Enforcing Governmental Decryption

Governmental Decryption

Recent U.S. bills proposed in California and New York aim to implement a controversial governmental backdoor into mobile devices. The issue concerns forcing manufacturers to provide a mechanism for decrypting any device’s content, without the consent or presence of the owner of the device. But the police already have the right to take your phone and use it against you in the court of law. What good does it do for the manufacturers to be required to decrypt any encrypted content?

Backdoors for tyrannies

The fundamental argument against the governmental backdoor is that any backdoor will inevitably be exploited by other actors. To comply with the law, manufacturers and vendors create a technical means that can be exploited by anyone as an attack vector. Certainly that is one of the reasons for requiring a backdoor, as the usage pattern scenarios can be expanded rapidly from California and New York. Why would national security intelligence operators want to stay limited to these states? Instead, what they are aiming for is global coverage.

Indeed, the relevant mobile operating system providers are global, and implementing a backdoor will implement it globally, not just in one jurisdiction. The controversial bills include a financial instrument to enforce compliance from the operating system and device vendors—a $2500-per-device fine for any device sold in these areas that doesn’t comply. Surely any mobile device vendor will be more than happy to comply rather than let itself be driven bankrupt.

Good deeds uncovered

While the motivation for the governmental access has largely been justified by referring to petty crime and fighting terrorism, one can perhaps assume that the there is more to the story than just breaking up the encryption of a local drug dealer or global lone wolf. After all, the heaviest users of encryption are intelligence agencies, militaries, and corporations. Surely none of those would want their phone manufacturers to leave any kind of backdoor, even when a local cop had been issued with a search warrant.

Given that law enforcement agencies around the world have invested hugely in targeted spyware, most of them are already able to intrude on and invade any device they want to. Whatever encryption is in place, they can circumnavigate it by gaining access to the user device before any encryption happens, e.g. by mirroring the screen for remote inspection and often as not permanent storage.

Hence, the question should be more about whether or not governmental access should be institutionalized. It is currently happening, but do we want to increase its use further? And indeed, do we want to throw more oil on the fire of the struggles between historic nation-states, and within the circles of privatized global security providers?

By Kristo Helasvuo

Anita Raj

A Winning Data Strategy Series Part 2: Data, an Asset, or a Liability?

Data, an Asset, or a Liability? This is the second piece of a 5-part series on plugging the obvious but overlooked gaps in achieving digital ...
Steve Prentice

Cloud-Based Financial Software Reinforces the 80/20 Rule of Business Management

Cloud-Based Financial Software Sponsored by Sage 50cloud Small businesses are known for being innovative and customer-focused in a way that their larger competitors cannot. This ...
Aruna Headshot

2019 Predictions for Innovating, Transforming and Enabling Workplace Transformation

My Predictions for 2019 As we think of the top Collaboration trends for the coming year, we should start by taking a look back at ...
Rick Braddy

The Secrets to Achieving Cloud File Storage Performance Goals

Storage Performance with Cost Reduction By 2025, according to Gartner, 80 percent of enterprises will shut down their traditional data centers. As of 2019, 10 ...
Aarti Parikh

Serverless Multi-Tier Architecture on AWS

Serverless Multi-Tier Architecture Multi-tier Architecture Multi-tier Architecture is also known as n-tier architecture. In such architecture, an application is developed and distributed in more than ...
Episode 4: The Power of Regulatory Compliant Cloud: A European Case Study

Episode 4: The Power of Regulatory Compliant Cloud: A European Case Study

An interview with Johan Christenson, CEO of CityNetwork With the world focusing on the big three hyperscalers, there is still room – and much necessity ...
The Thin Client.png