Can a Government Encryption Backdoor and Privacy Coexist?


Posted on

On March 2 at 9:10 a.m. at the RSA Conference, I’ll be running a panel discussion on “Can government encryption backdoor and privacy coexist, or is it an oxymoron?” with Michelle Dennedy, the Chief Privacy Officer of Cisco, Richard Marshall, former General Counsel for the NSA, and Dr. Matthew Green, the Economist’s go-to source for encryption technologies.

My idea is to bring in a privacy expert, an encryption expert, and a policy maker to have a lively debate on this issue. Interestingly, it was a hot issue when we submitted the original panel proposal last year. But since then it has become an even more emotionally-charged topic since the dispute between Apple and the FBI made headlines.

With this panel we are trying to move away from discussing this as a black-and-white issue and have a more nuanced discussion. Both sides of the argument make some sound points, and we hope to dissect them one-by-one.

The arguments for the “against” side are as follows: 

  • The so-called “backdoor” will weaken the encryption strength of the system, and violate some of the tried-and-true design principles of secure systems.
  • There is no sufficient safeguard to prevent abuse. We don’t have well-defined legal oversight and due processes to govern who has access to the backdoor, the encrypted information, and how that information will be handled.
  • How can one stop foreign governments from mandating the same thing if the U.S. government can successfully mandate a “backdoor?”

The arguments for the “for” side are these:

  • Law enforcement should not be left completely blind to secret communications. Bill Gates made this point recently in his interview with Charlie Rose.
  • It is possible to design a crypto system that such a “backdoor” will not necessarily weaken the security strength of the system.
  • If we do not create legal backdoors, would it be possible that all secret communications would be outlawed? This will impact any end-to-end secure communications, including secure social media messaging, secure chat apps, and many more.

Michelle, Matt and Richard will take on these topics, one-by-one, and debate the validity and the implications of each. I’ve asked them to bring specific examples/precedents and concrete evidence to the table. Matt, for instance, will talk about a specific case in which the presence of an encryption backdoor led to a security compromise and the leak of highly sensitive information.

Apple’s fight against the FBI has also engendered some intriguing questions, including whether Apple’s characterization of what the FBI asked them to do as the “equivalent of a backdoor” is a sound one. Similarly, is the FBI’s claim that creating a way to unlock this particular phone does not equate the ability to unlocking millions of others a valid claim? 

A few other interesting points that worth pondering include:

  • Will a backdoor capability ever be a moral necessity, or at which point could it become a necessity? What if hundreds of lives are at stake? What would be the threshold—if any—that might make an encryption backdoor an acceptable practice?
  • Will Silicon Valley technology companies strike a deal with Washington D.C.? If so, what would that deal look like? If not, what will be the ultimate outcome to consumer secure communications?

Ron Rivest, Bruce Schneier and a panel of other experts recently published a report, “Keys Under Doormats” discussing this issue, and they stated: “The damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago.”

To compound the question, our society is becoming increasingly digitalized, which means that the barrier to access information for law enforcement will be higher if such exceptional access is not possible. This will become a larger issue as time goes on. If we don’t solve it today, it will surface again in the future.

One thing is certain, the decisions we make today on this issue will have a profound impact to the future of privacy and civil liberty. As such, the more people we get to debate and ponder these issues today, the more informed the decisions we make collectively as a society will be.

Privacy

privacy

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs