Pedrhom
Nafisi
ENC
1102
Dr.
Taylor
Final
Project
Hello
(ISC)² Members and Staff,
Since you are a non-profit organization working to
protect the everyday man’s digital security, I respect how much effort is put
into maintaining security standards and certifying people in order to make sure
they are qualifying cyber agents who can engineer a safer tomorrow for
everyone; however, on your blogs and social media that broadcasts information
to the public there is no talk about the subject of encryption and how it is
potentially going to banned from being used in the United States. In my
research I have found that encryption is one of the most important tools used
in digital security and it allows a user to scramble information so that no
other user can decipher it other than the one with the key to descramble the
data, so if encryption is going to be banned then it is in your best interest
for the people at (ISC)² to spread awareness among the members and to wide
demographic of the public. Encryption was first a topic of issue with the
recent court case Apple vs. FBI which is also dubbed as the “Encryption
Debate”. The FBI wanted access to information on a locked iPhone that belonged
to a criminal who murdered fourteen people in San Bernardino, California
(Isaac). Apple was then asked to create a backdoor in their operating system
that would allow the government to get access to the criminal’s data. There are
numerous problems with this, the first one being that no one knew if the
attacker’s phone would have any useful intelligence or not. It is correct that
the man is a criminal and that trying to get any useful information out of his
phone is a good thing, but attempting to access this information by forcing the
manufacturer to change their entire product for everyone else so that the
government can spy on anyone is too gigantic of a request for this case. There
exists a commercially available tool called the IP-BOX that costs $350 and this
tool allows a user to brute force past an iPhone’s lock screen between six
seconds to seventeen hours (Brandom). All the FBI wants to do is to get access
past the criminal’s phone lock screen without wiping the data and a tool exists
to do just that. What this means is that there is no reason for the FBI to go out
as far as banning an entire security practice as a result of one man’s action.
An even bigger problem with what the FBI is trying to do is that creating a
backdoor in the security system of all iPhones just so that the government can
spy on data whenever they want is a huge breach of our rights. We are protected
by law to have privacy from the government such as the fourth amendment and
also the creation of a weakness in a security system could allow other
criminals to take advantage of it and steal valuable data. There exists no such
thing as a backdoor that can only be used by a certain person which in this
case is the government, if the backdoor is hardcoded into the software then
there is a definite possibility that a hacker can data mine how to exploit the
backdoor and use it for himself.
There is also a new bill proposed called the Compliance
with Court Orders Act of 2016 also known as the Feinstein-Burr proposal which
will effectively ban all end-to-end encryption (Cohn). End-to-end encryption is
used in a lot of programs that allows a secure flow of packets to be
transferred between two access points. These packets exchanged can only be
deciphered by one of the two access points and not even the creator of the
software would be able to access the information being sent (Goodnight). The
significance of this is that it is used in many programs that include
applications such as WhatsApp and Snapchat which are both applications used by
millions of people daily. The proposed bill if passed will allow the government
to force any device manufacturer, internet service provider, software
developer, and any other technology producing organizations to decrypt any data
encrypted under their services. Under this bill, all companies must create
software that allows their security programs to be breakable whenever the
government wants to. This is a cataclysmic shift in digital security if the
Feinstein-Burr proposal is passed by the government as all legal security
software must now have a method in which it can be compromised. Although this
ability to decrypt any encrypted data is supposed to be designed for the
government, it would be absolutely possible for criminals and terrorists to
gain access to this encryption breaking ability and potentially steal
information from anyone and everyone using that piece of technology. America is
about to become a lot less safe if no action is done to prevent it so I am
turning to you (ISC)² to help spread awareness about what is happening to encryption
and to convince people to contact their political representatives in order to
persuade them to reject the Feinstein-Burr proposal.
Who
is affected and why does it matter?
Encryption is implemented into every
phone, every computer, and almost any electronic device that collects data from
the consumer. Most people do not even know what encryption is and how it
protects them from criminals even though they use it on an everyday basis. This
is a fair statement to presume because people could go their whole lives not
knowing what encryption is and still take advantage of it by logging into their
Facebook account. People want to be as safe as possible, but do not necessarily
care to understand how they are safe, as long as everything is the way they
want it. The problem is that encryption is not like a physical lock in which
you can see on your door when it is doing its job, if encryption was banned
then all software programs would still operate the same with using the same
interfaces and coding. Imagine if the government was to ban the ability to lock
your door so that the police can come inside whenever they want to make sure
that you are not a terrorist. A large majority of people would not be okay with
that scenario and this is very similar to what is happening in the digital
world but no one is realizing it. The average person would not be able to tell
if a software includes encrypted security or not unless the person is tech
savvy or if they knew the features of the software that was created. The only thing
that changes by removing encryption is the accessibility of the information on
the phone and in this case knowledgeable criminals can take advantage of the
situation of encryption being banned since information inputted onto anyone’s
phone is vulnerable. Gaining the ability to spy on anyone’s information
whenever the government wants at the cost of every individual’s security being
lowered is not reasonable at all but since the case is going under the radar,
most people do not understand what is going on. That is why I need all the help
I can get in order to educate the people on security in order to protect
digital security.
Large organizations such as Google, Samsung, Facebook,
and all other technology based companies care immensely about this issue since
they all use encryption in their products (Grothaus). There are multiple
reasons why these companies do not want encryption banned, which first includes
the idea that the government is throttling their ability to create top of the
line products on purpose. Encryption does not create any direct harm or threat
to the government in the first place, so the government is exercising too much
power upon businesses with the Feinstein-Burr proposal. In addition, if the
proposal passes then hardware producing companies will have to make special
phones that fit within the government’s criteria to be ported to the United
States. The problem with this is that these phones are specially designed to be
less safe to use just because of the government’s will and the phone will not
protect their consumers to the maximum ability in which they could protect them.
Another point to be made is that if a criminal wanted to hide their data, since
they are already breaking laws they would likely use any method possible to
protect it. A criminal could simply use a phone from another country and attach
a SIM card that works with American cellular towers. Encryption will still be
legal everywhere except for America and this will cause us to take a colossal
step backwards in technological advancements in regards to national digital
security compared to the rest of the world.
How
can a difference be made?
Currently, there is no direct method or one answer
to protect the ability to use encryption forever. The Apple vs. FBI court case
for example cannot be influenced by anyone other than the court itself who
makes the final decision and powerful organizations that side with either Apple
or the FBI. The outcome of the court case can potentially create a streak of
laws in which the government gains exponentially more and more access to the
common man’s information or stop it right in its tracks until the government
finds a more constitutional way to gain more power. The good news is technology
companies such as Google and Samsung took Apple’s side which shows that these
type of companies are aware of the encryption debate and are making actions to
protect the ability to use encryption for everyone. Surprisingly, the NSA which
is a government organization like the FBI supported Apple in the court case
because they also agree with the fact that creating a backdoor and forcing a
company to create a flaw in their security software for government access is unconstitutional.
The NSA is famous for being exposed for spying on people and being guilty for
violating American’s human rights and freedom of information. The fact that
they are supporting Apple shows the dissidence between government organizations
and that not everyone in the government agrees that they themselves deserve
more power. The court case looks good for Apple, but this is only one aspect of
encryption’s current status of being in legal jeopardy.
Even though we the people cannot directly affect the
outcome of that court case, what we do know is that the biggest stakeholders of
encryption such as technology companies are not just sitting aimlessly without
doing anything. We, the people who care about digital security and want
encryption to stay legal, must find any way possible to prevent encryption from
weakening. What can be helped changed by the majority of the population is the
Feinstein-Burr proposal. It is crucial that this proposal goes viral in social
media and for people’s awareness of the bill to be maximized in order to get
people to support the cause of protecting encryption. To help teach individuals
who are uninformed, I request that the (ISC)² considers the promotion of
knowledge about encryption on their website, blog posts, and social media in
order to spread the word as far as possible. This could at least be a start to
creating more publicity about the encryption debate and the Feinstein-Burr
proposal since the biggest problem with why only a small percent of the
population has done anything about encryption is due to the lack of
information. The (ISC)² could also communicate with fellow non-profit
organizations that also advocate human rights and security in order to promote
a safer digital world for all people since encryption is relevant to every
single person living in the digital age. When explained in detail why
encryption protects our rights legally, all non-profit organizations that
supports human rights will join us and spread the word as well. The (ISC)² is
large, but the scale of our demographic is the entire population of the United
States so we are going to need all the help we can get in order to spread
awareness of the encryption ban. Also it is a fair assumption that the
demographic that reads the (ISC)² blog posts and social media are people likely
to already know about the encryption debate and the Feinstein-Burr proposal. It
is for these reasons that branching out in any way possible is vital in
promoting encryption.
Final
Words
As a mere computer engineering
college student, I want to do anything I can in order to create a smarter safer
future in the digital world that is upon us. As I began to educate myself
continuously about encryption and its uses, the more frustrated I became
knowing that the government is trying to weaken it. It made me realize that
this is an incredibly larger deal than most people make it out to be. The world
is evolving so fast that most people have trouble keeping up, and in today’s
world encryption is integrated into almost everything that is digital.
Cryptography has been used in societies for thousands years, and the moment it
is at its peak of usefulness is when the government decides that it should not
be used and this is a large driving force that encourages me to be passionate
about this issue. I hope the members of (ISC)² understand my point of view and
take action in accordance to my plan as it will help maintain the digital world
we have today.
Thank
You,
Pedrhom Nafisi
904-446-0635
Citations
Brandom,
Russell. "Why the NSA Is Staying out of Apple's Fight with the FBI."
The Verge. Vox Media, 09 Mar. 2016. Web. 11 Mar. 2016.
Grothaus,
Michael. "Apple vs FBI: Encryption, IPhones & Terrorism." Know
Your Mobile. Dennis Publishing, 10 Mar. 2016. Web. 11 Mar. 2016.
Isaac,
Mike. "Explaining Apple’s Fight with the F.B.I." The New York Times.
The New York Times, 17 Feb. 2016. Web. 21 Feb. 2016.
Cohn,
Cindy. "The Burr-Feinstein Proposal Is Simply Anti-Security."
Electronic Frontier Foundation. N.p., 08 Apr. 2016. Web. 10 May 2016.
Goodnight,
Eric Z. "What is Encryption, and Why Are People Afraid of It?" 30
November 2015. Web. 14 February 2016.
No comments:
Post a Comment