Critical Read

Why encryption is inevitable

Cybersecurity - CompTIA 2012 Information Security Trends Report

What: "The Ground Truth about Encryption and the Consequences of Extraordinary Access," a white paper from the Chertoff Group.

Why: Law enforcement has been seeking greater access to encrypted communications and devices, and although the shootings in San Bernardino, Calif., might appear to have strengthened its case, some big names in security are arguing otherwise.

In its white paper, the Chertoff Group sides with Apple in a dispute with the FBI over whether to provide law enforcement agencies with special software to bypass security features in the iPhone. Apple executives have argued that developing software to unlock the phone of one of the San Bernardino shooters would unleash a technological "cancer" that could affect tens of millions of customers.

The Chertoff Group -- which was co-founded by former DHS Secretary Michael Chertoff and former DHS Chief of Staff Chad Sweet and which counts former CIA Director Michael Hayden as a principal -- largely concurs with Apple's assessment.

The debate over strong encryption has heated up in the past year because device manufacturers have adopted policies that implement local encryption by default, instead of having users opt in. That approach is quickly becoming the norm, and strong consumer encryption around the world is "inevitable." Although strong encryption has been an impediment to law enforcement over the years, "the magnitude of that impediment is modest," the paper states.

The Chertoff Group added that it could not find evidence of a successful terrorist attack that would have been stopped by law enforcement's use of decryption technologies and said social media has been a more effective investigative tool than breaking into smartphones. Furthermore, the paper states that engineering exceptional access capabilities into existing encryption systems is a "massively complex undertaking" that could bring its own set of problems because "the more complex a system is, the less secure it is."

Mandating exceptional access threatens to hobble or outright damage innovation in the U.S. encryption and security technology markets, the Chertoff Group concluded. The paper also notes several cases in which damaging, long-term intrusions were perpetrated with the use of pilfered encryption keys.

Verbatim: "Candidly, in the highly dynamic, ever-changing world of cyberthreats, vulnerability, and defenses, we are cautious about any governmentally imposed obligation. In the absence of any decisive demonstration of need, our instinct is to permit the market of ideas and technological development to function without governmental interference, lest we have the collateral and unintentional effect of delaying or preventing the development of an appropriate response."

Click here to read the full report.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.