Critical Read

Why encryption is inevitable

Cybersecurity - CompTIA 2012 Information Security Trends Report

What: "The Ground Truth about Encryption and the Consequences of Extraordinary Access," a white paper from the Chertoff Group.

Why: Law enforcement has been seeking greater access to encrypted communications and devices, and although the shootings in San Bernardino, Calif., might appear to have strengthened its case, some big names in security are arguing otherwise.

In its white paper, the Chertoff Group sides with Apple in a dispute with the FBI over whether to provide law enforcement agencies with special software to bypass security features in the iPhone. Apple executives have argued that developing software to unlock the phone of one of the San Bernardino shooters would unleash a technological "cancer" that could affect tens of millions of customers.

The Chertoff Group -- which was co-founded by former DHS Secretary Michael Chertoff and former DHS Chief of Staff Chad Sweet and which counts former CIA Director Michael Hayden as a principal -- largely concurs with Apple's assessment.

The debate over strong encryption has heated up in the past year because device manufacturers have adopted policies that implement local encryption by default, instead of having users opt in. That approach is quickly becoming the norm, and strong consumer encryption around the world is "inevitable." Although strong encryption has been an impediment to law enforcement over the years, "the magnitude of that impediment is modest," the paper states.

The Chertoff Group added that it could not find evidence of a successful terrorist attack that would have been stopped by law enforcement's use of decryption technologies and said social media has been a more effective investigative tool than breaking into smartphones. Furthermore, the paper states that engineering exceptional access capabilities into existing encryption systems is a "massively complex undertaking" that could bring its own set of problems because "the more complex a system is, the less secure it is."

Mandating exceptional access threatens to hobble or outright damage innovation in the U.S. encryption and security technology markets, the Chertoff Group concluded. The paper also notes several cases in which damaging, long-term intrusions were perpetrated with the use of pilfered encryption keys.

Verbatim: "Candidly, in the highly dynamic, ever-changing world of cyberthreats, vulnerability, and defenses, we are cautious about any governmentally imposed obligation. In the absence of any decisive demonstration of need, our instinct is to permit the market of ideas and technological development to function without governmental interference, lest we have the collateral and unintentional effect of delaying or preventing the development of an appropriate response."

Click here to read the full report.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected