Over the past few years, one of the most important advancements in computing has been the availability of high-quality encryption. As online companies, governments, and hackers continue to expand their attacks on personal computing devices, including desktops, laptops, tablets, and phones, the need to protect your data has never been more important. While companies like Microsoft offer more and more options to protect your data, including BitLocker in Windows 10 and OneDrive Personal Vault in the cloud, the perceived threat to governments gets stronger.
Over the past few years, we have seen countries like Australia try to outlaw strong encryption under the guise of national security. This week, a report from Politico suggests that the current US administration is considering asking Congress to pass legislation to require all encryption be breakable.
Of course, this makes the practice of encryption useless if it is able to be bypassed. Any time there is a backdoor into a security system, the backdoor leaks and the security system is breached. The fear or frustration over encryption, in terms of governmental involvement, has been heightened since the attack in San Bernardino in 2017. Law enforcement had an iPhone that they believed had useful information on it, but an officer had screwed up, permanently locking the device. They asked Apple to bypass the security, but Apple refused, citing device security. They made the same claim, that once a hack was built, it would leak.
In response to Apple's refusal to create a special version of iOS that would bypass the security on this device alone, the Department of Justice began petitioning for "responsible encryption," which is a term which means that the only responsibility the encryption platform has is to the government, not to their customer. The extension of this misleading and incredibly dangerous idea is where we pick up the thread this week. If the administration, in particular, the DOJ and FBI, get their way, then encryption would no longer hold the value that it was designed to hold. All encrypted data would be required to have a backdoor that would be guaranteed to leak, exposing all of your personal data to hackers. On the other side of the argument has been the Commerce and State Departments, which have always fought on behalf of the consumer.
Unfortunately, this information comes from leaks of a black box meeting, whose content was not intended for public consumption. That means that until someone pitches the idea formally, this is all just rumor. Hopefully, it will remain that way.