In 1995, the Electronic Frontier
Foundation (a privacy group) won a landmark case. https://www.eff.org/cases/bernstein-v-us-dept-justice.
The case allowed any developer to release their encryption algorithm and the source
code, for free, under the first amendment. The case marks the first time the
government tried to push back against privacy in a court case. Ever since that
case was won, we have had access to many open source encryption libraries which
we can use legally, without having to worry about the legal repercussions (i.e
OpenSSL, PGP etc.).
With the availability of computers
and the existence of digital property, the early creation of encryption allowed
anyone to keep their files secure. All they needed to do was to keep their key
secret. Encrypted files were made undecipherable by anyone, including the government,
and corporations. This complicated things when law enforcement have a search
warrant, and they are unable to retrieve and read certain encrypted files.
Files that may be relevant in deciding whether an individual is innocent or guilty.
Eric Holder, the U.S attorney general
has joined the FBI and other U.S agencies in trying to make encryption weaker, by
allowing government the ability to decrypt files without the secret key. Their
reasoning is simple: software pirates, criminals, terrorists and child
pornographers should not be able to secure their files perfectly. Security
experts and privacy groups do not agree with their reasoning. Giving the
government access to security algorithms defeats the purpose of the encryption
as anyone might be able to discover the backdoor and use it. Furthermore, it is
difficult to enforce and monitor the government’s usage of the available
backdoors. Nothing guarantees that the backdoor will only be used in court
cases when there is a search warrant against the user’s digital files. There
are other arguments by privacy groups against this: it is very unlikely that a
court case is not able to proceed because certain files are encrypted.
Furthermore, there is nothing stopping other countries where encryption is
legal and doesn’t require backdoors, to sell their security tools to U.S
citizens. It would be difficult to control the importing of such tools over the
internet. Furthermore, there have been numerous accounts of backdoors that were
not used for their original intended purpose. One example is Greece’s backdoor
in its telephone switches. Which allowed someone to use the backdoor (identity
still unknown) to listen in on the prime minister’s conversations (http://bits.blogs.nytimes.com/2007/07/10/engineers-as-counterspys-how-the-greek-cellphone-system-was-bugged/).
With the recent leaks by Snowden,
stating that the U.S and U.K governments are spending money into sabotaging operating
systems, hardware, and standards to ensure that they can get inside them if
they want to. The tech industry is losing money as many foreign countries are
starting to lose trust in their products. Adding backdoors to security
algorithms will hurt the U.S economy even more, and will hurt privacy. The only
way to achieve security is to design systems that lock out everyone except the
owner.
Source: http://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-the-fbis-desire-to-unlock-your-private-life-must-be-resisteds
No comments:
Post a Comment