Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

A Perfect Example of Why Government Officials Don’t “Get It” about Encryption

It is both very sad and a little bit amusing when government officials who obviously do not understand how encryption works make public “demands” claiming that companies need to decrypt messages that might describe both legal and illegal conduct by citizens and residents of the country. The latest example may be found in an article by Jason Koebler in the Vice web site.

In short, there are several very obvious (to me and to a few million other people) examples that show the ignorance of many of our public officials:

Everyone needs to keep private information secret for a variety of reasons. Even law-abiding private individuals need to protect their bank account information and credit card numbers from credit card thieves and other hackers who pay no attention to laws. An individual’s location should not be available to abusive former spouses, and the locations of children and grandchildren should be kept away from potential child molesters.

Corporations should be able to protect trade secrets. Just ask anyone in a highly competitive industry (Disney, Amazon, most any software company, and so on.)

Governments and especially the military have a need to keep secrets. Politicians may or may not need to keep secrets, depending upon who you ask. The Russian, Chinese, and even North Korean governments have been very effective at stealing information from other governments, corporations, and from the citizens of other countries, then using that information for malicious purposes.

So it sounds simple as if companies such as Apple and Google should be able to decrypt encrypted information any time a government official or law enforcement person asks for that information, right?

No, it isn’t that simple. First of all, any information that has been encrypted properly CANNOT BE DECRYPTED by anyone who does not already know the encryption keys used. Encryption keys are typically created by the end user, not by the company that created the encryption device or software. Apple cannot decrypt encrypted iPhones, Google cannot decrypt encrypted Android phones, email providers cannot decrypt encrypted email messages, and so on. Each company’s employees, including the programmers who write the software, cannot decrypt those messages. That is the entire reason for using encryption: to make sure no unauthorized person can ever read it, not even the employees of the company that made the device.

Bureaucrats can demand anything they want but such demands are the equivalent of demanding that someone count the number of grains of sand on a beach.

Next, if encryption software is modified to include watered down “back doors” allowing access to this information to law enforcement, it will only be a matter of a few weeks until our enemies will also learn how to access the same “back doors.” Individuals, corporations, politicians, governments, and even the military will soon have all their information become visible to credit card thieves, hackers, corporate spies, child molesters, and even to foreign spies alike.

Finally, who can guarantee that government employees will only use the information obtained for legitimate and necessary purposes? History has hundreds of examples of government employees accessing information and then using theinformation for illegal purposes.

Two police officers in the city where I live were recently found to be obtaining private records (arrests, bankruptcies, drivers’ licenses, mental health records, financial information, and more) from existing databases that are accessible to law enforcement officers, then using that information to blackmail neighbors, relatives, and other people they did not like.

Want to obtain a Social Security Number of someone else? Slip $20 or so to a dishonest employee of the Social Security Administration. Want a drivers license number of someone else? Slip $20 or so to a dishonest employee of the motor vehicle department or an employee of an insurance company.

Sadly, such things happen every day. Using encryption won’t stop dishonest employees entirely but it will reduce the number of crooks who have access to that information.

Is that what we really want?

You can read a lot more in an article by Jason Koebler in the Vice web site at: https://www.vice.com/en_us/article/k7eway/trump-enters-the-dumb-encryption-debate-with-a-dumb-tweet. Quoting from that article:

“The Justice Department has lied about this topic so many times in the past that we cannot trust it on this issue without a truly exceptional and specific explanation.

“I’d like to say that I cannot believe we are having this debate again, except I can believe it, because we’ve gone through this incredibly stupid and unproductive charade dozens of times before, and we will probably repeat it over and over until one day, mercifully, we will die.”

Categories: Encryption

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.