Enforcing Governmental Decryption

Governmental Decryption

Recent U.S. bills proposed in California and New York aim to implement a controversial governmental backdoor into mobile devices. The issue concerns forcing manufacturers to provide a mechanism for decrypting any device’s content, without the consent or presence of the owner of the device. But the police already have the right to take your phone and use it against you in the court of law. What good does it do for the manufacturers to be required to decrypt any encrypted content?

Backdoors for tyrannies

The fundamental argument against the governmental backdoor is that any backdoor will inevitably be exploited by other actors. To comply with the law, manufacturers and vendors create a technical means that can be exploited by anyone as an attack vector. Certainly that is one of the reasons for requiring a backdoor, as the usage pattern scenarios can be expanded rapidly from California and New York. Why would national security intelligence operators want to stay limited to these states? Instead, what they are aiming for is global coverage.

Indeed, the relevant mobile operating system providers are global, and implementing a backdoor will implement it globally, not just in one jurisdiction. The controversial bills include a financial instrument to enforce compliance from the operating system and device vendors—a $2500-per-device fine for any device sold in these areas that doesn’t comply. Surely any mobile device vendor will be more than happy to comply rather than let itself be driven bankrupt.

Good deeds uncovered

While the motivation for the governmental access has largely been justified by referring to petty crime and fighting terrorism, one can perhaps assume that the there is more to the story than just breaking up the encryption of a local drug dealer or global lone wolf. After all, the heaviest users of encryption are intelligence agencies, militaries, and corporations. Surely none of those would want their phone manufacturers to leave any kind of backdoor, even when a local cop had been issued with a search warrant.

Given that law enforcement agencies around the world have invested hugely in targeted spyware, most of them are already able to intrude on and invade any device they want to. Whatever encryption is in place, they can circumnavigate it by gaining access to the user device before any encryption happens, e.g. by mirroring the screen for remote inspection and often as not permanent storage.

Hence, the question should be more about whether or not governmental access should be institutionalized. It is currently happening, but do we want to increase its use further? And indeed, do we want to throw more oil on the fire of the struggles between historic nation-states, and within the circles of privatized global security providers?

By Kristo Helasvuo

Cloud VPS
Cloud vs. Bare Metal Looking for hosting solutions, you’ve definitely come across VPS and dedicated server hosting many times. But in recent years the probability of coming across some other hosting services, namely cloud hosting ...
Future Image Cloudtweaks Compressor
Artificial Intelligence Communism Our technological innovation and progress (especially in the digital space) continues to accelerate unbounded. Google has recently announced there ascension to “quantum supremacy” with the unveiling of it’s brand new Sycamore chip ...
Ronald van Loon
5G networks are expanding to drive new, diverse use cases and innovative mobile-first experiences. Organizations are preparing their 5G strategies accordingly to help fuel transformation, support digital business processes, and improve how people collaborate and ...
Kelly Dyer
Achieving Data Security Compliance As individuals, we go through life sharing information about ourselves in every aspect of our daily existence. From credit checks for securing a loan, through to entire personal and family medical ...
Gary Bernstein
Defining Cloud Security Audit When you're looking for cloud security, it's important to know what a cloud security audit is. Simply put, a cloud security audit is the examination of cloud systems and services in ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

Cloud Community Supporters

(ISC)²
Aws
Hp
Ca
Cisco Logo

Cloud community support comes from sponsorship advertising and collaborative network partnership initiatives.

Contact us for more information on how to get involved in our flexibly priced programs!