Obama group quietly explored ways to bypass smartphone encryption

26 Sep 2015 | Author: | No comments yet »

Obama administration explored backdoors for bypassing smartphone crypto.

WASHINGTON — An Obama administration working group has explored four possible approaches tech companies might use that would allow law enforcement to unlock encrypted communications — access that some tech firms say their systems are not set up to provide. A group of law enforcement officials, intelligence agents and diplomats conjured up ways to access encrypted data over the summer, according to The Washington Post. The approaches were analyzed as part of a months-long government discussion about how to deal with the growing use of encryption in which no one but the user can see the information. But while the White House decided each option was “technically feasible,” officials have decided against offering them as official “administration proposals” or even releasing them publicly.

The memo, drafted this summer by officials from law enforcement, intelligence, diplomatic and economic agencies, was created for eventual consideration by White House cabinet members. Among the four, the most alarming one is perhaps the proposal that suggests the use of software upgrades to introduce spyware into the target’s device, because that sounds like it could be easily abused. However, the memo warned, this could “call into question the trustworthiness of established software update channels” and might lead some users to opt out of updates, which would eventually leave their devices less secure. One method was for providers to add a separate encrypted port to their devices through which law enforcement could access the data after receiving a warrant by using a set of keys that only they would have.

Cryptologists and privacy hawks on Capitol Hill maintain that nefarious actors, such as hackers and foreign spies, would inevitably exploit any backdoor. The group also listed splitting encryption keys that can only be combined with the court’s permission and having companies back up data to an unsecured location for access by authorities as other possible approaches.

Technically, the group said, encryption falls into one of three categories – data stored on consumer devices, communications moving between parties and that which is stored in remote locations. The necessary hardware changes could be costly for US manufacturers, but the physical access required by this method could limit some of the cybersecurity risks, the memo said. The administration continues to welcome public discussion on this issue as we consider policy options.” “Any proposed solution almost certainly would quickly become a focal point for attacks,” said the memo. “Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce ‘backdoors’ or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation,” the memo read, as reported by the Post. While it’s no secret that feds would love to have access to private information, senior officials insist that these four are nothing but proofs-of-concept.

Technologists argue that such approaches would weaken the security of encryption by adding layers of complexity that could hide bugs and create new potential targets for hackers. One of them told the Post that they’re “just saying these are things that could be done,” while National Security Council spokesman Mark Stroh assured the publication that these proposed actions aren’t being actively pursued. The working group advocated having intended use cases drive tech methods to break encryption and said the methods could be enforced in various ways—through laws, Executive action or by building tech limitations into devices or services. But the memo cautioned that this approach might make people wary of necessary software updates, which are often used to improve a device’s security. In May, 140 tech companies, including Apple and Google, and cryptology experts signed a letter that was sent to President Obama calling on his administration to push back against any proposals seeking to weaken encryption security for the benefit of policing agencies. “Strong encryption is the cornerstone of the modern information economy’s security,” the letter reads, adding that the Obama administration must “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.

FBI Director James Comey continued his push for Silicon Valley to give the federal government backdoor access to encrypted data at a congressional hearing on September 10. You’ll get to keep your current user name (as long as it doesn’t contain invalid characters, in which case you’ll have to go through a few extra steps to make the transfer), and all your old comments will eventually (not immediately) migrate with you.

But this might put significant constraints on companies, the memo noted, saying it would require that they design new backup channels or “substantially” modify existing systems. Cryptologists were wary of this proposal when it was initially floated, and the memo conceded that it would be “complex to implement and maintain.” All four approaches are tantamount to the much maligned “backdoor,” which is partly why the administration decided not to move forward with any one idea. The day after Comey testified, an MIT report warned that the government’s plans to weaken online encryption “would undo progress on security” in a post-Snowden world, making it easier for hackers to access sensitive material. Law enforcement has locked horns with providers and privacy advocates, claiming that encryption would thwart their efforts to track and nab criminals and terrorists.

Such a system, he suggested, is not “fundamentally insecure.” “The simple fact is that data stored in the cloud is unquestionably less secure and more vulnerable to a Sony Pictures-style attack,” said Kevin Bankston, director of New America’s Open Technology Institute, referring to the hack last year of the Hollywood movie studio’s computer network.

Here you can write a commentary on the recording "Obama group quietly explored ways to bypass smartphone encryption".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site