Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

To break terrorist encryption, pay off Apple and Google, expert urges

Matt Hamblen | Dec. 18, 2015
Another suggests using other tech tools already available.

Easy Everyday Encryption
Credit: Perspecsys Photos via Flickr

To break encrypted smartphone messages used by terrorists, tech companies such as Apple and Google need to be paid by law enforcement, an expert urged Thursday.

"If there were a financial incentive for Google and Apple to assist law enforcement, then they would be more willing to change their encryption technology to facilitate law enforcement in possession of a warrant," said Professor Darren Hayes, director of cybersecurity at Pace University, in an interview.

Tech companies and wireless carriers currently get reimbursed "quite nicely," he said, for their time and help when faced with a court warrant under the 1994 Communications Assistance for Law Enforcement Act (CALEA), a wiretap law that allows the FBI and others access to some communications, but not encrypted data.

Apple and others "are in the business to make money, so you have to make a business case for them to cooperate," Hayes added.

In the latest versions of their operating systems -- after Apple iOS 4 and Google Android 5.0 (Lollipop) -- decryption keys are kept only on the devices themselves, with disk-level encryption. In both cases, the companies would likely need to re-work their operating systems to allow access to the decryption keys.

Hayes believes updating CALEA to apply to encrypted data or some other standard is needed, but he also believes added financial incentives to cooperate with authorities will persuade tech companies.

"Something needs to be done, if there's a warrant, to intercept encrypted communications," he said. 'Until a year ago [under older iOS versions], Apple held the decryption keys, so it's not a challenge to go back to what they were doing a year ago."

Neither Apple nor Google would comment when asked about Hayes' proposal. But the Information Technology Industry Council, which represents both companies as well as others, has opposed attempts to break encryption.

Breaking encryption is a "massive undertaking"

Hayes admitted that gaining access to encrypted terrorist communications is a "massive undertaking" given the wide variety of encryption tools, including hundreds of free or low-cost smartphone apps for voice, text, files and more, as well as privately developed apps.

Members of ISIS, which has been linked to deadly attacks in Paris and San Bernardino, are widely reported to be using an encryption tool called Mujahedeen Secrets 2, written by anonymous developers.

CNN reported on Thursday that investigators in the Paris attacks have found evidence that indicates some of the terrorists used encrypted apps, including WhatsApp and Telegram, for plotting the attacks.

Previously, investigators said there were encrypted apps on the cell phones recovered from the crime scenes in the Paris attacks, but at the time they weren't sure the apps were used to plot the attacks.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.