FBI Director Christopher Wray is right: The cyber threat has evolved into a full blown information security crisis with the ongoing midterm elections becoming the primary concern. Meanwhile, the Senate’s email system is being probed by an adversary and the FBI is looking into the hacking of former Tennessee Gov. Phil Bredesen’s Senate campaign communications.
Despite all this, Wray has renewed the call for weakening of encryption, the one measure proven to safeguard our critical information.
{mosads}While unobstructed access to everyone’s information through a ‘magical digital backdoor’ would make investigations easier, it would also make law enforcement’s task of protecting our economy, national security, and personal information practically impossible.
Weakened encryption with an on-demand access to every app and business network is not a solution to preventing cybercrime and election hacking, particularly when neither government nor private industry have a stellar record of protecting access to critical data.
Today, when trust in the integrity of the election process is critical, the encryption backdoor would only undermine law enforcement’s ability to protect our democratic process in the 2018 and 2020 elections.
To understand what is at stake, it is worth stepping back to examine why we needed encryption to begin with. Without it, every corporate communication, financial transaction, and sensitive government document would be flying over the internet in the clear for anyone to see. In a hyper-connected world fraught with threats, encryption allows us to scramble data to render it unreadable as it travels from point A to point B so it is protected.
As the entire economy moved online, information skyrocketed in value and volume. It became a lucrative target for criminals and the disruption grounds for nation states. In response to these massive risks, we have collectively adopted end-to-end encryption to ensure it is mathematically impossible to steal data or breach communications between, let’s say, two FBI agents investigating a national security matter like the election interference.
While encryption use has expanded, it is far from universal. It remains challenging to keep up with the threats. The best information security teams find themselves in an uphill battle defending our information.
Just recently, we learned that virtually every computer in the world is vulnerable to security issues in processing chips. WhatsApp and other messaging apps were found prone to attacks on group communications. Three billion Yahoo accounts were breached, likely in part due to a government-mandated scanning of user emails. Equifax failed to protect personal information of over half of the U.S. population. China reportedly obtained sensitive records of our intelligence and military personnel. The list goes on and on. The bottom line is that cybersecurity is hard. This is not a time to undercut our protections.
As Wray suggests, it is time to engage in a constructive and fact-based dialogue on cybersecurity. A good starting point is acknowledging that today’s arguments for weaker encryption are largely the same as they were 20 years ago during the first “Crypto Wars,” while the threats that encryption protects us against have exponentially grown. Back then, an attempt to engineer a safe backdoor failed after major security issues were discovered. The fact that to date we do not have scalable and safe backdoors is not for lack of trying. There are no credible voices in cryptography that know of a way to allow third party access to encrypted data at scale without compromising it.
When we build systems that are prone to compromise by design, users will move to safer products for critical communications. Enforcement questions aside, if we make it illegal to build and sell safe technology, they will be built and sold elsewhere, leaving U.S. technology uncompetitive and our public sector vulnerable.
With calls for backdoors rooted in the idea that the amount of data available to law enforcement is declining, it is worth noting that rather than going dark, the majority of tech companies remain built around collecting and monetizing user data. It is unlikely that every technology will run end-to-end encrypted anytime soon, guaranteeing no shortage of information available to law enforcement seeking lawful intelligence.
In today’s data-saturated world, encryption is critical to data protection, particularly when our midterm elections are already being targeted by nation states. The private and public sectors have the opportunity to work together to secure our information while, to the greatest extent possible, helping law enforcement. Now is the time to retire the encryption debate for good and focus our efforts on empowering every election official and every political campaign to embrace encryption in protecting our data and our democracy.
Joel Wallenstrom is president and CEO of Wickr, a secure communications platform, previously co-founder and executive for several information security research teams responsible for finding and mitigating cybersecurity vulnerabilities.