Top law enforcement officers, FBI director James Comey and Trump’s nominee for attorney general, Sen. Jeff Sessions, are supportive of giving law enforcement means to sidestep encryption.
It seems likely that the Trump administration will push for policies forcing tech companies to create cryptographic backdoors in the name of helping law enforcement, a highly controversial notion that was at the center of Apple’s fight last year with the FBI over an alleged terrorist’s iPhone.
Apple resisted the FBI’s demand it provide access to the locked phone in a case that grabbed headlines for months. (Ultimately, a third party company helped the FBI gain access to the phone.)
FBI director James Comey, a strong proponent of backdoors, is expected to remain in the position. Trump’s nominee for attorney general, Sen. Jeff Sessions, is also supportive of giving law enforcement the means to sidestep encryption, as he recently told the Senate panel weighing his nomination (H/T to The Register for the find): Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.
Last year, Comey said he was gathering evidence in order for the country to have an “adult conversation” about encryption this year. It’s a debate that crosses both personal privacy and security lines, with many experts saying it’s impossible to create a backdoor that criminals can’t find on their own.
Also: Americans “divided” on giving feds access to encrypted messages | Trump’s attorney general nominee in favor of encryption backdoors | Why Apple went to war with the FBI
“The experts agree that backdoors are a bad idea,” says Constellation Research VP and principal analyst Steve Wilson. “They produce systemically weak encryption, and they force hardened criminals to build their own crypto–which they probably do anyway.”
“The interesting meta story is why the backdoor proposition won’t go away,” Wilson adds. “The so-called ‘crypto-wars’ were fought and won by the experts in the 1990s, yet here we are, trying to regulate encryption all over again. I think the explanation is that the backdoor brigade don’t actually care about security.
It’s probably not a coincidence that the White House doesn’t much care about alleged Russian hacking of the political process, Wilson adds. “I’m not talking conspiracy but rather a complacency about overall security capability.”
“It’s sad too that backdoors are held up as some silver bullet to organised crime,” Wilson says. “It seems like lazy police work to me. There are other ways for criminals to cover their tracks.” For example, even if there were backdoors, bad elements can use steganography–methods that hide secret messages in otherwise legitimate data, like images or music, he notes. “Steganography is easily implemented, undetectable, and cannot be regulated.”
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.