On The Rocks Blog

How the Candidates are Getting Encryption Wrong

Facebook, Friends, Free Speech, and Political Correctness

Apple has thrown encryption and security to the top of the presidential debate stage, with many of the candidates offering their opinions on whether or not Apple should create a backdoor to unlock Syed Farook’s iPhone. Unfortunately, the Republican candidates are taking a stance that I cannot support, and the closest candidate to my own opinion on the matter is Bernie Sanders. Who would have thought.

I believe we have a disconnect between how the technology works and how it relates to our Constitutionally ensured rights.

I believe we have a disconnect between how the technology works and how it relates to our Constitutionally ensured rights. Encryption is a complex subject, and how it is implemented in various environments is even more complex. However, it seems fairly straightforward to me, because I believe that encryption is protected by the first amendment: free speech.

It is unlikely that the founding fathers could have foreseen the technological capabilities we take for granted today, but the principles they established in the constitution extend to our modern world and the technology that we use every day. At times that extension needs more clarification and interpretation, but the very nature of a principle means that it will still be relevant.

First, before we can discuss the constitutionality of encryption, we have to have a basic understanding of what it is, and what it isn’t. Modern encryption comes in many forms, for protecting data during transit, during storage, and even for allowing anyone to send encrypted messages using a public key (public key cryptography).

Encryption for data storage is easily available and can be implemented with minimal understanding of the underlying technology and how it works. Open source software such as Truecrypt has been available for years, allowing anyone to securely store data, and thwart the best attempts by anyone to crack it (assuming a strong password/key). Strangely, the developers behind Truecrypt (who remained anonymous) mysteriously took down the source code and put up a holder page recommending anyone looking for data security use BitLocker (Microsoft) of all solutions, prompting the security community to suspect a conspiracy.

Encrypting data in transit is inherently more complicated, but you can think of it as two people who have a secret codebook that allows them to play a giant game of telephone without allowing those in the middle to know what the message is or let them change the message without warning the other receiving person.

But what do you do if you want to communicate with someone and you don’t have a pre-shared secret codebook? That’s the beauty of public key cryptology, which is what allows you to browse the web securely. Whenever you see the green lock and https next to a website’s url (like on this website), you know that your connection between your browser and the website’s server is private (assuming your computer itself is secure). Public key cryptology allows you to communicate securely long enough to create a secret codebook to use for two-way secret communication.

One of the things about technology, is that once it’s discovered, you cannot go back to not having it. The cat is out of the proverbial bag, and so your options are restricting the use of it. The problem is that our constitution fundamentally protects the freedom of speech, in all it’s forms, not just spoken word. There were codebooks at the time it was written, and they did not create an exception that freedom of speech only applies if everyone can know what was being said. That should be clear, and yet candidate Trump says that the American people should boycott Apple because they are standing up for individuals right to free speech.

“First of all, Apple ought to give [authorities] the security to that phone,” Trump told the crowd at a South Carolina rally on Friday. “What I think you ought to do is boycott Apple until they give that security number. I just thought of that—boycott Apple.”

First thing you should notice is a complete lack of understanding about the technical requirements for Apple to provide access to Farook’s phone. It is not a matter of giving a “security number.” It is a matter of finding a hole in the security of the phone software that can be exploited to overcome the encryption. Apple’s system is designed to be secure: which means they do not have access to a user’s information when they use the encryption feature. That’s the whole point – if Apple itself has access, then it’s not secure.

If Apple succumbs to the request by the justice department, they will essentially be breaking their own software intentionally, and of course will be required to not fix it. This means that when (not if) other governments or hacker groups discover the same backdoor, they can use it against whoever has that phone, be it government officials, corporate executives, or Christian missionaries operating covertly in a dangerous country.

It is unbelievable to me that Republican candidates who claim to be in favor of upholding the Constitution would get this issue so wrong.

“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”
– Ben Franklin

 

Exit mobile version