Reflare - Weekly Security Briefing 2015-51
The recent terrorist attacks in Paris and the US have led to several debates regarding cryptography, privacy, and government eavesdropping and backdoors. Post-Snowden, itâ€™s unlikely that any laws allowing government eavesdropping will pass, but other ominous efforts to encroach on public privacy is a concern â€“ especially cryptographic backdoors within popular social media such as Facebook.
For anyone who doesnâ€™t understand the significance of onsite backdoor access from the government, consider that anything you post whether threatening or just innocuous banter would be read by government officials freely and without any court order. New laws surrounding cryptographic backdoors give government agencies access to even secure communication, which makes any efforts to block eavesdropping useless.
Social media arenâ€™t the only companies fighting government access. Apple recently replied to a court order stating that it could not unlock iPhones running iOS 8 or higher. This came after the government demanded the company unlock an iPhone 5 seized during a drug case.
Even more concerning is the push towards banning encryption altogether. The push is backed by government officials who claim that allowing encrypted communication allows criminals and terrorists to communicate securely. These officials claim that they should be able to retrieve decrypted messages and photos. Consider youâ€™re making a banking transaction with encrypted communication. The government would be able to read this information regardless of security.
These new laws come after it was announced that terrorists used encrypted communication to avoid government detection. Unfortunately, the concept of catching terrorists using these techniques is flawed, because terrorists can add a layer of their own protection knowing that they are under surveillance.
While itâ€™s a heated debate â€“ especially among security professionals â€“ itâ€™s unlikely that encryption will be completely outlawed. Banking systems would need to be completely redesigned, security standards such as HIPAA and PCI would no longer be legal, and any security guidelines would be rendered obsolete.
As these debates continue, weâ€™ve seen an uptick in attacks on government networks. Itâ€™s not likely that a ban on encryption will succeed, but legalizing cryptographic backdoors remains a concern. With this type of access, privacy for consumers will take a huge hit. With the heated debate over security, government workers should be more cautious than usual.