The US National Security Agency (NSA) appears to be increasingly concerned about the growing adoption of encryption and its ability to thwart the agency’s surveillance efforts.
Now, after months of debate with tech firms about government access to encrypted data on smartphones and other devices, the NSA has proposed a solution which it hopes will strike a balance between its desire to know everything about everyone and the average law-abiding citizen’s right to privacy.
According to The Washington Post, that solution – put forward by NSA director Michael S. Rogers – lies in a multi-part encryption key, created by various tech companies, which could unlock any device.
Speaking at Princeton University recently, Rogers said the key could be broken into several parts, meaning no one agency or company would be able to use it without the co-operation of the others:
I don't want a back door. I want a front door. And I want the front door to have multiple locks. Big locks.
With the highly contentious Section 215 of the Patriot Act – legislation that has allowed mass eavesdropping from the security services – due to sunset on 1 June 2015, privacy rights groups and concerned members of the public have long been voicing their concerns about bulk data collection.
Add to that the fact that firms such as Apple, Google and Microsoft recently sent a letter to President Barack Obama which demanded an end to data collection, and you can probably see why the NSA is exploring more palatable alternatives.
The debate about encryption and government access comes about as tech companies continue to make customer privacy a key selling point for their products and services.
Companies like Apple – which recently took the decision to enable device encryption by default and made key promises to its customers concerning their privacy – are giving the NSA a real headache as the agency argues the need for government access to data to aid in the battle against crime and terrorism.
Edward Snowden, for his part, continues to lament the level of access the US government still has. At a ecret meeting at this year’s South by Southwest festival he urged tech companies to foil surveillance efforts through the development of better privacy tools.
But Rogers firmly believes that his proposal for a ‘front door’ is both sound and justified, allowing for access as and when required, while keeping data safe from would-be hackers and other forms of attack.
Of course, his view is not universally shared – Donna Dodson, chief cybersecurity adviser at the Commerce Department’s National Institute of Standards and Technologies pointed out that a master key still presents a risk, even if it is broken into parts held by different parties:
The basic question is, is it possible to design a completely secure system? There’s no way to do this where you don’t have unintentional vulnerabilities.
Privacy advocates and industry officials alike are not convinced by Rogers’ proposal either. Marc Zwillinger, a former Justice Department official now working as an attorney for tech companies on encryption-related matters, told the Post that law enforcement should not have the undeniable right to access every means of communication between two parties. He added:
I don’t think our Founding Fathers would think so, either.
The fact that the Constitution offers a process for obtaining a search warrant where there is probable cause is not support for the notion that it should be illegal to make an unbreakable lock. These are two distinct concepts.