Harvard study says Apple's Tim Cook was right: encryption bans, backdoors wouldn't work

Posted:
in General Discussion
Efforts by the FBI and certain lawmakers seeking to ban Apple and other U.S. companies from selling products with real encryption will not be effective, note researchers in a study citing 865 encryption products already available in 55 countries--two thirds of which originate outside the U.S.




Why encryption backdoors don't make sense



The study for Harvard University's Berkman Center for Internet and Society, conducted by cryptography expert Bruce Schneier and colleagues Kathleen Seidel and Saranya Vijayakumar, surveyed the availability of encryption products worldwide, compiling findings that make it clear that U.S. laws to weaken domestic encryption wouldn't stop malicious users from obtaining foreign encryption, but would put U.S. firms at a competitive disadvantage.

Schneier noted that an earlier form of the same findings were published back in 1999, when the Federal Government was considering whether to continue classifying strong encryption as a "munition" banned for export outside the U.S.

IN 1997, the FBI's director Louis Freeh had testified to the US. Senate Judiciary Committee that without backdoors, the export of real encryption products "ultimately will devastate our ability to fight crime and prevent terrorism. Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity."

However, Schneier's report showed that restricting the export of real encryption products "had done nothing to reduce their availability around the world," but was making it harder for U.S. firms to compete globally.

Seventeen years later, an updated version of the same survey discovered 546 foreign encryption products, "44% of which are free," and "34% are open source."

It noted, "there is no difference in the advertised strength of encryption products produced in or outside the US. Both domestic and foreign encryption products regularly use strong published encryption algorithms such as AES. Smaller companies, both domestic and foreign, are prone to use their own proprietary algorithms."

The report added, "some encryption products are jurisdictionally agile. They have source code stored in multiple jurisdictions simultaneously, or their services are offered from servers in multiple jurisdictions. Some organizations can change jurisdictions, effectively moving to countries with more favorable laws."

It further concluded, "anyone who wants to evade an encryption backdoor in US or UK encryption products has a wide variety of foreign products they can use instead: to encrypt their hard drives, voice conversations, chat sessions, VPN links, and everything else.

"Any mandatory backdoor will be ineffective simply because the marketplace is so international. Yes, it will catch criminals who are too stupid to realize that their security products have been backdoored or too lazy to switch to an alternative, but those criminals are likely to make all sorts of other mistakes in their security and be catchable anyway.

"The smart criminals that any mandatory backdoors are supposed to catch--terrorists, organized crime, and so on--will easily be able to evade those backdoors."

Apple on encryption



Apple's chief executive Tim Cook has made privacy--and the encrypted security protecting users' privacy from corporate, government or terrorist snooping--into a key issue.

A year ago, Cook stated in an interview that "none of us should accept that the government or a company or anybody should have access to all of our private information," adding, "This is a basic human right. We all have a right to privacy. We shouldn't give it up. We shouldn't give in to scare-mongering or to people who fundamentally don't understand the details."

Apple CEO Tim Cook
Apple CEO Tim Cook


"Terrorists will encrypt. They know what to do," Cook said. "If we don't encrypt, the people we affect are the good people. They are the 99.999 percent of people who are good."

He added, "You don't want to eliminate everyone's privacy. If you do, you not only don't solve the terrorist issue but you also take away something that is a human right. The consequences of doing that are very significant."

In January, Cook reiterated his stance that "any backdoor means a backdoor for bad guys as well as good guys" at a security summit attended by FBI director James Comey and a variety of counterterrorism advisors including the National Security Agency.

There ought to be a law!



The magical allure of being able to tap into the encrypted messages of terrorists and other criminals has remained a political football. In the UK, Prime Minister David Cameron joined proponents of an Investigatory Powers Bill intended to force companies to include software backdoors and enable forced access to encrypted devices when requested by the police.

Apple issued a formal challenge to the legislation in December, stating that "the creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers. A key left under the doormat would not just be there for the good guys. The bad guys would find it too."

That same month, U.S. Senator Tom Cotton, a Republican from Arkansas, appeared on 60 Minutes to vilify Cook's message, stating that with effective encryption, companies like Apple, Google and Facebook can be expected "to become the preferred messaging services of child pornographers, drug traffickers, and terrorists."

Last month in New York, the state assembly considered a bill seeking to demand that any phones sold in the state "be capable of being decrypted and unlocked by its manufacturer or its operating system provider." California also considered a similar bill.

Earlier this week however, the ENCRYPT Act, sponsored by House Democrat Ted Lieu and Republican Blake Farenthold, was crafted at the federal level to bar individual states and localities from requiring backdoors in encryption.

Encryption and terrorism



In 2014, the the Electronic Frontier Foundation reported that among consumer security products, Apple's iMessage and FaceTime "stood out as the best of the mass-market options,"

The EFF also noted that competing products, including AIM; BlackBerry Messenger; Facebook's Messenger and WhatsApp; Google Chat and Hangouts; Microsoft's Skype; Secret; SnapChat and Yahoo Messenger all failed to provide similar end-to-end encryption to Apple's.

A year later, an OPSEC manual was discovered being distributed among supporters of the Islamic State, recommending the use of Apple's iMessage as being securely encrypted, unlike most other American products.


Android is the platform of choice for Al-Qaeda


However, ISIS terrorists behind the recent Paris attacks were using unencrypted channels to coordinate, and there's no evidence that ISIS is actually using iMessage, as the OPSEC manual was originally written for journalists operating in Israel and Gaza by researchers in Kuwait. ISIS operates across a series of regions where iPhones have very low penetration.

Middle Eastern terrorist groups like ISIS and Al Qaeda overwhelmingly use cheap, commodity products due to the "large availability and affordability of Android phones, especially in underdeveloped countries," and know how to equip them with third party encryption software outside the jurisdiction of U.S. or U.K. laws.

"If you halt or weaken encryption," Cook warned, "the people that you hurt are not the folks that want to do bad things. It's the good people. The other people know where to go."
«1

Comments

  • Reply 1 of 33
    mobiusmobius Posts: 380member
    Okeeeey...but why did we need a Harvard University study and a cryptography expert to tell us something this obvious?
    old-wizargonautmagman1979kevin kee
  • Reply 2 of 33
    Any privileges and special access good guys have, bad guys have it.

    All special access three letter agencies have, local criminals have it, though few of them. These antisocial elements have their members in police and other three letter agencies, don't believe me? Go and speak with anyone who has been with those agencies for sometime.

    If bad buys get access to encryption keys, they will not have to stand outside your house to determine if you are on vacation. They will have access to your emails, messages, calendars and everything else online.

    Lawyers will be out of job and we will not need court. In legal battles if opposition can find out the evidence or arguments they could go around it and win the case.

    Our adversaries and terrorists will have all the information they need. Not to mention companies building these products will take a big hit as consumers will buy products from other countries with strong encryption.

    It will be chaos, if it every happens.


    cornchiplostkiwiradarthekat
  • Reply 3 of 33
    mobius said:
    Okeeeey...but why did we need a Harvard University study and a cryptography expert to tell us something this obvious?
    Because we have warning labels that tell us drinking something hot might burn you. lol We live in a socially were if it's not broken down in the most simplistic view, people often completely ignore it.. and then, even though it's their own fault, want to blame someone else anyway.
    lostkiwicapasicumlatifbpkevin kee
  • Reply 4 of 33
    jfc1138jfc1138 Posts: 3,090member
    mobius said:
    Okeeeey...but why did we need a Harvard University study and a cryptography expert to tell us something this obvious?
    Because the cops, here and abroad, keep pushing it.

    The Harvard people aren't terrorists OR selling hardware so they can offer a neutral viewpoint to counter the "puppies will die" of the grandstanding pols.
    edited February 2016 williamlondonjbdragonbobroowetlandercornchipmwhitegtrlostkiwitom j
  • Reply 5 of 33
    maestro64maestro64 Posts: 5,043member
     Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity."

    I like that statement, as if encryption allows these groups to communicate without impunity, they already communicate everyday without the government knowing what they do, they go behind close doors and talk to one another or better yet they walk out into the desert and talk. Our government relays too much on technology to catch the bad guys. This is why it took them so long to find and kill bin laden he stop using technology and just had humans carry the message in their heads.

    jbdragonbobroocornchipmwhitecapasicumSpamSandwichtom j
  • Reply 6 of 33
    linkmanlinkman Posts: 1,046member

    In January, Cook reiterated his stance that "any backdoor means a backdoor for bad guys as well as good guys" at a security summit attended by FBI director James Comey and a variety of counterterrorism advisors including the National Security Agency.
    The Director apparently attended but not not pay attention or understand that information. He implies or states outright that Apple is not complying with a court order to decrypt a San Bernardino shooter's phone in spite of the fact that there is no backdoor.
  • Reply 7 of 33
    lkrupplkrupp Posts: 10,557member
    JamesUp said:


    Not to mention companies building these products will take a big hit as consumers will buy products from other countries with strong encryption.

    It will be chaos, if it every happens.


    No, that won’t happen. That’s a techie wannabe wet dream.
  • Reply 8 of 33
    lkrupp said:
    JamesUp said:


    Not to mention companies building these products will take a big hit as consumers will buy products from other countries with strong encryption.

    It will be chaos, if it every happens.


    No, that won’t happen. That’s a techie wannabe wet dream.
    If Blackberry offered strong encryption and Apple made the encryption weaker, which product will anyone (or at least those who understand implications) buy?
    mwhite
  • Reply 9 of 33
    cornchipcornchip Posts: 1,954member
    Genius. Thanks guys...
  • Reply 10 of 33
    idreyidrey Posts: 647member
    Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. Benjamin Franklin.

    i see encryption the same way I see guns. We don't have them to protect us from only the bad guys, we also have them to protect us from the government.
    capasicumSpamSandwich
  • Reply 11 of 33
    So the real answer is to ban Android - the favorite of terrorists and Snidely Whiplash types
  • Reply 12 of 33
    #noshit

    The political class which overuses the term while lacking the the most - common sense.  They should be trusted to do the least work resulting in the most damage that can only be solved by.... more political class.

    "Government is not reason, it is not eloquence, it is force; like fire, a troublesome servant and a fearful master. Never for a moment should it be left to irresponsible action."
      -GW a.k.a. "My Main Man"


  • Reply 13 of 33
    muppetrymuppetry Posts: 3,331member
    idrey said:
    Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. Benjamin Franklin.

    i see encryption the same way I see guns. We don't have them to protect us from only the bad guys, we also have them to protect us from the government.
    Benjamin Franklin didn't mean what you think he did. I suggest that you read the papers. The incessant repetition of that quote to support an entirely different agenda is tiresome.
    kevin kee
  • Reply 14 of 33
    idreyidrey Posts: 647member
    muppetry said:
    idrey said:
    Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. Benjamin Franklin.

    i see encryption the same way I see guns. We don't have them to protect us from only the bad guys, we also have them to protect us from the government.
    Benjamin Franklin didn't mean what you think he did. I suggest that you read the papers. The incessant repetition of that quote to support an entirely different agenda is tiresome.
    May be so, but I have lived long enough to see what happens to people when the government have too much power. And Ben Franklin didn't say the thing about the gun that was somebody else. The government is always selling two things, fear and security, and OH the children, think of the children. I am not unti government, I just belief that everything needs to be checked and balance and that people should never give up their rights for any reason, everybody have the right to protect them self and not rely on anybody.
  • Reply 15 of 33
    AppleInsider said:

     "The other people know where to go."
    that's the key right there. you force a backdoor and the criminals etc will just find a different way to talk. likely while they are working to hack the backdoors and steal tons of info. 
    radarthekat
  • Reply 16 of 33
    muppetry said:
    idrey said:
    Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. Benjamin Franklin.

    i see encryption the same way I see guns. We don't have them to protect us from only the bad guys, we also have them to protect us from the government.
    Benjamin Franklin didn't mean what you think he did. I suggest that you read the papers. The incessant repetition of that quote to support an entirely different agenda is tiresome.

    interesting article about that very topic. it actually makes me want to go back and read the full text for myself. https://www.lawfareblog.com/what-ben-franklin-really-said
  • Reply 17 of 33
    muppetrymuppetry Posts: 3,331member
    muppetry said:
    Benjamin Franklin didn't mean what you think he did. I suggest that you read the papers. The incessant repetition of that quote to support an entirely different agenda is tiresome.

    interesting article about that very topic. it actually makes me want to go back and read the full text for myself. https://www.lawfareblog.com/what-ben-franklin-really-said
    Not hard to find...

    http://franklinpapers.org/franklin/framedVolumes.jsp?vol=6&page=238a
  • Reply 18 of 33
    christophb said

    "Government is not reason, it is not eloquence, it is force; like fire, a troublesome servant and a fearful master. Never for a moment should it be left to irresponsible action."
      -GW a.k.a. "My Main Man"


    That's a good quote, but Washington never said it.
  • Reply 19 of 33
    @Cook: "We shouldn't give in to...people who fundamentally don't understand the details."

    I would hope there wouldn't be anyone reading this story who falls into the category Cook is referring to.
  • Reply 20 of 33
    felix01 said:
    @Cook: "We shouldn't give in to...people who fundamentally don't understand the details."

    I would hope there wouldn't be anyone reading this story who falls into the category Cook is referring to.
    I really think Cook needs to run for a position in Congress, or at the bare minimum vastly increase Apple's lobbying efforts. Money is speech, whether one agrees with that or not, it's what makes the difference between getting your way or getting steamrolled.
Sign In or Register to comment.