Encryption Battle Pits Apple and Google Against the FBI

SMITH BRAIN TRUST — After the terrorist attacks in Paris, the Obama administration pressed major tech companies for new meetings to discuss ways to give law enforcement "back door" access to encrypted communications — something the tech companies have firmly rejected.  The tension between the companies and the government on this issue had been building even before the massacre in France.

The demands put tech companies like Google, Apple, and Facebook — and smaller companies, like Kik and Telegram, whose messaging apps ISIS operatives have "endorsed" to each other —in a tough spot. (Despite initial claims by officials, however, it appears the ISIS attackers in France did not bother to encrypt their messages.)

In the post-Snowden era, customers are leery of companies handing their data over to the government or having it hoovered up by the government without their permission. And companies suspect customers will flee their products if they see that happening, points out William Rand, a Robert H. Smith School marketing professor and computer scientist. But it could also be dangerous to a brand, to say the least, to be perceived as making the work of terrorists easier.

Apple now automatically encrypts messages sent by iMessage and Facetime, and 80 percent of Gmail users encrypt their email. New iPhones are "locked," meaning no one, including Apple, can access information on the phone without a password. Local DAs investigating crimes are as angry about that as counterterrorism experts.

"The argument of the encryption community has always been that anytime you put a back door to an encryption process you make it useless," says Rand, who largely agrees with that assessment. That's because the private key used to decrypt messages typically resides only on one device. The person who wishes to communicate privately distributes a "public" key to others, which can be revealed without compromising privacy. But if the private key were to be transmitted to a repository maintained by Apple (say), for possible future use, it becomes vulnerable to theft at many points.

When it comes to making concessions to the FBI, "I think you might see different responses from different companies," says Rand. He also points out that encryption doesn't render communications untraceable: Law enforcement can still access the metadata of most messaging systems—who is talking to who, and when—if not the content. That can still be very useful information to investigators.

There are other reasons to think twice about providing a back door to encryption. First, a relatively straightforward countermeasure is available to ISIS: It could copy current encryption standards and develop its own software to send encrypted messages over unencrypted channels. (Some reports say they have already done this.)

It's also difficult to overstate how much of the growing online economy is built on the assumption that strong encryption is available. Encryption protects not only the privacy of personal text messages, but also all of the financial transactions that people make with their banks and credit-card companies. Back doors could make those systems vulnerable.

"When Sony and other companies were hacked by China earlier this year, the government said they should encrypt their communications," Rand says. He points out: "We need encryption to protect us not just against private hackers, but also other countries."

SMITH BRAIN TRUST
HOME | ABOUT | ARTICLES | HOT TOPICS | VIDEOS | WEEKLY NEWSLETTER | SUBSCRIBE