You may have heard recently that William Baar, the US Attorney General, believes that strong encryption on devices is creating a security risk. This is a debate that’s been raging for years in the security industry. The government doesn’t like that messages and communications are being encrypted end-to-end by providers. That form of encryption reduces their ability to examine said communications and, if the information is related to a crime, stop it from happening or use it in the prosecution of the offender.
The government wants a back door into these end-to-end systems. They want a key to unlock any encrypted communication from any provider. The privacy experts on the other side of the debate are screaming that any kind of encryption backdoor would be eventually exploitable and render the point of the encryption moot. These experts usually point out such issues as the Shadow Brokers leaking NSA hacking tools as a prime example of why they shouldn’t exist in the first place. The privacy advocates don’t believe that anyone could keep a backdoor key safe.
Bruce Schneier has a great article about this debate and how it’s not goin got be a simple answer. I had a chance during Black Hat 2019 to sit down with the Joel Fallenstrom, CEO of Wickr, an end-to-end encrypted instant messaging and communications platform. I think of it as something like Slack if Slack were built from the ground up to be secure.
Joel and I talked a lot about the privacy debate. Joel said that this ongoing discussion was really more of a shouting match where the two sides don’t want to come to any sort of agreement because they can’t compromise. The privacy experts don’t think there is a solution that includes a backdoor and the government won’t accept a solution that doesn’t include one.
Joel told me that the debate over a backdoor into the encryption protocol is really DOA at this point because no one will accept it. Instead, they need something more akin to a front door solution which has multiple parts and requires privacy and documentation to use. Instead of allowing the NSA or FBI to spy on all encrypted iMessages, for example, the front door would require a warrant with a specific target or a specific conversation. The proponents of this solution say that it’s more likely that it will minimize intrusion overall and still allow law enforcement to do their jobs.
Leading The Charge
So how can we frame this debate in a way that’s constructive to both sides while still allowing them to get something they want? Joel says that we need to take leadership of this issue in the US to ensure that someone else isn’t dictating the terms of the engagement to us. Right now, China is trying their best to be the leader in how we handle things like encryption. It’s fine that they have their policies inside their borders but what happens when that policy comes to the US? We’re already seeing that with more and more chat apps being debuted in China first with Chinese encryption policies.
Joel says we really to have a leader set the precedent from the edge of the debate to force the middle to one side or the other. We have a lot of new technologies that we need to make sure to incorporate with things like zero trust models and the coming rise of super-fast 5G networks. And even how low the margins are going to be on those networks and who will want to own that entire supply chain you can see how delicately the whole situation will need to be handled.
Wickr isn’t just sitting still until the consensus is reached. They’re forging ahead with their Wickr Pro and Wickr Enterprise products to get people on-board with using “secure by default”. That means that instead of opening the platform up and milking it dry for user analytics, as someone like Slack does, before locking it down after the fact, you do the opposite. By having a platform that is secure in the first place you can speak from a position of strength when negotiating how things like encryption front doors will be implemented. That means you can take a leadership role in a lot of different policy discussions and help find an outcome that works for everyone.
Bringing It All Together
The encryption door debate is not going to stop in the foreseeable future. You will always have privacy advocates arguing one side and information gatherers arguing the other side. Where the real movement will come from is in the middle with people like Joel Fallenstrom arguing for their perspective thanks to extensive expertise on the subject. Running a company like Wickr gives the kind of perspective needed to come to a compromise that makes both user advocates and law enforcement happy.