+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

John McCain says that terrorists using encryption is 'unacceptable' and wants companies to introduce backdoors

Feb 9, 2016, 16:23 IST

Advertisement
Sen. John McCain (R-Arizona).AP/ J. Scott Applewhite

Texas senator John McCain is again calling for the US to legislate against encryption technology, calling its use by terrorists "unacceptable."

Writing in Bloomberg View, the former Republican Presidential Candidate says that "the threat posed by the status quo is unacceptable ... But, just as Islamic State's growth through the establishment of safe havens in Iraq and Syria was not inevitable, the group's ability to use technology to the same end does not need to be either."

Encryption is a hot button topic right now. The technology allows users to protect their messages in such a way the cannot be deciphered without the correct password or key - even by law enforcement, or the company that built the tech.

It has been around for decades - but has been increasingly incorporated into mainstream tech products (like the iPhone) after NSA whistleblower Edward Snowden's revelations of government surveillance. This has made a lot of people very angry - principally law enforcement, who worry that vital evidence is "going dark."

McCain is calling for a legislative solution - but one that just won't work.

Advertisement

A broken lock holds a metal door shut after Israeli soldiers conducted house-to-house searches in the area for wanted militants February 20, 2003 in the Casbah of the West Bank town of Nablus. The Israeli Defense Force (IDF) has arrested approximately 40 Palestinians over the last 24 hours in operations in the ancient market area.David Silverman/Getty Images

John McCain says that Congress "should consider legislation that would require U.S. telecommunications companies to adopt technological alternatives that allow them to comply with lawful requests for access to content, but that would not prescribe what those systems should look like."

Software backdoors that will give law enforcement access to data, in short.

There are two key problems with this: Security, and efficacy.

First, let's deal with security (and privacy). McCain writes that "our security is threatened, not encouraged, by technologies that place vital information outside the reach of law enforcement. Developing technologies that aid terrorists like Islamic State is not only harmful to our security, but it is ultimately an unwise business model."

There's a famous saying among cryptographers and privacy activists: "You can't have a backdoor that's only for the good guys."

If you introduce a backdoor, there's the risk of it being exploited by anyone. If US companies are being forced to weaken their encryption - encryption that stores often highly sensitive and valuable data - you can be sure that hackers, some state-sponsored, will do their utmost to find these backdoors and use them. We've seen something similar happen recently, with an apparent backdoor in Juniper firewall software exploited by an unknown third-party.

Advertisement

But even ignoring privacy/security, there's still the issue of efficacy. Legislative attempts to crack down on encryption just won't work.

McCain acknowledges that "encryption technology is easy to get hold of and doesn't require much sophistication to use." Even if Congress did manage to force American companies to weaken encryption (crippling them commercially abroad in the process), any would-be terrorist/paedophile/criminal will simply switch to an encryption product not made in America.

Stop freaking out guys: This is the new normal.

A militant Islamist fighter waving a flag, cheers as he takes part in a military parade along the streets of Syria's northern Raqqa province.Reuters/Stringer

The use of encryption products by bad actors is well-documented. But this is inescapable. Because it's not just used by criminals: Strong encryption underpins modern finance, secures our data, supports government communications. We couldn't function without it. And it's impossible to tell which uses are "legitimate" and which uses facilitate illegal activity because it's all, well, encrypted.

Yes, this will be immensely frustrating to law enforcement unable to access certain communications. But there are still workarounds when investigators bump up against encryption.

Advertisement

Michael Hayden, the former director of the NSA, disagrees with the FBI's current push to undermine encryption. After early efforts in the 1990s to regulate encryption failed, "we were still able to do a whole bunch of other things [to get the info needed]," Hayden said at a panel in October 2015 attended by Motherboard. "Some of the other things were metadata, and bulk collection and so on."

It's an alluring idea that we should require government access to encrypted data. But it would be impossible to enforce, software developers outside of Western jurisdictions would totally disregard it, and it would put ordinary people's data at risk.

So yes, terrorists use encryption, and will continue to do so. But this is our new reality. As security researcher The Grugq puts it: "If your secure communications platform isn't being used by terrorists and pedophiles, you're probably doing it wrong."

NOW WATCH: This Google app could forever change the way you travel

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article