PINDROP BLOG

Balancing Privacy and Security in the Backdoor Debate

SAN FRANCISCO–The Apple-FBI debate has brought up many old arguments about wiretapping, surveillance, backdoors, and law enforcement, but while the discussions aren’t new, the technological context is. Cryptographers and privacy experts who are studying the case say that the recent proliferation of encrypted communications and devices has raised the stakes for everyone involved.

“Wiretapping didn’t spring from nothing. But the encrypted messaging systems and encrypted phones in some sense are practically a day old,” Matthew Green, a professor at Johns Hopkins University and cryptographer, said in a panel discussion on government backdoors at the RSA Conference here Wednesday.

“We started deploying these things at real scale only a couple of years ago. This is creating something from scratch and we have no idea what the implications of the technology are going to be.”

One of the proposals that’s been advanced during the discussion of the FBI’s desire to get backdoor access to an encrypted iPhone is the notion of dividing trust in some way. Splitting encryption keys among two or even more parties isn’t a new idea, but it’s resurfaced as policy makers and technologists look for solutions to the problem at hand.

Green said that while the key-splitting scenario may be technically possible, there are a lot of problems with it.

“Dividing trust requires huge changes. That might work out, it might be possible. But I don’t know who those trusted entities are,” Green said. “If you pick them incorrectly, really bad things happen to you.”

While many of the systems and services that are using encryption may be new, the technology and math behind them are not. Green said that the upside of all of the discussions around backdoors is that they help shed light on the strength of the encryption algorithms in use right now.

“The one thing that no country knows how to do is break encryption. They break it by stealing keys,” Green said. “We know encryption works. The technological facts are fixed.”

In addition to the technological aspects of the backdoor discussion, there’s also a large privacy consideration. If users have an expectation of privacy and later discover their communications or devices have been intentionally compromised, the ramifications could be severe.

“We have a huge expectation of privacy in this country. We want to talk to who we want to talk to unobserved by other people,” said Michelle Dennedy, chief privacy officer at Cisco. “It feels bad to feel out of control. When we have information flowing through our systems, we’re engaging in a sacred trust. We have an ethical, legal and moral obligation to protect it.”

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS