Critical Read

Why encryption is inevitable

Cybersecurity - CompTIA 2012 Information Security Trends Report

What: "The Ground Truth about Encryption and the Consequences of Extraordinary Access," a white paper from the Chertoff Group.

Why: Law enforcement has been seeking greater access to encrypted communications and devices, and although the shootings in San Bernardino, Calif., might appear to have strengthened its case, some big names in security are arguing otherwise.

In its white paper, the Chertoff Group sides with Apple in a dispute with the FBI over whether to provide law enforcement agencies with special software to bypass security features in the iPhone. Apple executives have argued that developing software to unlock the phone of one of the San Bernardino shooters would unleash a technological "cancer" that could affect tens of millions of customers.

The Chertoff Group -- which was co-founded by former DHS Secretary Michael Chertoff and former DHS Chief of Staff Chad Sweet and which counts former CIA Director Michael Hayden as a principal -- largely concurs with Apple's assessment.

The debate over strong encryption has heated up in the past year because device manufacturers have adopted policies that implement local encryption by default, instead of having users opt in. That approach is quickly becoming the norm, and strong consumer encryption around the world is "inevitable." Although strong encryption has been an impediment to law enforcement over the years, "the magnitude of that impediment is modest," the paper states.

The Chertoff Group added that it could not find evidence of a successful terrorist attack that would have been stopped by law enforcement's use of decryption technologies and said social media has been a more effective investigative tool than breaking into smartphones. Furthermore, the paper states that engineering exceptional access capabilities into existing encryption systems is a "massively complex undertaking" that could bring its own set of problems because "the more complex a system is, the less secure it is."

Mandating exceptional access threatens to hobble or outright damage innovation in the U.S. encryption and security technology markets, the Chertoff Group concluded. The paper also notes several cases in which damaging, long-term intrusions were perpetrated with the use of pilfered encryption keys.

Verbatim: "Candidly, in the highly dynamic, ever-changing world of cyberthreats, vulnerability, and defenses, we are cautious about any governmentally imposed obligation. In the absence of any decisive demonstration of need, our instinct is to permit the market of ideas and technological development to function without governmental interference, lest we have the collateral and unintentional effect of delaying or preventing the development of an appropriate response."

Click here to read the full report.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.