When “strong” encryption is weak

When “strong” encryption is weak


Interesting article in Forbes recently regarding encryption, the NSA, and Apple:

Apple CEO Tim Cook says no to NSA accessing user data

A few points to consider:

If Apple did have a backdoor, who would know?
Although the title of the article makes it appear as if Apple is bravely standing up to the NSA, the reality is a bit different. From the article:

Should companies give authorities “backdoors,” or easy access to their user data to investigate national security cases? And should companies be allowed to encrypt user data so that agencies that do gain access see only gibberish?

“We’ve said that no backdoor is a must, and we’ve said that encryption is a must,” Cook said after being asked about his privacy stance.

Cook publicly rejects including backdoors in their products for government agencies to exploit, and it makes good business sense for him to do so. If he did not, there would be a massive outcry from the tech community, and most likely Apple would lose a lot of business. However, how do we know that there are no backdoors in Apple’s products? It is not open-source, so there is no way to examine the code and make sure it is clean. For all we know, Apple products have backdoors in them now, but of course they are going to deny it publicly (and might be required to by the NSA).

“Strong” encryption is actually weak
How about this little Orwellian tidbit:

“Strong encryption is in our nation’s best interest,” he said, before quickly clarifying he means strong, not full encryption of email and online files. The nuance is that strong encryption would still give his agency access to user information while full encryption would make the data unreadable.

So, by “strong” he means “full of holes.” If there is a backdoor in a product, by definition it has weak security, as it gives the ability for an outside party (whether the NSA or a hacker or whomever) to access your data without your authorization.

True “full” encryption is needed to slow down the Surveillance State
I recognize that there are bad actors around the world who want to do us harm, and that their access to “full” encryption would make law enforcement’s job harder. However, it has been made clear in recent years that those in power cannot be trusted to use their power only against these bad actors. Mass surveillance has become the norm, and one is guilty until proven innocent in this Brave New World of ours. Hopefully, companies like Apple will include true “full” encryption in their products, without any backdoors or other weaknesses, to keep those in power in check.