Enforcing Governmental Decryption

Governmental Decryption

Recent U.S. bills proposed in California and New York aim to implement a controversial governmental backdoor into mobile devices. The issue concerns forcing manufacturers to provide a mechanism for decrypting any device’s content, without the consent or presence of the owner of the device. But the police already have the right to take your phone and use it against you in the court of law. What good does it do for the manufacturers to be required to decrypt any encrypted content?

Backdoors for tyrannies

The fundamental argument against the governmental backdoor is that any backdoor will inevitably be exploited by other actors. To comply with the law, manufacturers and vendors create a technical means that can be exploited by anyone as an attack vector. Certainly that is one of the reasons for requiring a backdoor, as the usage pattern scenarios can be expanded rapidly from California and New York. Why would national security intelligence operators want to stay limited to these states? Instead, what they are aiming for is global coverage.

Indeed, the relevant mobile operating system providers are global, and implementing a backdoor will implement it globally, not just in one jurisdiction. The controversial bills include a financial instrument to enforce compliance from the operating system and device vendors—a $2500-per-device fine for any device sold in these areas that doesn’t comply. Surely any mobile device vendor will be more than happy to comply rather than let itself be driven bankrupt.

Good deeds uncovered

While the motivation for the governmental access has largely been justified by referring to petty crime and fighting terrorism, one can perhaps assume that the there is more to the story than just breaking up the encryption of a local drug dealer or global lone wolf. After all, the heaviest users of encryption are intelligence agencies, militaries, and corporations. Surely none of those would want their phone manufacturers to leave any kind of backdoor, even when a local cop had been issued with a search warrant.

Given that law enforcement agencies around the world have invested hugely in targeted spyware, most of them are already able to intrude on and invade any device they want to. Whatever encryption is in place, they can circumnavigate it by gaining access to the user device before any encryption happens, e.g. by mirroring the screen for remote inspection and often as not permanent storage.

Hence, the question should be more about whether or not governmental access should be institutionalized. It is currently happening, but do we want to increase its use further? And indeed, do we want to throw more oil on the fire of the struggles between historic nation-states, and within the circles of privatized global security providers?

By Kristo Helasvuo

Patrick Joggerst

From Virtualization to Cloudification: Transforming Networks, Now What?

Virtualization to Cloudification As we head into the next decade of telecommunications network technology transformation, we find ourselves at a pivotal moment as the era ...
Steve Prentice

Episode 4: The Power of Regulatory Compliant Cloud: A European Case Study

An interview with Johan Christenson, CEO of CityNetwork With the world focusing on the big three hyperscalers, there is still room – and much necessity ...
Martin Mendelsohn

Supporting CISOS, CIOS and CTOS That Are Overwhelmed During the COVID Battle

The Covid Era and CISO Stress Even before COVID-19, senior technology executives, including CISOs, CIOs and CTOs were overwhelmed, and felt an increasing lack of ...
Miha Kralj

SaaS Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability for all businesses. This is ...
Gilad David Maayan

Leveraging Managed Kubernetes to Improve Your Operations

Leveraging Managed Kubernetes Kubernetes simplifies container orchestration, but sometimes companies are struggling with Kubernetes adoption. Many organizations do not have the required expertise to configure ...
Daniela Streng

Preventing IT Outages and Downtime

Preventing IT Outages As businesses continue to embrace digital transformation, availability has become a company’s most valuable commodity. Availability refers to the state of when ...
Johan

Why the digital infrastructure is a matter of national interest!

Digital Infrastructure National Interest When the Internet was born, it promised a form of democracy and guarantee that everybody could be part and setup their ...
Ajay

Explainable Intelligence Part 3 – The Strategy for XAI

The Strategy for XAI It is not enough to say that something is true just because 'I know it’s true!' – we have to have ...
Kokumai

Identity Assurance – Sufficient and Necessary Conditions

Identity Assurance It is not easy to define the 'sufficient condition' for describing a set of processes used to establish that a natural person is ...
Brian Day

Tips for Developing Apps In a Cloud Environment

DevOps and the Cloud Unless you’ve just started a brand-new organization, your IT environment is currently running a diverse collection of last-generation and older applications ...