The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Weakened Encryption Solves Nothing



Christoper Wray, who was confirmed as the new FBI Director in August, said last week the concept of "Going Dark," compounded by new encrypted communications services and technologies, is still posing a challenge for the bureau.

Washington is a weird place. It’s a city full of transplants who are there for a few years—usually some multiple of two, depending on their boss’s success in reelection campaigns—and then move on to other jobs in other cities. That transience is a fact of life in every congressional office and federal agency and flows all the way up to the top of the government.

The constant churn in Washington has a number of effects, both good and bad. It serves to sweep out the room every few years and let the city start fresh. But it also means that as new leaders come into an agency, they may end up facing the same problems and challenges that their predecessors did and trying to solve them in the same ways that have failed before. This is the situation in which new FBI Director Christopher Wray finds himself as he confronts the issue of strong encryption and law enforcement efforts to go over, through, or around it.

The FBI has been talking about this challenge publicly for many years, since the dawn of the web, when strong crypto became freely available to the masses. But it didn’t become a major political issue until more recently, thanks to a confluence of events that made encrypted communications not only available but easy to use and, often, the default option for many people. One piece of the puzzle was the stream of stories based on the NSA documents that Edward Snowden stole several years ago. Many of the revelations in those documents concerned the methods that the agency uses to eavesdrop on electronic communications. This led to an increase in interest in encrypted communication apps, such as Signal, although Snowden’s effect on this is probably overstated.

The second and more significant piece is the move by both Apple and Google to introduce device-level encryption as the default option in their mobile operating systems. Those decisions made the data on those devices essentially inaccessible not only to attackers, but to law enforcement agencies, as well. Getting into a current iPhone running the most recent version of iOS and protected by a passcode is a very difficult task, and Wray, like his predecessor James Comey, is out here making sure lawmakers and the general public know that the FBI isn’t having a lot of success in this area.

“Unfortunately, there is a real and growing gap between law enforcement’s legal authority to access digital information and its technical ability to do so. The FBI refers to this growing challenge as ‘Going Dark,’ and it affects the spectrum of our work,” Wray said in testimony before the House Judiciary Committee last week.

“The exploitation of encrypted platforms also presents serious challenges to law enforcement’s ability to identify, investigate, and disrupt threats that range from counterterrorism to child exploitation, gangs, drug traffickers and white-collar crimes. In addition, we are seeing more and more cases where we believe significant evidence resides on a phone, a tablet, or a laptop—evidence that may be the difference between an offender being convicted or acquitted. If we cannot access this evidence, it will have ongoing, significant effects on our ability to identify, stop, and prosecute these offenders.”

Wray said his agency was unable to gain access to about 7,800 mobile devices in the last fiscal year, a little more than half of the devices the FBI tried to access. That’s a significant number of devices, and this is a very real problem for the FBI and other law enforcement agencies. The encryption now available to consumers--many of whom may not even know it’s on their phones--is strong enough to defeat the efforts of the best-resourced law enforcement organization in the world.

While the problem is valid, the solution that the FBI and some lawmakers consistently propose is not. The answer to advances in encryption can’t be to weaken that encryption. Inserting backdoors or using some ill-conceived key escrow scheme would make things worse, not better. Technology continues to advance and trying to roll back the clock to a time when data was stored in cardboard boxes and filing cabinets isn’t going to work.

The future always wins.

Dennis Fisher

WHITEPAPERS

Digital Guardian Technical Overview

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.