Susan Landau, author of Listening In: Cybersecurity in an Insecure Age, is a leading cybersecurity scholar and former Google privacy analyst. Below, she uncovers how governments’ efforts on encryption weaken cybersecurity measures and makes a compelling case for the need to protect our data and ourselves.
In February 2016 the Judiciary Committee of the US House of Representatives invited me to testify on encryption. Cryptography protects data in motion – communications – and data at rest – particularly data stored on smartphones, laptops and other digital devices – from prying eyes. The encryption issue has bedevilled law enforcement since the early 1990s. Because encryption was becoming a default on consumer devices, law enforcement’s worst fears were finally coming true. Not only were smart criminals and terrorists using encryption to hide their plans, as they had been doing so for quite some time, but now the less savvy ones were as well.
Similar situations were playing out elsewhere. After the November 2015 attacks in Paris, police initially said that the terrorists’ communications were encrypted (they appear not to have been). And when in March 2017 a terrorist killed four people outside Parliament, British Home Secretary Ashley Rudd said it was ‘completely unacceptable’ that end-to-end encryption provided by WhatsApp prevented the police from accessing the extremist’s communications. In the US, FBI Director James Comey was pressing Congress to require that ‘exceptional access’ be built into encryption systems, enabling law enforcement to access communications or open devices with legal authorisation. Rudd sought the same.
But this seemingly simple request was anything but. If you make it easier to break into a communication system or a phone, it’s not just government agents with a court order who will get in. Bad guys, including criminals and other sophisticated attackers, will also take advantage of the system. Weakening security is exactly the wrong move for a world fully dependent on digital communications and devices to conduct personal, business and government affairs. Meanwhile other information, including communications metadata, which supplies the to-whom and when of a call or email, do provide law enforcement with the ability to determine a criminal’s contacts.
The US hearing played out against the background of a dispute between Apple and the FBI involving a locked iPhone. In December 2015, two terrorists in San Bernardino, California killed fourteen members of the county Health Department. The terrorists themselves were killed in a shootout, but the FBI recovered extensive evidence related to their plans, including a locked Apple iPhone used by one of the perpetrators. The FBI sought to have Apple write software to unlock the phone’s security protections. When the company refused to do so, the law-enforcement agency took Apple to court, which initially ruled in the government’s favour.
At the Judiciary Committee hearing, then FBI Director Comey railed against ‘warrant-proof’ spaces and the difficulties locked devices presented to keeping Americans safe. Apple’s general counsel and I presented a different narrative: in a world of increasing cyber attacks, communications and data require stronger protections. Weakening them is the last thing we should be doing. Surely the FBI could find other ways to open the phone – essentially hacking in under a court order – without making Apple undo its security protections, which would put other phones at risk.
Discussion raged for weeks. Which approach offers more security? Forcing Apple to undo the protections the company had carefully designed for the iPhone? Or leaving these protections in place, potentially not accessing the terrorists’ communications, but leaving everyone else’s phone secure? Then, after having testified in court and in Congress that only Apple could undo the phone’s security protections, the FBI announced a contractor had found a way to unlock the phone. The immediate problem of Apple’s secure phone went away. The FBI’s fear of ‘going dark’ – of losing the ability to listen in or collect data when this information was encrypted – remained.
But the cyber security threats were already changing in hidden and disturbing ways. The Russians, who have long used disinformation as a technique for influencing events, had turned cyber tools against the Democratic Party and, in particular, Hillary Clinton’s presidential candidacy. Using common forms of cyberattack, the Russians stole emails from the DNC, the Democratic Congressional Campaign Committee, and from the private account of John Podesta (chair of Clinton’s presidential campaign). The email leak, combined with false news stories that were favourable to the Republican candidate Donald Trump and unfavourable to Clinton – and Twitter bots that brought them much attention – were new forms of disruption. These drove US press stories and attention, creating a very negative effect for Clinton in the waning days of the 2016 election.
The same Russian group that hacked the DNC also stole mail from French candidate Emmanuel Macron ahead of that nation’s presidential elections in 2017. At the time of this writing, Russia is believed to be directing similar efforts against German politicians. There are hints of attempts in Norway and Holland as well.
Cybersecurity was no longer only about preventing Chinese hackers from stealing fighter plane plans to use for their own military, or about the US military’s use of sophisticated cyberattack weapons to destroy centrifuges at an Iranian nuclear facility. Now it was about protecting vastly larger swathes of society – and extending strong forms of security, including cryptography, to everyone.
When the FBI supports exceptional access, and tech companies resist it, the FBI is not weighing the demands of security versus privacy. Rather, it is pitting questions about the efficiency and effectiveness of law enforcement against our personal, business and national security. How do we secure ourselves in the face of the Digital Revolution, in which our world is increasingly being controlled through bits? This revolution has brought humanity tremendous economic, technological, scientific and cultural benefits. But it also provides bad actors the ability to steal and disrupt at a distance, performing serious mischief at scale. The encryption debate is not about security versus privacy, but is instead about security versus security – and the choices we make to secure our open, dynamic society.
Susan Landau is Bridge Professor in the Fletcher School of Law and Diplomacy and the School of Engineering, Department of Computer Science, at Tufts University and Visiting Professor at University College London. She was previously a Senior Staff Privacy Analyst at Google and a Distinguished Engineer at Sun Microsystems. She is an Association for Computing Machinery Fellow, a Cybersecurity Hall of Fame inductee, and an American Association for Advancement of Science Fellow.
Featured Image: ‘Hacking Password Illustration’ by Santeri Viinamäki via Creative Commons