In recent years, electoral candidates in the US have found a new topic – the encryption debate – to garner more support from prospective voters and to deride their rivals for their opposing stance. Moreover, the increasing controversy over encryption is transcending the traditional boundaries of online safety and gaining more mindshare among the businesses and netizens globally.
Below, we have collated a list of 5 events surrounding the encryption debate that has rocked the infosec community in the recent past.
1. The Federal Bureau of Investigation (FBI) has been haranguing Apple Inc. to help them unlock the iPhone of one of the shooters involved in the 2015 San Bernardino massacre. When Apple categorically rejected the request, the FBI took matters to the federal court, and now the iPhone maker is faced with one of the biggest corporate dilemmas in history. The company was summoned to clarify its stance to the US House of Representatives committee on 1 March 2015 about its refusal to comply with the US Department of Justice’s order to create a backdoor for the FBI to investigate the phone data.
In its defense, Apple’s CEO Tim Cook wrote an open letter addressed to its consumers emphasizing the importance of encryption and saying that “it would be wrong for the government to force us to build a backdoor into our products.” Ted Olson, one of Apple’s stalwart lawyers is alleging the US government for acting like a despot and infringing individual’s right to privacy and free speech. Technocrats from other megacorps such as Facebook and Google have overtly voiced their support for Apple in this encryption debate.
The terrorist attack in Paris that took place in November 2015 had also sparked similar controversy around the use of encryption by anti-social elements to perpetrate mass atrocities.
2. Not all companies with encrypted products have as strong backs as Apple and some cease to exist owing to government bullying. This was the case with Lavabit, a now-defunct email service provider that was dragged into controversy because of its connection with the American fugitive whistleblower Edward Snowden. In 2013, the US government ordered Lavabit to turn over the company’s Secure Sockets Layer (SSL) keys to the investigating authorities gathering information on Snowden, who used Lavabit for his email correspondence.
Ladar Levison, the owner, and operator of the webmail service suspended the operations abruptly and didn’t reveal the reason behind the discontinuation citing a gag order from a court. Security analysts believe that Levison gave up the webmail venture instead of complying with the government, and inspired a similar story when another encrypted communications firm, Silent Circle, discontinued its email service the same year.
3. Sometimes, encryption breach happens as a result of negligence and not a clutch of circumstances. That was the case in early 2013 when Microsoft Corporations reported an outage of its Windows Azure Cloud caused by an expired SSL certificate. Although the interruption lasted only for 24 hours and the company updated the SSL encryption back to HTTPS traffic, it faced public wrath for overlooking a security standard as rudimentary as SSL certificate renewal. Microsoft reportedly spent $15 billion to create the Azure cloud infrastructure, and yet, it failed to update the website’s SSL renewal that costs less than $100, or comes free if you issue your own as in the case of Microsoft.
The company consequently apologized for the oversight and the inconvenience it caused the users and declared to refund Azure customers affected by the outage.
4. In 2013, a scoop story from Reuters reported that the National Security Agency (NSA) fed $10 million to RSA Security LLC, the Massachusetts-based network security company, to include a formula in its encryption products to help the intel agency pursue its illegal surveillance activities.
Reuters cited the information to documents leaked by estranged CIA employee Edward Snowden, which mentioned that the NSA made similar contracts with other security product manufacturers, but became more successful in their attempt when RSA’s Bsafe toolkit distributed the “backdoor” formula widely.
The encryption debate might not see a collective consensus from all quarters, but what’s clear is that the tug of war between Washington DC and Silicon Valley has more nations and entities interested in the matter that is so vital for our future safety – both online and in the real world.