Menu

Can a Government Encryption Backdoor and Privacy Coexist?

encryptionOn March 2 at 9:10 a.m. at the RSA Conference, I’ll be running a panel discussion on “Can government encryption backdoor and privacy coexist, or is it an oxymoron?” with Michelle Dennedy, the Chief Privacy Officer of Cisco, Richard Marshall, former General Counsel for the NSA, and Dr. Matthew Green, the Economist’s go-to source for encryption technologies.

My idea is to bring in a privacy expert, an encryption expert, and a policy maker to have a lively debate on this issue. Interestingly, it was a hot issue when we submitted the original panel proposal last year. But since then it has become an even more emotionally-charged topic since the dispute between Apple and the FBI made headlines.

With this panel we are trying to move away from discussing this as a black-and-white issue and have a more nuanced discussion. Both sides of the argument make some sound points, and we hope to dissect them one-by-one.

The arguments for the “against” side are as follows: 

  • The so-called “backdoor” will weaken the encryption strength of the system, and violate some of the tried-and-true design principles of secure systems.
  • There is no sufficient safeguard to prevent abuse. We don’t have well-defined legal oversight and due processes to govern who has access to the backdoor, the encrypted information, and how that information will be handled.
  • How can one stop foreign governments from mandating the same thing if the U.S. government can successfully mandate a “backdoor?”

The arguments for the “for” side are these:

  • Law enforcement should not be left completely blind to secret communications. Bill Gates made this point recently in his interview with Charlie Rose.
  • It is possible to design a crypto system that such a “backdoor” will not necessarily weaken the security strength of the system.
  • If we do not create legal backdoors, would it be possible that all secret communications would be outlawed? This will impact any end-to-end secure communications, including secure social media messaging, secure chat apps, and many more.

Michelle, Matt and Richard will take on these topics, one-by-one, and debate the validity and the implications of each. I’ve asked them to bring specific examples/precedents and concrete evidence to the table. Matt, for instance, will talk about a specific case in which the presence of an encryption backdoor led to a security compromise and the leak of highly sensitive information.

Apple’s fight against the FBI has also engendered some intriguing questions, including whether Apple’s characterization of what the FBI asked them to do as the “equivalent of a backdoor” is a sound one. Similarly, is the FBI’s claim that creating a way to unlock this particular phone does not equate the ability to unlocking millions of others a valid claim? 

A few other interesting points that worth pondering include:

  • Will a backdoor capability ever be a moral necessity, or at which point could it become a necessity? What if hundreds of lives are at stake? What would be the threshold—if any—that might make an encryption backdoor an acceptable practice?
  • Will Silicon Valley technology companies strike a deal with Washington D.C.? If so, what would that deal look like? If not, what will be the ultimate outcome to consumer secure communications?

Ron Rivest, Bruce Schneier and a panel of other experts recently published a report, “Keys Under Doormats” discussing this issue, and they stated: “The damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago.”

To compound the question, our society is becoming increasingly digitalized, which means that the barrier to access information for law enforcement will be higher if such exceptional access is not possible. This will become a larger issue as time goes on. If we don’t solve it today, it will surface again in the future.

One thing is certain, the decisions we make today on this issue will have a profound impact to the future of privacy and civil liberty. As such, the more people we get to debate and ponder these issues today, the more informed the decisions we make collectively as a society will be.

Posted on February 28, 2016

Chenxi Wang

by Chenxi Wang

Chief Strategy Officer, TwistLock

Conference:
USA 2016

← View more Blogs

This document was retrieved from https://www.rsaconference.com/blogs/can-a-government-encryption-backdoor-and-privacy-coexist on Thu, 29 Sep 2016 21:31:20 -0400.
© 2016 EMC Corporation. All rights reserved.