Apple, other tech companies continue to resist encryption backdoor proposals by FBI, U.S. ...
A group made up of Apple and other major technology companies is increasing its efforts to fight attempts by government agencies to force the addition of encryption backdoors, following reports US law enforcement bodies are forming new proposals to gain access to protected data.
J. Edgar Hoover FBI Building
The privacy-focused coalition, Reform Government Surveillance (RGS), issued a statement following reports the FBI and the U.S. Department of Justice are preparing another push to get tech companies to add backdoors to their products, to defeat end-to-end and device-based encryption measures.
"Recent reports have described new proposals to engineer vulnerabilities into devices and services - but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement first spotted by ZDNet reads. "Weakening the security and privacy that encryption helps provide is not the answer."
RGS refers to a report from March 26, claiming the FBI and Justice Department members had met with security researchers on ways to enable "extraordinary access" to encrypted devices, and are apparently convinced it is possible to enable a backdoor without weakening security completely.
The technique suggested apparently involved using a special access key that would be generated whenever a device encrypts itself, which would be used to detour around passcodes. Such a key would be stored locally in a separately encrypted space, similar to the Secure Enclave on iOS devices.
Such a system could require a number of people at Apple and other firms to have access to the key, but the large numbers of people involved would raise the risk of leaks that would undermine the security.
RGS recently agreed to add a sixth core principle to its list, to guide its future advocacy efforts. The principle, titled "Ensuring Security and Privacy through Strong Encryption," calls for governments to stop attempting to force companies to add backdoors to their devices, apps, and services.
"Strong encryption of devices and services protects the sensitive data of our users," the principle reads, noting encryption protects governments as well as individuals and businesses. "Strong encryption also promotes free expression and the free flow of information around the world."
Forcing technology companies to create vulnerabilities that work against encryption would "undermine the security and privacy of our users, as well as the world's information technology infrastructure."
While RGS acknowledges that governments are "responsible for protecting the safety and security of their citizens," and are increasing their demands for law enforcement officials to gain access to user data as part of an investigation, the group "respectfully disagrees" with calls for legislation that would require the creation of purpose-built vulnerabilities.
Rather than adding a backdoor, RGS advises the companies that make up the coalition would continue to collaborate with policymakers to "seek out common sense solutions that are consistent with established norms of privacy, free expression, and the rule of law."
The normal argument against law enforcement backdoors is that they are inherently unsafe, due to the possibility of being misused by hackers or foreign governments with malicious intents.
Apple senior vice president of software engineering Craig Federighi advised last month "Proposals that involve giving the keys to customers' device data to anyone but the customer inject new and dangerous weakness into product security. Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses, or even manage vital infrastructure like power grids and transportation systems."
RGS counts Apple as one its members, along with other well-known firms, including Google, Facebook, Microsoft, Oath, LinkedIn, Dropbox, Evernote, Snap, and Twitter. A previous effort by RGS involved writing an open letter to members of the US government and law enforcement, urging for a drastic change in surveillance laws, following the bulk-collection of data revealed by former NSA contractor Edward Snowden, with the revelations prompting the creation of the group.
J. Edgar Hoover FBI Building
The privacy-focused coalition, Reform Government Surveillance (RGS), issued a statement following reports the FBI and the U.S. Department of Justice are preparing another push to get tech companies to add backdoors to their products, to defeat end-to-end and device-based encryption measures.
"Recent reports have described new proposals to engineer vulnerabilities into devices and services - but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement first spotted by ZDNet reads. "Weakening the security and privacy that encryption helps provide is not the answer."
RGS refers to a report from March 26, claiming the FBI and Justice Department members had met with security researchers on ways to enable "extraordinary access" to encrypted devices, and are apparently convinced it is possible to enable a backdoor without weakening security completely.
The technique suggested apparently involved using a special access key that would be generated whenever a device encrypts itself, which would be used to detour around passcodes. Such a key would be stored locally in a separately encrypted space, similar to the Secure Enclave on iOS devices.
Such a system could require a number of people at Apple and other firms to have access to the key, but the large numbers of people involved would raise the risk of leaks that would undermine the security.
RGS recently agreed to add a sixth core principle to its list, to guide its future advocacy efforts. The principle, titled "Ensuring Security and Privacy through Strong Encryption," calls for governments to stop attempting to force companies to add backdoors to their devices, apps, and services.
"Strong encryption of devices and services protects the sensitive data of our users," the principle reads, noting encryption protects governments as well as individuals and businesses. "Strong encryption also promotes free expression and the free flow of information around the world."
Forcing technology companies to create vulnerabilities that work against encryption would "undermine the security and privacy of our users, as well as the world's information technology infrastructure."
While RGS acknowledges that governments are "responsible for protecting the safety and security of their citizens," and are increasing their demands for law enforcement officials to gain access to user data as part of an investigation, the group "respectfully disagrees" with calls for legislation that would require the creation of purpose-built vulnerabilities.
Rather than adding a backdoor, RGS advises the companies that make up the coalition would continue to collaborate with policymakers to "seek out common sense solutions that are consistent with established norms of privacy, free expression, and the rule of law."
The normal argument against law enforcement backdoors is that they are inherently unsafe, due to the possibility of being misused by hackers or foreign governments with malicious intents.
Apple senior vice president of software engineering Craig Federighi advised last month "Proposals that involve giving the keys to customers' device data to anyone but the customer inject new and dangerous weakness into product security. Weakening security makes no sense when you consider that customers rely on our products to keep their personal information safe, run their businesses, or even manage vital infrastructure like power grids and transportation systems."
RGS counts Apple as one its members, along with other well-known firms, including Google, Facebook, Microsoft, Oath, LinkedIn, Dropbox, Evernote, Snap, and Twitter. A previous effort by RGS involved writing an open letter to members of the US government and law enforcement, urging for a drastic change in surveillance laws, following the bulk-collection of data revealed by former NSA contractor Edward Snowden, with the revelations prompting the creation of the group.
Comments
give us your WhatsApp data. We are good people.
The Government wanted weakened security because of a TINY fraction of people. So screw everyone for the minority!!! More dumb logic. There's a reason most Encryption software development is done outside of the U.S. It's because of this crap. It should have been done and over with, with the whole Clipper Chip garbage when ended up getting cracked. The government saw reason finally and stopped it. What country would buy U.S. products knowing there was backdoor access in the hardware? That was the biggest reason they stopped it.
Fact of the matter is, you can buy a Android Phone and throw on any number of 3rd party Open source Encryption software that has NO BACK DOOR, and the U.S. Government can't do anything to stop that. So most users are screwed, and the Criminals will figure out can to protect themselves.
Once people know there's a backdoor that exists, people will be trying to figure it out and at some point getting in. Though the keys will get out anyway. How many leaks now has the Government have so far. Many!!! Once the Key spreads around from the FBI to the Police departments and around the world to all the other countries, it's only a period of time before someone puts them out there. Maybe someone gets bribed for them. It's going to happen. Then it's all of US that start being screwed over.
This is why we can't have nice things.