The Cybersecurity Argument For And Against Device Encryption
LINDA WERTHEIMER, HOST:
Long before the attacks in Paris and San Bernardino, law enforcement officials argued that terrorists use technology like encrypted communication tools to evade detection. FBI Director James Comey has made the case that encryption poses public safety and national security risks. He is calling for tech companies to make it possible to unlock encrypted devices if a court orders it done. But this same technology also keeps customer data secure and cuts down on identity theft. We called Rod Beckstrom to walk us through this debate. He is the former director of the National Cybersecurity Center. Welcome to our program.
ROD BECKSTROM: Thank you, Linda.
WERTHEIMER: So what is the concern? There's something called end-to-end encryption. What does that do and why is that a headache for law enforcement?
BECKSTROM: Sure, end-to-end encryption means that whether it's a phone call we're on or an email message we're sending or any form of electronic communication, that the content of that communication is encrypted from your device, such as your phone or PC, unto the other person's device at the other side, wherever they might be on the planet Earth. So end-to-end encryption, keeps things encrypted and that means that law enforcement, without a warrant, cannot read that information
WERTHEIMER: They can't intercept or break into...
BECKSTROM: Correct. Now, with a warrant, they can always go to the information service provider and attempt to get that information. But even then, they may not be able to because the party selling the encryption services may be a third party and may not even know who the parties are that are communicating.
WERTHEIMER: So what is the argument that tech companies make about the feasibility of designing technology that would satisfy everyone's concerns?
BECKSTROM: We're not all on the same page here. So most of us in the technology community are opposed to what we call backdoors that would allow law enforcement to tap in. And the reason is is if you put a backdoor in, hackers can presumably get a hold of that backdoor as well and break it open. So you make systems less secure for everyone if you do that.
WERTHEIMER: At a Senate hearing this month, FBI Director James Comey says he thinks that experts in this field aren't really trying hard enough to give the government access without also putting confidential data at risk. That is, I took it to mean that he's - thinks that if you try hard enough, you can think of something that is not a backdoor, that's different so that not everybody could get into it.
BECKSTROM: You know, yes, you can always argue that a backdoor can be built that's more secure, you know, and more difficult to get to and only law enforcement's going to get there. But nobody in the field of security believes that's ultimately going to provide this same protection that a tight end-to-end solution has without a backdoor. So I don't think it's a lack of will. I think it's an issue of what people view as constitutional rights under the Fourth Amendment, number one, and what customers and business partners expect around the world from secure computing systems. And it's a difference of view.
Look, if I were running the FBI, you know, I probably would want to have backdoors as well, so I'm sympathetic to the director's view. But there is risk if you put that backdoor in. There's no question you enhance the risk, number one. Number two, there are the privacy implications that are of concern to parties.
WERTHEIMER: When you were working for the government, obviously you were institutionally on a different side of the argument. You were on the side of being able to get into whatever you needed to get into and find out whatever you needed to find out. What happened? Did you have a sort of a Saul of Damascus moment? I mean, did you always believe what you believe now?
BECKSTROM: My beliefs really haven't changed since I was in government. If anything, it gave me appreciation for how challenging it is for the government to balance and play the roles that it needs to, both wanting to keep the nation secure, both having the rights to collect extensive intelligence overseas, less so within the country. You know, the richness of that debate in many ways would, I think, make the founders of our country proud.
WERTHEIMER: Rod Beckstrom was the founding director of the U.S. National Cybersecurity Center. Thank you very much for this.
BECKSTROM: Thank you, Linda. Great to be on your show. Transcript provided by NPR, Copyright NPR.