How restricting encryption increases cyber risks
- By Aisha Chowdhry
- Mar 14, 2016
What: "Unlocking Encryption: Information Security and the Rule of Law," a report from the Information Technology and Innovation Foundation.
Why: When the FBI sought to compel Apple to create software that would disable security protections so agents could break into the iPhone used by one of the San Bernardino, Calif., shooters, the move sparked an ongoing dialogue about whether technology companies should be able to supply customers with devices that shield data from law enforcement.
The report's authors, Daniel Castro and Alan McQuinn, argue that encryption should be continually developed and innovated rather than weakened. They call on Congress to pass legislation that would prevent the government from requiring technology providers to create encryption backdoors, ban the National Security Agency from tampering with encryption standards and forbid any federal agency from exploiting security flaws.
At the same time, they want lawmakers to explore the possibility of stiffer penalties for anyone who does not comply with a lawful warrant to disclose encrypted data to law enforcement.
The Senate is set to release legislation to force companies to decrypt data for law enforcement when required by a lawful court order. Additionally, an effort is underway to authorize a commission composed of representatives from law enforcement, the technology industry and academia to examine digital privacy issues and make policy recommendations to Congress.
Verbatim: "U.S. efforts to mandate extraordinary access to encryption products and services will reduce progress in information security systems and serve only to open foreign markets for foreign competitors, as they did in the first crypto wars. The policy of the U.S. government should not be to pick winners and losers by mandating specific technologies. Doing so will actively halt innovation in information security, creating a digital world that is less secure overall. Instead, the United States should stand athwart any attempts to denigrate cybersecurity and should champion strong encryption by promoting a broader strategy for improving cybersecurity around the world."
Read the full report here.
Aisha Chowdhry is a former staff writer for FCW.