The State of New York vs. Smartphone Encryption (and how it impacts us all)

by Matt Klassen on January 18, 2016

hack-attack-faceFor several years now governments, regulators, and law enforcement agencies around the world have wanted keys to the mobile encryption kingdom, playing the trump card of national security to push for access to today’s unbreakable mobile security standards. For their part, Silicon Valley has responded with a collective snort of derision, arguing that they have an obligation to provide the best security possible for their customers, and that unbreakable encryption is ultimately good for everyone.

While various agencies and regulators have long warned about the potential haven such encryption technology creates for criminals, terrorists, and other ne’er-do-wells, the state of New York is taking a controversial step, proposing a bill that would legally require all smartphones sold in the state to be able to be decrypted or otherwise accessed by law enforcement.

But “controversial” is putting things lightly, as there are many reasons to dislike New York’s proposed anti-encryption legislation, none greater than the fact that once backdoors, loopholes, and other such points of entry exist, it won’t be long until such access is used against us by the very criminal element such measures were meant to stymie.

If the proposed ban should pass through New York’s state assembly and senate (and subsequently become law), tech companies like Apple and Google could face fines of $2500 per device sold in the state after January 1, 2016, “if a retailer knowingly sold a smartphone that could not be unlocked or decrypted by the device manufacturer or operating-system provider.”

Simply put, the state would legally mandate the presence of backdoors for mobile technology, the same sort of anti-encryption efforts we’ve seen in other countries, particularly related to Blackberry.

Given that New Yorkers do have a say in the matter through the state’s website for the proposed bill, those on the side of legislating access to mobile devices are trying to make this debate as simply as possible, ostensibly asking the question, “are you willing to give up a little bit of your security and offer governments and law enforcement agencies access (which will never be exploited) to help fight terrorism? It’s exactly the sort of short-sighted fear-mongering we’ve seen used whenever the U.S. government needs to push something generally unacceptable down people’s throats.

Perhaps counter-intuitively though, I will grant the argument that undergirds this proposed anti-encryption bill and agree that terrorists may, in fact, have a slightly easier time avoiding government surveillance with their communications, and even go as far as to say that this has the potential to mean that crucial information might be missed that could prevent bad things from happening, but that still is not enough reason to trample on mobile encryption towards the establishment of a (scary) police state.

As Cyberwarfare Advisor for the International Association of Counterterrorism and Security Professionals David Gewirtz writes, there are several reasons why strong encryption is ultimately good for everyone.

First, if backdoors exist, they will be exploited, and used against us for crimes ranging from terrorism all the way to data theft and blackmail. Second, along the lines of “better the devil you know than the devil you don’t,” if we eliminate encryption standards they will be replaced, and what they’ll be replaced with will only continue to serve the needs of terrorists, again leaving us exposed while doing little to protect against criminal threats. Third, while we grant that current encryption standards are hard for law enforcement to access, that means they are generally impervious to hackers and thus cannot be exploited by terrorists or other such criminals.

For me things are clear: For years agencies like the NSA have been exploiting vulnerabilities in communication technology to unjustifiably monitor all sorts of people doing all sorts of things. Now that they’ve been exposed, encryption standards have concurrently improved, and such agencies and governments have been forced to ask for access, to which they have received a resounding ‘No!’ This is a mess that the U.S. government created for itself, and legislating against encryption standards to correct it is short-sighted and dangerous.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: