May 1, 2018

How to break the encryption deadlock

Illustration: Rebecca Zisser/Axios

The two sides of the encryption debate are so dug in that it's become hard to publicly discuss a compromise.

The issue: Law enforcement groups insist they need access to encrypted data lest criminals go free; security experts posit that providing such access invites global security disasters and mass hacking. No one wants to to suggest to peers that maybe some criminals should go free — or that some amount of security disasters would be A-OK.

But behind closed doors, a few government and big-tech insiders will talk about what a compromise would take — so long as their names aren't attached. Here's what they say:

Why would tech give up the hard line? Australia is on the verge of enacting an encryption law that mandates law-enforcement access to encrypted messages, and U.S. lawmakers seeking similar measures here are likely to point to it as a precedent. So, while most in the tech community still see any encryption compromise as a disaster, a few feel that it's a smaller disaster than what lawmakers might come up with on their own.

To compromise, be honest about risk: Supporters of backdoors often try to frame the debate as security versus civil liberties, rather than address the inevitable security problems backdoors will create. No compromise will emerge until lawmakers acknowledge and accept the real security dangers they are asking for.

  • There is no new technology coming to solve the problem: Law enforcement often maintains that tech firms can solve any problem by inventing new technology. But the complexity of computer code makes completely secure systems to allow extraordinary access unlikely, and creating backdoor keys at scale means creating systems that are particularly susceptible to abuse.
  • Limiting risk means limiting the use of the system: With thousands of police jurisdictions in the U.S., companies will constantly be retrieving credentials for phones. But the more frequently a system gets used, the harder it is to secure.

Be honest about who the targets are: Though the encryption debate is often framed in terms of national security, groups like ISIS will be among the least successful targets.

  • One ex-government source said, "Terrorism is the wrong argument. ISIS is well organized and smart —they will be able to get around any encryption ban. The people this will be really successful against are dumb, careless or spur-of-the-moment criminals that don't have a support network."
  • Another ex-intelligence source noted that allowing spies to use backdoors might cripple American tech firms by making their products harder to sell abroad, while providing little benefit. Intelligence already has broader capabilities than law enforcement. "We will need to say that the backdoors could not be used for intelligence," that source said.

Putting it all together:

  • Any compromise would have to be extremely narrow in scope — only applying to, say, data on a device involved in a specific crime.
  • The government may need to be prepared to repay users for the security meltdowns backdoors would cause. That may not be cheap. FedEx alone lost hundreds of millions of dollars in the NotPetya cyber attacks that used leaked U.S.-developed hacking tools — in a high-end approximation of the kind of havoc leaked security keys could cause.

Go deeper

Updated 37 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 9 a.m. ET: 5,840,369 — Total deaths: 361,066 — Total recoveries — 2,439,310Map.
  2. U.S.: Total confirmed cases as of 9 a.m. ET: 1,721,926 — Total deaths: 101,621 — Total recoveries: 399,991 — Total tested: 15,646,041Map.
  3. Public health: Hydroxychloroquine prescription fills exploded in March.
  4. Business: Many poor and minority families can't afford food or rent.
  5. 2020: Trump courts Asian American vote amid coronavirus — The RNC issued proposed safety guidelines for its planned convention in Charlotte.
  6. Vaccine: How the U.S. might distribute a coronavirus vaccine once we have one.
  7. What should I do? When you can be around others after contracting the coronavirus — Traveling, asthma, dishes, disinfectants and being contagiousMasks, lending books and self-isolatingExercise, laundry, what counts as soap — Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingHow to minimize your risk.
  8. Other resources: CDC on how to avoid the virus, what to do if you get it, the right mask to wear.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

In photos: Protests over George Floyd's death grip Minneapolis

The Third Police Precinct burns in Minneapolis on Thursday night. Photo: Stephen Maturen/Getty Images

Demonstrators demanding justice burned a Minneapolis police station and took control of the streets around it last night, heaving wood onto the flames, kicking down poles with surveillance cameras and torching surrounding stores.

What's happening: The crowd was protesting the death of George Floyd, an unarmed black man whose life was snuffed out Tuesday by a white Minneapolis police officer who kneeled on his neck for about eight minutes.

2 hours ago - Sports

European soccer's push to return

A Bundesliga match between Borussia Dortmund and Bayern Munchen in an empty stadium. Photo: Alexandre Simoes/Borussia Dortmund via Getty Images

European soccer made a splash Thursday, with two of its biggest leagues announcing official return-to-play dates in June.

Why it matters: Soccer is the world's most popular sport, so watching its return through the lens of various leagues, countries and cultures — all of which have been uniquely impacted by the coronavirus pandemic — is illuminating.