maintain, and/or disclose information about their users.
Moving towards a model that limits the bulk collection of data provides two very important benefits to companies. First, there will be a reduced set of information that may be subject to any encryption backdoor policy that may get implemented by a new Trump administration. This would have the effect of at least minimizing the impact of any potential mandate.
Second, and perhaps more importantly, minimizing the bulk collection of data can also help a company mitigate the effects of a hack or data breach. For all the talk about safeguarding data, we have seen that it is virtually impossible to stop a determined hacker, nation-state, or organized crime syndicate from hacking data. In just the past year alone, major commercial entities like Yahoo, Verizon, and ADP have all been hacked not to mention governmental agencies like the Department of Homeland Security, the IRS, and even the NSA itself. In other words, it’s not a question of if a company will be hacked, it’s simply a question of when. In this environment, it would be wise to limit the data “footprint” stored within a company to only that information that is truly necessary.
Another solution that companies can do to prepare themselves would be to implement an advanced encryption methodology that minimizes or eliminates the need to store encryption keys. At its most basic level, encryption is comprised of a set of mathematical functions that are impervious to brute force attacks. Because encryption is built on a mathematics-based foundation, the mandate for a backdoor would likely not take the form of trying to insert a weakness into the mathematical underpinnings of encryption. This approach would simply enable criminals to identify and exploit these inherent weaknesses and leave the public’s data exposed.
Policies and Limitations
More likely to occur will be policies that would attempt to compel companies to store and disclose under court order the encryption keys that are used to encrypt and decrypt data.
To combat this possibility, companies could move to a more advanced encryption model that takes advantage of ephemeral (one-time use) keys to protect the data being sent to and from different parties. This Snapchat-like encryption model would not only obviate the need to store keys, it would also have the added benefit of increasing the overall security profile of an organization.
However, even with the use of ephemeral keys, there will still be situations where more permanent keys will be necessary. For example, a data-at-rest environment where information is maintained for longer periods of time will correspondingly require a more sophisticated key management infrastructure to help manage the static keys necessary to unlock the stored data.
In these situations, companies could move to a model whereby the keys that are used to unlock this stored data be uniquely tied to an individual using biometrics or other similar techniques. In this model, because only the user has the key, the company has no ability to access this data themselves and thus cannot be subject to a court order.
Importantly, this approach will also provide an immediate security benefit to the company as well, since it provides another layer of protection against hackers who may attempt to steal either the stored data (which will be encrypted) and/or the keys (which won’t be complete without the unique user-specific information).
The debate that was started 25 years ago when the US government attempted to regulate encryption in the early days of the Internet seems destined to continue with renewed emphasis once the new administration takes office in January. While most in the tech community believe that backdoor policies are foolhardy at best and dangerous at worst, this will likely not stop attempts to weaken or disable encryption by cloaking it under the familiar “national security” umbrella. Whatever one’s opinion is, companies can proactively take steps to not only prepare themselves for possible mandates, they can do so in such a way that also provides them a tangible security benefit at the same time.