Euro Security Watch with Mathew J. Schwartz

The Great Crypto Diversion

After Terror Attacks, Politicians Remain Quick to Scapegoat Technology Firms
The Great Crypto Diversion
Photo: lyudagreen (Flickr/CC)

Déjà vu crypto debate.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

One year after "Apple vs. FBI," British Home Secretary Amber Rudd this past weekend slammed Silicon Valley social networking firms, saying that law enforcement agencies and intelligence services cannot properly investigate criminal behavior when faced with communications that are protected via end-to-end encryption.

"We need to make sure that organizations like WhatsApp - and there are plenty of others like that - don't provide a secret place for terrorists to communicate with each other," Rudd told the BBC's Andrew Marr on March 26.

Rudd is the latest in a long line of politicians who have been accused of using recent tragedies to push for weak encryption (see Cybersecurity, Crypto and the Politics of Blame).

In this case, on March 22, British national Khalid Masood, 52, launched an attack involving a rental car and a knife that lasted just 82 seconds before he was killed by a firearms officer. He killed four other people in the attack, and left 50 more people injured, some catastrophically.

The government has shared no evidence suggesting that Masood was radicalized online or that he used encrypted communications services.

The Appeal to Smart Technologists

On-demand access to end-to-end encrypted communications - the magical crypto backdoor - is the political and law enforcement dream that just won't quit.

Matthew Ryder, an attorney at law firm Matrix Chambers in London, says the recurring push for backdoored crypto most resembles "Groundhog Day," referring to the film in which Bill Murray finds himself caught in a time loop, repeating the same day over and over again.

One well-worn trope in the debate gets regularly aired by FBI Director James Comey, who suggests that smart technologists can solve this problem - if only they would try.

Europe continues to debate this matter, too, with some governments calling for the EU to pass laws that would mandate the use of weak crypto. But Andrus Ansip, the EU's technology policy chief and the former Estonian prime minster, last year warned that there's no "black and white" answer to the problem, and that some supposed solutions might in fact cause more problems. "Sooner or later if we have backdoors, somebody will misuse these backdoors," he said.

Two Choices: Strong or Weak

In other words, crypto is either strong or weak. There's no magic exception for the good guys.

"I can't build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality," writes security expert Bruce Schneier, CTO of IBM's Resilient. "The technology just doesn't work that way. If a backdoor exists, then anyone can exploit it."

Rudd, however, claims she isn't trying to outlaw encrypted communications. "End-to-end encryption has a place," she told Sky's Sophy Ridge on March 26. "Cybersecurity is really important and getting it wrong costs the economy and costs people money, so I support end-to-end encryption."

Front Doors, Backdoors and Magic Hashtags

But she joins a long line of politicians who, to put it charitably, oftentimes appear to not know what they're talking about when it comes to encryption, or the fact that Britain's controversial Investigatory Powers Act, passed last year, gives her government the backdoor powers she's demanding.

Former Prime Minister David Cameron, for example, argued that he didn't want a backdoor for crypto, but rather a front door. "We're not asking for backdoors; we believe in very clear" - always a red-flag term - "front doors through legal process that should help to keep our countries safe," Cameron said in January 2015.

Rudd has likewise demanded access to any communications - even encrypted - with a warrant. She also used her television appearances to slam social networks for failing to prevent the spread of extremist content online, implying - without proof - that this helped drive Masood 's attack.

Like Comey, Rudd thinks smart people "who understand the technology, who understand the necessary hashtags to stop this stuff even being put up" are key to blocking the spread of extremism online.

It's not clear what Rudd meant by "necessary hashtags."

The Brexit Elephant

The EU's law enforcement intelligence agency, Europol, has an EU Internet Referral Unit designed to combat online terrorist propaganda, disrupt extremist recruitment and coordinate related intelligence-gathering and law enforcement response.

After Britain withdraws from the EU, however, it's unclear if Britain will still be able to access EU services and agencies such as Europol.

British Prime Minister Theresa May says she will trigger the formal Brexit process on March 29, thus beginning at least two years of what many expect will be messy divorce proceedings, which has already triggered economic uncertainty, the potential for another Scottish referendum and other massive changes that could easily topple the current government.

Rudd, the home secretary, is in charge of internal affairs for England and Wales and for U.K. citizenship and immigration, which is a Brexit sticking point between the U.K. and the EU.

Just three days before the historic Brexit process begins, however, she takes to television to make a straw man out of crypto.

Coincidence?



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.