Despite the risks to online commerce, international high-tech sales, security of trade secrets and the fact that it won’t actually make encryption useless to criminals, decryption backdoors to let law enforcement access encrypted communications could become U.S. law in 2016 – and a nightmare to enterprises – especially if terrorists succeed in carrying out major acts of violence.
So far the arguments against such a law have prevailed, but that could change if public opinion turns strongly in favor of it, which is more likely in the wake of events that generate fear.
Following the killings in Paris and San Bernardino, Calif., this year, legislators in Congress renewed a push to require businesses that sell encrypted hardware, software and services to create a way to unlock the encryption when ordered to do so by a judge.
If backdoors become law, complying could mean overhauling or recalling vast amounts of backdoor-free encryption gear already deployed by businesses, a potential financial and logistical nightmare for enterprises and the vendors who make the gear. It could affect commonly used VPN and remote access platforms as well as device encryption used to secure corporate mobile devices containing sensitive information.
It’s impossible to know the scope of such a law since there is no draft, just broad talk from lawmakers interested in giving law enforcement a new investigatory tool.
Two top lawmen – FBI Director James Comey and New York’s Manhattan District Attorney Cyrus Vance, Jr. – strongly advocate for such a law to help stop terrorists, kidnappers, child pornographers and other criminals. Neither cites a case in which a criminal act could have been prevented with such backdoors, but they paint compelling pictures of the possibilities.
A report by Vance’s office cites cases in which evidence gleaned from smartphones that did have backdoors contributed to convictions for murder, rape and sex trafficking. That access to phones was undermined when Apple and Google made it so they cannot unlock their phones, only users can, the report says. “[A]llowing a phone to be locked such that it would be beyond the reach of lawful searches and seizures was unprecedented, and posed a threat to law enforcement efforts,” Vance’s office writes.
Comey testified to the Senate Judiciary committee last week that terrorists know about hardware and software that can’t be decrypted and they use it routinely. “There’s no doubt that use of encryption is part of terrorist tradecraft now because they understand the problems we have getting court orders to be effective when they’re using these mobile messaging apps especially that are end-to-end encrypted,” he says. “We see them talking about that all over the world it is a feature especially of ISIL’s tradecraft.”
Sign up for CIO Asia eNewsletters.