Former US intelligence director backs end-to-end encryption
Introducing weakened iOS code would be like ‘creating a bacterial biological weapon’
Two former high-ranking US government officials have argued in favour of encryption and said they believed the FBI is misguided in trying to force Apple to unlock an encrypted iPhone used in a terrorist shooting attack in California. Photo: Bloomberg
Two former high-ranking US government officials have argued in favour of encryption and said they believed the FBI is misguided in trying to force Apple to unlock an encrypted iPhone used in a terrorist shooting attack in California last December.
The two were participating on a panel at the annual RSA Security Conference entitled “Beyond Encryption: Why We Can’t Come Together on Security and Privacy — and the Catastrophes That Await If We Don’t.”
Former US director of National Intelligence and Navy vice admiral Mike McConnell, and former Department of Homeland Security secretary Michael Chertoff both said end to end encryption, free from ‘back doors’ allowing law enforcement access, was critical for businesses.
Chertoff —one of the authors of the US Patriot Act that gave the NSA much broadened surveillance powers — said that if Apple were forced to rewrite the iPhone operating system to introduce weakened code, it would be like “creating a bacterial biological weapon.” Such weaknesses would quickly be taken advantage of by criminal elements.
The FBI’s demands “would require Apple to create and maintain that code in a way that could allow it to [leak to attackers],” he said. “I also think there’s an issue here of using courts to not just open a single door (on one phone), but to create, effectively, malware, a tool that could disrupt security.”
McConnell, now senior executive advisor at Booze Allen Hamilton, stated the country needed “ubiquitous encryption”, noting that weakened encryption programs could make the US vulnerable to surveillance and attacks by other nations.
He said his former opposition to end to end encryption changed when “I started to weigh in my own mind … the greater common good.”
Chertoff said businesses needed the protection provided by encryption to remain innovative and productive, and warned that without it, the economic engine driven by the technology sector could falter.
He said that the government had not stepped into the role of providing security for business.
“If we ask the private sector to be in control of security, then we have to allow them to have tools to carry out that mission,” he said.
However, their position was not entirely new. Last July, Chertoff and McConnell, along with former Department of Homeland Security Secretary William Lynn, wrote an op-ed piece in support of end to end encryption for the Washington Post.
In it, they argued that if trusted strong encryption technology were no longer publicly available, attackers would source other technologies for evading detection, most likely on the dark web. This “could lead to a perverse outcome in which law-abiding organisations and individuals lack protected communications but malicious actors have them,” they wrote.
Chertoff and McConnell also debated the need to find ways for law enforcement to access criminal and terrorist communications. Both advocated a dialogue with the security industry and the general public about such issues.
McConnell said lawmakers in Washington had a poor grasp of technological matters and pushed for a panel of experts to advise on complex issues like encryption. He flagged a project he is involved with, called Digital Equilibrium —www.digitalequilibriumproject.com — to try and find middle ground on privacy and security issues between policymakers, security experts and privacy advocates.
A day earlier at the conference, current US Secretary of Defence Ashton Carter also seemed to support strong encryption and oppose weakening it with back doors.
“I’m not a believer in back doors or a single technical approach,” he told a conference audience. “I don’t think it’s realistic.”
Carter also announced a new Hack the Pentagon initiative, which will reward hackers who can uncover flaws in the Pentagon’s computer networks.