Tuesday, May 3, 2016

Final Project

Pedrhom Nafisi
ENC 1102
Dr. Taylor
Final Project
Hello (ISC)² Members and Staff,
Since you are a non-profit organization working to protect the everyday man’s digital security, I respect how much effort is put into maintaining security standards and certifying people in order to make sure they are qualifying cyber agents who can engineer a safer tomorrow for everyone; however, on your blogs and social media that broadcasts information to the public there is no talk about the subject of encryption and how it is potentially going to banned from being used in the United States. In my research I have found that encryption is one of the most important tools used in digital security and it allows a user to scramble information so that no other user can decipher it other than the one with the key to descramble the data, so if encryption is going to be banned then it is in your best interest for the people at (ISC)² to spread awareness among the members and to wide demographic of the public. Encryption was first a topic of issue with the recent court case Apple vs. FBI which is also dubbed as the “Encryption Debate”. The FBI wanted access to information on a locked iPhone that belonged to a criminal who murdered fourteen people in San Bernardino, California (Isaac). Apple was then asked to create a backdoor in their operating system that would allow the government to get access to the criminal’s data. There are numerous problems with this, the first one being that no one knew if the attacker’s phone would have any useful intelligence or not. It is correct that the man is a criminal and that trying to get any useful information out of his phone is a good thing, but attempting to access this information by forcing the manufacturer to change their entire product for everyone else so that the government can spy on anyone is too gigantic of a request for this case. There exists a commercially available tool called the IP-BOX that costs $350 and this tool allows a user to brute force past an iPhone’s lock screen between six seconds to seventeen hours (Brandom). All the FBI wants to do is to get access past the criminal’s phone lock screen without wiping the data and a tool exists to do just that. What this means is that there is no reason for the FBI to go out as far as banning an entire security practice as a result of one man’s action. An even bigger problem with what the FBI is trying to do is that creating a backdoor in the security system of all iPhones just so that the government can spy on data whenever they want is a huge breach of our rights. We are protected by law to have privacy from the government such as the fourth amendment and also the creation of a weakness in a security system could allow other criminals to take advantage of it and steal valuable data. There exists no such thing as a backdoor that can only be used by a certain person which in this case is the government, if the backdoor is hardcoded into the software then there is a definite possibility that a hacker can data mine how to exploit the backdoor and use it for himself.
There is also a new bill proposed called the Compliance with Court Orders Act of 2016 also known as the Feinstein-Burr proposal which will effectively ban all end-to-end encryption (Cohn). End-to-end encryption is used in a lot of programs that allows a secure flow of packets to be transferred between two access points. These packets exchanged can only be deciphered by one of the two access points and not even the creator of the software would be able to access the information being sent (Goodnight). The significance of this is that it is used in many programs that include applications such as WhatsApp and Snapchat which are both applications used by millions of people daily. The proposed bill if passed will allow the government to force any device manufacturer, internet service provider, software developer, and any other technology producing organizations to decrypt any data encrypted under their services. Under this bill, all companies must create software that allows their security programs to be breakable whenever the government wants to. This is a cataclysmic shift in digital security if the Feinstein-Burr proposal is passed by the government as all legal security software must now have a method in which it can be compromised. Although this ability to decrypt any encrypted data is supposed to be designed for the government, it would be absolutely possible for criminals and terrorists to gain access to this encryption breaking ability and potentially steal information from anyone and everyone using that piece of technology. America is about to become a lot less safe if no action is done to prevent it so I am turning to you (ISC)² to help spread awareness about what is happening to encryption and to convince people to contact their political representatives in order to persuade them to reject the Feinstein-Burr proposal.
Who is affected and why does it matter?
            Encryption is implemented into every phone, every computer, and almost any electronic device that collects data from the consumer. Most people do not even know what encryption is and how it protects them from criminals even though they use it on an everyday basis. This is a fair statement to presume because people could go their whole lives not knowing what encryption is and still take advantage of it by logging into their Facebook account. People want to be as safe as possible, but do not necessarily care to understand how they are safe, as long as everything is the way they want it. The problem is that encryption is not like a physical lock in which you can see on your door when it is doing its job, if encryption was banned then all software programs would still operate the same with using the same interfaces and coding. Imagine if the government was to ban the ability to lock your door so that the police can come inside whenever they want to make sure that you are not a terrorist. A large majority of people would not be okay with that scenario and this is very similar to what is happening in the digital world but no one is realizing it. The average person would not be able to tell if a software includes encrypted security or not unless the person is tech savvy or if they knew the features of the software that was created. The only thing that changes by removing encryption is the accessibility of the information on the phone and in this case knowledgeable criminals can take advantage of the situation of encryption being banned since information inputted onto anyone’s phone is vulnerable. Gaining the ability to spy on anyone’s information whenever the government wants at the cost of every individual’s security being lowered is not reasonable at all but since the case is going under the radar, most people do not understand what is going on. That is why I need all the help I can get in order to educate the people on security in order to protect digital security.
Large organizations such as Google, Samsung, Facebook, and all other technology based companies care immensely about this issue since they all use encryption in their products (Grothaus). There are multiple reasons why these companies do not want encryption banned, which first includes the idea that the government is throttling their ability to create top of the line products on purpose. Encryption does not create any direct harm or threat to the government in the first place, so the government is exercising too much power upon businesses with the Feinstein-Burr proposal. In addition, if the proposal passes then hardware producing companies will have to make special phones that fit within the government’s criteria to be ported to the United States. The problem with this is that these phones are specially designed to be less safe to use just because of the government’s will and the phone will not protect their consumers to the maximum ability in which they could protect them. Another point to be made is that if a criminal wanted to hide their data, since they are already breaking laws they would likely use any method possible to protect it. A criminal could simply use a phone from another country and attach a SIM card that works with American cellular towers. Encryption will still be legal everywhere except for America and this will cause us to take a colossal step backwards in technological advancements in regards to national digital security compared to the rest of the world.
How can a difference be made?
Currently, there is no direct method or one answer to protect the ability to use encryption forever. The Apple vs. FBI court case for example cannot be influenced by anyone other than the court itself who makes the final decision and powerful organizations that side with either Apple or the FBI. The outcome of the court case can potentially create a streak of laws in which the government gains exponentially more and more access to the common man’s information or stop it right in its tracks until the government finds a more constitutional way to gain more power. The good news is technology companies such as Google and Samsung took Apple’s side which shows that these type of companies are aware of the encryption debate and are making actions to protect the ability to use encryption for everyone. Surprisingly, the NSA which is a government organization like the FBI supported Apple in the court case because they also agree with the fact that creating a backdoor and forcing a company to create a flaw in their security software for government access is unconstitutional. The NSA is famous for being exposed for spying on people and being guilty for violating American’s human rights and freedom of information. The fact that they are supporting Apple shows the dissidence between government organizations and that not everyone in the government agrees that they themselves deserve more power. The court case looks good for Apple, but this is only one aspect of encryption’s current status of being in legal jeopardy.
Even though we the people cannot directly affect the outcome of that court case, what we do know is that the biggest stakeholders of encryption such as technology companies are not just sitting aimlessly without doing anything. We, the people who care about digital security and want encryption to stay legal, must find any way possible to prevent encryption from weakening. What can be helped changed by the majority of the population is the Feinstein-Burr proposal. It is crucial that this proposal goes viral in social media and for people’s awareness of the bill to be maximized in order to get people to support the cause of protecting encryption. To help teach individuals who are uninformed, I request that the (ISC)² considers the promotion of knowledge about encryption on their website, blog posts, and social media in order to spread the word as far as possible. This could at least be a start to creating more publicity about the encryption debate and the Feinstein-Burr proposal since the biggest problem with why only a small percent of the population has done anything about encryption is due to the lack of information. The (ISC)² could also communicate with fellow non-profit organizations that also advocate human rights and security in order to promote a safer digital world for all people since encryption is relevant to every single person living in the digital age. When explained in detail why encryption protects our rights legally, all non-profit organizations that supports human rights will join us and spread the word as well. The (ISC)² is large, but the scale of our demographic is the entire population of the United States so we are going to need all the help we can get in order to spread awareness of the encryption ban. Also it is a fair assumption that the demographic that reads the (ISC)² blog posts and social media are people likely to already know about the encryption debate and the Feinstein-Burr proposal. It is for these reasons that branching out in any way possible is vital in promoting encryption.
Final Words
            As a mere computer engineering college student, I want to do anything I can in order to create a smarter safer future in the digital world that is upon us. As I began to educate myself continuously about encryption and its uses, the more frustrated I became knowing that the government is trying to weaken it. It made me realize that this is an incredibly larger deal than most people make it out to be. The world is evolving so fast that most people have trouble keeping up, and in today’s world encryption is integrated into almost everything that is digital. Cryptography has been used in societies for thousands years, and the moment it is at its peak of usefulness is when the government decides that it should not be used and this is a large driving force that encourages me to be passionate about this issue. I hope the members of (ISC)² understand my point of view and take action in accordance to my plan as it will help maintain the digital world we have today.
Thank You,
Pedrhom Nafisi
pedrhomnafisi@yahoo.com
904-446-0635









Citations
Brandom, Russell. "Why the NSA Is Staying out of Apple's Fight with the FBI." The Verge. Vox Media, 09 Mar. 2016. Web. 11 Mar. 2016.
Grothaus, Michael. "Apple vs FBI: Encryption, IPhones & Terrorism." Know Your Mobile. Dennis Publishing, 10 Mar. 2016. Web. 11 Mar. 2016.
Isaac, Mike. "Explaining Apple’s Fight with the F.B.I." The New York Times. The New York Times, 17 Feb. 2016. Web. 21 Feb. 2016.
Cohn, Cindy. "The Burr-Feinstein Proposal Is Simply Anti-Security." Electronic Frontier Foundation. N.p., 08 Apr. 2016. Web. 10 May 2016.
Goodnight, Eric Z. "What is Encryption, and Why Are People Afraid of It?" 30 November 2015.  Web. 14 February 2016.




Posted by at No comments:

Monday, May 2, 2016

Stakeholder/Genre Analysis

Pedrhom Nafisi
Dr. Taylor
ENC 1102
Stakeholder Analysis
            The encryption debate involving the Federal Bureau of Investigation (FBI) and Apple is a huge ongoing issue that can potentially affect every single person in America that uses the internet and stores data on huge public server computers such as “the Cloud”. This debate also includes the current discussion involving the legality of encryption and whether or not big technology companies should be allowed to use it as a security measure. Encryption is used everywhere, from mobile application based text messaging such as Snapchat and iMessage, to banks that encrypt user data to protect their information and money from cyber attackers. If encryption was to end up becoming outlawed, new security measures would have to be instantly created by all technology using companies since protecting their consumer’s privacy and data is crucial. Since the issue is on a national to almost global scale everyone is impacted by the results of the debate and the scary part is that not many people can make a difference on this matter since it is conflict between big organizations. Currently there is a bill that is only a draft at the moment called the Compliance with Court Orders Act of 2016. This bill directly attacks end-to-end encryption as it requires people to comply with any court order that asks for data, and if the seized data is unintelligible, then legislation can demand for it to become intelligible. Also there is an increasing amount of discourse occurring on the topic of encryption between government officials and big electronic companies beyond just the Apple vs. FBI case. The United Kingdom has actually created a ban proposal that would remove end-to-end encryption from being used.  Due to the expansion of encryption as an issue, it would not be surprising to see an official ban proposal to be created in the near future. These factors result in the biggest stakeholders of this issue to be law enforcement agencies, immense technology producing companies, and all government officials that could possibly effect the legality of encryption.
            Federal law enforcement agencies play the largest role in the entire encryption debate and are the biggest stakeholder group because they are the ones that labeled encryption as an issue in the first place. Their justification is that encryption allows terrorists and criminals to communicate without the possibility of law enforcement of discovering what is being said. What law enforcement does not understand however is how crucial the concept of encryption is in today’s society. There is no better digital security than encryption and even law enforcement agencies use encryption themselves to keep their money and profiles safe. Just because it has the potential to be used maliciously does not mean it should be banned when there is no better alternative. In the Apple vs. FBI court case, the FBI wants to force Apple to create an updated operating system for iPhones that allows law enforcement agencies to have access to a backdoor in order to retrieve information from any iPhone. My research has shown that if this backdoor was to be implemented, it is extremely possible for a criminal to discover how to use the backdoor for themselves. If this happens then every iPhone user will have their information compromised and so cyber-attacks could occur to every single person that is a consumer of Apple products. I understand that law enforcement agencies want to protect citizens from people that want to cause harm to others, but banning encryption is definitely not the correct path towards a safer future for all. If federal law enforcement agencies other than the FBI understand my findings and realize that creating a backdoor creates more safety issues than it solves, they could support Apple in the Apple vs. FBI case which would allow encryption to be one step closer to being deemed as an important security measure that is required for everyone.
            Another stakeholder in regards to encryption is the opposing side to the law enforcement agencies, which are technology companies that create hardware and software that incorporates encryption. Any company that creates or uses electronic devices that record consumer information such as Microsoft, Samsung, Amazon and any other big name brand want to insure the customer that their product keeps their data as safe as possible from threats. If encryption is banned or they are forced to create backdoors in their security software, then a lot of negative consequences would occur. Firstly these companies would have to make their products specifically designed to fit the United States government’s desires, while keeping full encryption on phones sold to anywhere else in the world. This would cause America’s internet security to be the lowest in the world and would force companies to make alternate inferior version of their existing products. If a criminal wanted to secure data behind the government’s eyes, they would simply use a phone from a different country since it does not matter to them that they are breaking the law. With the all information I have gathered that proves encryption is required in today’s society, electronic companies can use this information to support Apple in the encryption debate and talk with government officials to promote the idea that encryption must stay as long as there is no better security option. If technology companies do not stand up to the government, then they will suffer the same fate as Apple and would be forced to create inferior products just so the government has the potential to spy on people. The companies would have to spend tons of money engineering an inferior product that is secure but not too secure for the government. No company wants to waste money doing that and so as a very important stakeholder, they must use this research to prove to the government that reducing the power of encryption is not viable.
            Lastly, the most influential stakeholder of the encryption debate are the government officials and court justices who have the final say in whether or not encryption should be weakened as a security measure. They are stakeholders because the government officials are supposed to represent the people of America and make decisions for the greater good. Encryption affects every single American in this era, and government officials want what is best for the country on any issue. For this reason government officials have a huge interest in regards to the security of the people they represent. They must fully understand what the positive and negative consequences their decision will make on America, and my research has shown that weakening encryption is an overall negative consequence. It is correct that having access to more information as the government can potentially prevent criminal and terrorist activity before it happens, but it is not worth it at the cost of jeopardizing every single American’s privacy and information. With my research, government officials can create a fair and balanced stance on the discussion and issue their opinions based on correct facts that show encryption has more benefits than drawbacks.
            If I was able to reach the impactful minds that make up law enforcement agencies, technology companies, and government officials then I will be triumphant in convincing them that action must be taken in order to preserve the power of encryption. As a simple citizen, I currently do not have any power to directly make a difference in the encryption debate as that all depends on the support Apple gets and what the government decides is the correct decision. If I was able to inform these stakeholders how impactful their actions will be in regards to digital security, then I would be successful in protecting encryption with all the information I have gathered. People are only afraid of encryption because they are ignorant of all the positives it has, and blaming it as a primary reason for why the government cannot crack down on criminals is false.

Genre Analysis
How to Open the Ears of the Stakeholders
            There are thousands of technology companies around the world that sell electronic products to millions of consumers on a global scale. On top of that, government officials are also paying attention to every other issue that is currently present in the United States and law enforcement agencies are constantly busy trying to crack down on criminals and find intelligence that will bring America to a safer place. With all these stakeholders being such large organizations that impact many different topics, how am I able to shed light on such a specific topic as encryption? If is obvious that I simply cannot just send an e-mail to Samsung and hope that they suddenly take action against the ongoing encryption debate. What I need to do, is find smaller organizations that fight for the same cause as I am. Although there is not a specific group that wants to protect encryption, there definitely are a ton of organizations that fight for internet privacy and since encryption falls under that category they definitely would help advocate a safer digital world.
The Organizations That Would Support Encryption
            Encryption being targeted as a reason for why criminals and terrorists can thrive is only a very recent ideology that is held mostly by those ignorant to all the things encryption does. This primarily includes the older generation that has the most power while simultaneously knows the least about how internet security works. Encryption is being labeled as something it is not, and so I must get the word out with the information I have gathered proving that encryption needs to stay. The encryption debate is not going to last forever and if the FBI succeeds in forcing Apple to create a backdoor in their software, then we the people must stop encryption from being weakened any further. Luckily, there are organizations out there that share the same view as me and have the power to put out information for the public and all the big stakeholders that I listed. One of these organizations includes the Electronic Privacy Information Center (EPIC), founded in 1994 this non-profit organization is a public research center in Washington D.C. that focuses on getting the public’s attention on emerging privacy and civil liberties issues in regard to the information age.
            My objective is to influence government officials who have the final say in the law as they are the stakeholder with the most power in protecting encryption. The encryption debate includes law enforcement agencies and giant technology companies, so they already have turned their heads to this issue and have asserted their stance on one side or the other. Since the encryption debate is a court case the public does not have too much direct power in influencing the final result of whether a backdoor is created or not; however, to prevent any further harm to encryption and digital security we the people must let government officials know our stance on this issue. Influencing political powers is something that is achieved in numbers and so using organizations such as EPIC to spread the word of how important encryption is can cause a flurry of people to contact their senators and political representatives. This action is to make sure that if any proposal comes up that targets encryption that the people with political power understand what the majority’s stance is on the issue.
            On top of contacting and collaborating with EPIC, I can contact the International Information System Security Certification Consortium (ISC)² which is the largest not-for-profit organization that addresses cyber security. Upon looking at their blogs and social media feed, this organization has not been talking about the encryption debate at all. This organization focuses more on certifying individuals as cyber agents, but they also have blogs and articles that talks about the current state of cyber security. If I can emphasize the importance of the encryption debate and the draft of the Compliance with Court Orders Act of 2016 with this organization, then they could help spread the word.
How to Contact the Organizations
            Since EPIC is an organization that resides in Washington D.C., I cannot simply just go to their main office and request a meeting to emphasize the importance of spreading the news and knowledge about encryption. What I can do however is contact them through their website. They have a “Contact EPIC” section on their website and from there I can try in get in touch with any representative of EPIC. Once I am able to reach contact with EPIC, I will present a list of facts on why the encryption issue must be stressed more and be publicized as much as possible. This includes all of the negative impacts that creating a backdoor in encryption creates and then talk about the draft of the Compliance with Court Orders Act of 2016 since these are both issues that are currently going on and with no action will go under the radar of most citizens. I would hope that my actions would make EPIC create more articles regarding the encryption issues because upon looking at their top stories, the encryption debate and the newly created bill draft isn’t stressed enough. On top of that I would hope EPIC would broadcast how critical the encryption situation is on social media websites such as Twitter and Facebook to raise more awareness to the public eye where people could share the news with their peers and spread the news. EPIC also could stress the fact to contact their senators and representatives to vote against the Compliance with Court Orders Act of 2016.
            In regards to (ISC)², their organization is a little different as they are a team of certified cyber agents that work for companies all over the world. Similar to EPIC, they have a contact information page with phone numbers and multiple email addresses. By contacting them through these means, I could fully stress the point on how crucial it is to act now to save encryption as we know it. From there, (ISC)² can spread the information about the debate and the bill to all of their members. Since the members of (ISC)² are part of big technology organizations around the world, this ties in another major stakeholder of the encryption debate along with spreading the word about contacting their politicians.
What Am I Presenting
I think the best way to present myself to these organizations and express the urgency of protecting encryption is by making a list of consequences that creating a backdoor or banning end-to-end encryption creates. This is because the cold hard facts is what makes this whole situation dire. Every single citizen is in this information age is affected by encryption, regardless of whether or not a person knows how impactful encryption truly is. This fact alone is very scary and the people have the right to know and understand what is happening within the digital security world. This list could also briefly in the beginning explain what encryption is and how it is affecting every person that uses the internet. A good analogy I could use to help summarize what is happening to those who cannot grasp the concept of encryption is that it is similar to the government banning the ability to lock your door so that the police can come inside whenever they want to make sure you’re are not a terrorist. Such a world is obviously not safer but that is exactly what is happening if encryption is banned. The list would help educate those who do not know what encryption, while inform those who know what it is on why we the people need to act now and fight the Compliance with Court Orders Act of 2016.
The Goal and Beyond
            The target of all of my efforts is government officials and any individual that is a senator or part of the House of Representatives. I alone cannot change the fate of encryption and inform the uninformed on how the United States is likely about to become a whole lot less secure. With the help of EPIC and (ISC)² I can spread the word of encryption to as many people as possible and tell them that if they care about their safety, they need to contact their politician that can vote to repeal the Compliance with Court Orders Act of 2016 and put an end to blaming encryption for the evil deeds of criminals and terrorists. These organizations can also spread the word themselves to other organizations with a similar stance on this issue and hopefully from there is an exponential growth in the amount of people understanding what encryption is and how the United States will change if it is banned.
Posted by at No comments:

Annotated Bibliography

Pedrhom Nafisi
ENC 1102
Dr. Taylor
Annotated Bibliography
Encryption is Innocent and Should Not Plead Guilty for Terrorism
Goodnight, Eric Z. "What is Encryption, and Why Are People Afraid of It?" 30 November 2015. Web. 14 February 2016.
            This source written by Eric Z Goodnight was one of the most well rounded sources I found as it has a variety of information pertaining to what encryption actually is and why encryption is suddenly a relevant topic in regards to terrorism and politics. It explains initially that encryption works by taking data and scrambling it into gibberish. From there, to decrypt it back into data you use a method called ciphering which involves the usage of a key that shows what the original data was encrypted into character by character. This information concisely summarizes encryption and holds relevancy to explain encryption in very brief detail before expressing my topic and stance. Another important piece of information from this article is its details on ISIL. Explaining how ISIL uses popular mobile messaging applications such as WhatsApp, which encrypts all data sent, creates the bridge between terrorism and encryption. Goodnight furthermore describes how the government has approached immense electronic companies such as Apple and Google, asking them to create a secret backdoor decryption method. The problem with this is explained concisely by Apple CEO Tim Cook in which he says “You can’t have a backdoor that’s only for the good guys.” This heavily supports my argument that acting against encryption will not do anything as trying to break holes in our security will only allow enemies to exploit that hole.

Brandom, Russell. "The Five Big Lies of the Encryption Debate." The Verge. Vox Media, 12 Jan. 2016. Web. 17 Feb. 2016
            Brandom Russell in this source makes a list of five concrete points that supports the idea that banning encryption will not help prevent terrorism or any other related actions, all of which supports my argument. His first point is that the government is saying that criminals have “gone dark” or in other words are able to communicate behind the court’s back. The problem with this is that terrorism is no harder to track than it was fifteen years ago as trying to track down a private file or get access to a phone call transcript is just as difficult and unethical as asking for encrypted data to be decrypted. Just because the information is secure in another fashion does not make it more acceptable for the government to want access to our data and this fact supports the idea that the court should not even be trying to go after encrypted data in the first place. Russell’s second point is that the government is already trying to talk with tech companies in order for them to get the information they want. The government words their side of the argument in a way to give the false idea that their access to information is either all or nothing; however, it is a fact that in this digital age access to information has been at its peak and the right court order can allow police to go through a person’s Gmail or iCloud account. Power is something the government already has a lot of in regards to our personal information and so banning encryption will not change anything for the good of the common man. The last three points he makes all point to the same idea that the government banning encryption will favor the government more on the topic of having the power to see anyone’s chat logs rather than prevent terrorism. Russell fully lays down the facts and uses it to promote an idea that banning encryption will not prevent terrorism like the government says it will and this supports my argument completely while keeping relevancy.

Brown, Aaron. "WhatsApp BAN: Cameron's EU Referendum will Decide Fate of Encrypted Messaging App." Sunday Express. 15 July 2015. Web. 14 February 2016.
            The United Kingdom’s Prime Minister David Cameron has created a proposal that will ban encrypted messaging applications from being used. Brown explains that Cameron is taking this action as encrypted messaging apps create “a guaranteed safe space for terrorists, criminals and pedophiles to operate beyond the reach of law.” This is extremely relevant to my topic as there is much evidence from my other sources that encryption does not make data any more inaccessible than it was a decade ago. I can use this information to create an argument that this guaranteed safe spot is no safer than chatting over the phone ten years ago as it is just as illegal to listen in on phone conversations as it is to track conversations through text messages. Brown also explains how this encryption ban ties in to a previous issue called the Snoopers’ Charter which is a proposed bill that would allow the United Kingdom to force internet service providers to track all data from their consumer’s activities. This includes everything from internet browsing activity, email, phone messaging services, and all other activities that require an internet connection. What Brown shows with this is that the United Kingdom has created plans in the past to track the common man’s information before. This information can be used to help bring up the argument that the United Kingdom’s government has tried to gain the ability to access all data before, and with the current trend of how they have created bill after bill with the same goal in mind shows that even if the proposed ban on encryption fails to pass, there will be a new issue that will once again cause the government to try to track all data once again.

Zou, Cliff. "Research On The Encryption Debate." E-mail interview. 15 Mar. 2016.
Cliff Zou is a UCF staff member in the Department of Computer Science with a Master’s Degree in Digital Forensics and a Ph.D. in Electrical & Computer Engineering. I got in touch and interviewed him via e-mail and asked him three simple questions in regards to the encryption debate in order to get the opinion of a local expert. My first question was “Do you think encryption should be what the government is targeting in regards to reducing terrorist activity?” Zou responded by saying that targeting terrorism is only one subject area that the government can focus on by going after encryption. He also says that many criminal cases will be affected by this as the current encryption debate revolving around Apple and the FBI is due to a criminal case, not one regarding terrorism. This information helps broaden my scope of what banning encryption potentially effects. After that, my second question was “Should the government try to make companies create a backdoor in their security software so that the government can access information that could be potentially dangerous? What would creating a backdoor possibly cause in regards to the common man's privacy?” Zou answers that the government should definitely not force companies to create backdoors in their software. He further explains that a backdoor that is created for the government can be found and exploited by hackers to commit cyber-attacks. This would cause not only for Apple’s products to be less safe, but less sales for them since consumers will move to a different device in which its security against cyber-attacks is more superior. This information is useful in regards to providing more negative consequences that weakening encryption creates as Apple will suffer as a company. Lastly, I asked “David Cameron, British Prime Minister, has created a proposal that will ban online messaging applications such as iMessage and Snapchat that uses encryption to protect the user's privacy. Will this help prevent issues in regards to terrorism or will it create more problems than it stops?” To which Zou replied that even if the ban goes through, technology is constantly advancing and new ways of security to hide from the eyes of the government can be created. An example he creates is the use of end-to-end encryption through the use of a Virtual Private Network (VPN) which does not rely on the encryption methods of iMessage or any other application based encryption. This information is very important in helping me create the idea that the ban is futile in the first place since people will find ways to work around it.

Isaac, Mike. "Explaining Apple’s Fight with the F.B.I." The New York Times. The New York Times, 17 Feb. 2016. Web. 21 Feb. 2016.
            Isaac in this article summarizes what is currently going on between the company Apple and the FBI. A federal court ordered Apple to assist the FBI in unlocking an iPhone of an attacker who murdered fourteen people San Bernardino, California in December 2015. The FBI wants to use brute force in order to gain access to the attacker’s data, but the iPhone has a security measure in which its data is deleted after ten failed password attempts. I can use this information in my essay to refer to an actual court case that is occurring between two big groups. According to Isaac, the issue with what the FBI is asking is that to bypass the password lock Apple would have to create a new version of the iPhone’s iOS software with specific instructions that allows the FBI to get infinite attempts. This new version along with the software could potentially unlock any iPhone in someone’s possession and for such a powerful program to exist is potentially dangerous if gotten into the wrong hands. This is very important because with the FBI having access to such a program could allow them to possibly break the fourth amendment without the knowledge of the people. The NSA has done something similar in the past with them spying on people’s information so it is not hard to think that the FBI would not do the same. this information to further push the point that creating a backdoor like this can be used against us and so it should not exist. The same engineers that created the encryption programs on the iOS software should not have to create their own countermeasures against the defenses they made is a quote Isaac used which sums up his opinions on the debate very well.

Grothaus, Michael. "Apple vs FBI: Encryption, IPhones & Terrorism." Know Your Mobile. Dennis Publishing, 10 Mar. 2016. Web. 11 Mar. 2016.
Grothaus begins his article by explaining the current fight going on between the FBI and Apple over encryption. He adds on that giant technology companies such as Facebook and Google are fully supporting Apple. This is important as it shows that other tech companies do not want to be forced into the creation of a backdoor in their products either. If the FBI wins the case over Apple, then it is very plausible that the FBI could go after other companies as well to complete their mission of creating backdoors in all products in order for them to have access to all consumer information. Grothaus continues by saying that the FBI could possibly continue to increase the amount of spying they do if they win the case. He uses a quote from a news article called The Guardian that says “If the FBI wins in its case against Apple to help it unlock the San Bernardino killer’s iPhone 5C, it won’t be long before the government forces Apple to turn on users’ iPhone cameras and microphones to spy on them.” This is a very scary idea to think about, knowing that at any moment the government could be looking through your camera at your personal space. This helps support the idea that the FBI should not gain more power than it already has because if encryption is meaningless, then the FBI constantly try to get access to more data. Grothaus uses reasoning to infer how this case potentially effects the whole world. He makes a very important point that this backdoor will allow the United States to access all iPhones, regardless of the phone’s location. This means the United States would be able to spy on anyone all over the world. This is a huge and crucial point as now the people that are effected is every person around the world with an iPhone and other countries would not want that in the slightest. What they would want, is also access to the backdoor software and the amount of people that have the potential to spy on your data would exponentially increase and this is a huge hole in everyone with an iPhone’s security.

Brandom, Russell. "Why the NSA Is Staying out of Apple's Fight with the FBI." The Verge. Vox Media, 09 Mar. 2016. Web. 11 Mar. 2016.
            Brandom asks and answers an important question in this article which is why the NSA has remained silent in regards to the encryption debate between Apple and the FBI. What Brandom says is that the NSA has actually explained that many of their key officials have decided to side with Apple. This is both surprising and extremely relevant to my topic since the NSA is a government agency that would seem to want the backdoor to exist in iPhones since the NSA has been confirmed to have the ability to spy on people and their data. The reasoning of this according to Brandom is due to the differences between how the NSA and FBI investigates cases and infiltrates technology. The NSA tends to work in a covert fashion and they try to do all their work in the dark and that is the exact opposite with this case and the matter in which the FBI is handling this issue. I can implement this information in my essay to create a point that although the government wants to get more intelligence, it would be preferable in a matter that the masses do not know about so it is not made into a big deal like this case. Brandom then goes on to explaining that not much is known to exactly why the FBI is trying to force Apple to make such a drastic change to their encrypted software in order to get access to one phone. There is a commercially available tool called the IP-BOX that costs $350 and it allows a user to brute force past an iPhone’s lock screen between six seconds to seventeen hours. This information shows that it is very possible that the FBI is simply using this case in order to try and get as much power as they can. This means that the case is no longer about simply accessing an attacker’s phone but rather a direct attack on encryption which is both relevant and important to my topic of encryption being banned.

Greenberg, Andy. "Proposed State Bans on Phone Encryption Make Zero Sense." Wired.com. Conde Nast Digital, 27 Jan. 2016. Web. 9 Mar. 2016.
            Greenberg begins his article by explaining that never in history has a single state determined whether we could have secure encryption on our smartphones or not, but now it is happening. He describes how a California state legislator has proposed a bill that would ban the retail sale of any smartphone that features full-disk encryption. This is a security measure that was made to ensure that no one can decrypt and read your phone’s contents except the owner. The scary part is that New York has also proposed a similar bill for its state, and all of this information is useful since it means that multiple states are trying to pass this ban and if one is successfully able to do so, other states will also attempt the same thing. The bill is worded in a way that explains that its intentions is to give law enforcement the ability to access the phones of criminals and victims when their phones are seized as evidence. Greenberg also looks at the fact that even if an encryption ban was deemed a reasonable privacy sacrifice for the sake of law enforcement, it would at least make sense if it was on a national level but this bill is on a state level so all it would do is compromise the security of people’s data in that state alone. This is important information because I can make the point that this bill would not prevent terrorism and it could not help any issue that is on a national scale so all it would cause is an increase in cyber-attacks in that state. This bill is also problematic for all technology companies as they would have to make special smartphones for those specific states that fits into the states’ anti-encryption laws. Greenberg makes a very good point that if a criminal was smart enough to conduct to cyber-attacks, they would simply just use an iPhone from a state that is not from New York or California since the law does not matter to them. This is a very good point that I could use in my essay to support why a state wide ban would be highly illogical.

Cyril, Malkia. "Black Americans and Encryption: The Stakes Are Higher than Apple v FBI." The Guardian. Guardian News and Media, 21 Mar. 2016. Web. 21 Mar. 2016.
Cyril starts the article by making an interesting comparison between what is going on in the Apple vs FBI case and what happened with Martin Luther King Jr. Cyril explains that when the FBI labeled Martin Luther King Jr as a “dangerous” threat to America’s national security, they began tapping his phones. This was then followed by a long history of spying on black activists in the United States. What Cyril is getting at is that if the FBI can call something dangerous in order to justify their actions of spying on people, then the same could apply to encryption and the attacker’s phone in order to have the ability to spy on a national scale. This fact is an important detail that I could use to further push the idea that the Apple v. FBI case is more than just about getting into an individual’s phone but rather gaining the access to everyone’s information through a backdoor. Cyril furthermore argues that this fight between Apple and the FBI also effects the black community. According to Cyril the Department of Homeland Security has been monitoring the activities of famous black activists since the Ferguson uprisings, and if the encryption backdoor passes then the government could simply label the activists as dangerous and then go after them with ease. This information can be applied to the fact that the FBI will have the power to shut down the voices of people they simply do not like. This is a violation of democracy since we cannot have a healthy democracy without the voice of every individual.

Smith, Lindsey J. "Donald Trump on Apple Encryption Battle: 'Who Do They Think They Are?'" The Verge. Vox Media, 17 Feb. 2016. Web. 9 Mar. 2016.

            Smith in this article writes about what republican presidential candidate Donald Trump thinks in regards to the court case of Apple v. FBI. Donald Trump during an interview on Fox and Friends said "To think that Apple won't allow us to get into her cellphone? Who do they think they are?" This shows that he is a supporter of the FBI in the case and that he thinks the government should be able to bypass any encryption in order to get the intelligence they need. This is relevant because I can use this information to show who is for or against the banning of encryption. Trump adds on that if the backdoor was created to bypass Apple’s encryption, it would only be used once to "find out what happened [and] why it happened" and if there are "other people involved." The problem with this is that one man’s guarantee that it will only be used once is not enough to justify reducing the security levels of all Americans. Plus, it does not matter if the government only uses it once, its entire existence is creates the possibility for the software to fall into the wrong hands and create a cyber-catastrophe. This information is very relevant because it shows that encryption becoming banned will become much more likely if Donald Trump was put into office. Smith furthermore adds that Trump has stated before that he wants the ability to monitor the internet and to "take back the internet" from ISIS. Even though the internet technically belongs to everyone, misuse of it should be prevented however going after encryption is not the correct path. 
Posted by at No comments:

Research Project Proposal

Pedrhom Nafisi
ENC 1102
Dr. Taylor
Initial Research Proposal                                                   
Encryption: Why it is Needed and Why Politics Think Otherwise
            With the acts of terrorism that has occurred last year across the world such as the bombings of Paris and Lebanon, many national governments including the United States are trying to minimize terrorist communication by proposing an encryption ban. The government wants the ability to track discourse between potentially threatening individuals that converse over publicly used applications. A recent example of this includes a case in which an ISIL-associated terrorist group was allegedly using a popular mobile messaging application called WhatsApp along with encryption to talk in secret (Goodnight). As a reaction to this and other cases, the government has begun to take action against encryption and has tried to ban out the ability to use it with the justification that encryption is for hackers and terrorists. The problem is that banning encryption is not the correct path for the government to take as encryption is needed in everyday internet security for businesses that want to have secure data.
            My goal in researching the topic of encryption is to justify its legality and express how crucial it is for devices and programs to have the ability to encrypt data to protect an individual’s privacy. One article discusses that it is not harder for the FBI to track criminal activity compared to fifteen years ago, data was still hidden on private computers and unflagged phone calls could have a transcript not available to the government (Brandom). In today’s world more information is stored online and is equally as private as it was fifteen years ago and for the government to want to be entitled to data based on the fact that information is more accessible is unjustifiable.  I am also going to address the proposed ban on encryption that was created by British Prime Minister David Cameron who wants to ban out messaging services such as iMessage and Snapchat (Brown). This issue is being addressed by not only the government, but also by all cryptologists who are professionals when it comes to encryption. They also agree that the course of action of the government will not solve their problems and that removing encryption makes the world less secure. A source I want to use for this topic is a UCF staff member that is proficient in computer security and digital forensics. I can interview the expert to get more insight behind encryption and get their opinion about the topic of the government’s proposal on encryption. More sources I can use are online news articles that critique what the government is trying to do in regards to encryption and another source can be a document that describes what society would be like if encryption was banned.
            My research conducted so far has given me support that removing encryption will be more destructive than constructive in regards to security. Many individuals from bloggers to cryptology experts are bashing the government’s plan as they all have seen the faults that removing encryption can and will create. These articles show me that my stance on this issue is supportable and tenable.
           

Bibliography:

Brown, Aaron. "WhatsApp BAN: Cameron's EU Referendum will Decide Fate of Encrypted Messaging App." Sunday Express. 15 July 2015. Web. 14 Feburary 2016.
Goodnight, Eric Z. "What is Encryption, and Why Are People Afraid of It?" 30 November 2015. Web. 14 Feburary 2016.
Brandom, Russell. "The Five Big Lies of the Encryption Debate." The Verge. Vox Media, 12 Jan. 2016. Web. 17 Feb. 2016.
Posted by at No comments:
Subscribe to: Posts (Atom)