in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Managing Smartphone Encryption: Rehashing Myths

The folks over at vice.com have commented on the latest smartphone security debacle – namely, the turning on of smartphone disk encryption by default – and the complaints from law enforcement over this decision.  Befitting the nature of the site, vice.com notes why law enforcement is wrong to raise the alarm.  And how some well-meaning people have bought into the arguments because they don't know better.

Encryption Wars Redux

What's probably most frustrating to people who are opposing the government's stance is that we've all been here before.  The encryption wars of the 1990s, where the government tried to rein in the use of cryptographic tools, covered the same arguments that are being made today, and led to the logical conclusion that backdoors should be anathema to everyone – including the government.

The government's requirement that a backdoor be installed on security solutions for law enforcement is beyond the pale because it can't be guaranteed that only the government will be able to use it.

Think about it.  Think about all the data breaches we've seen and heard of where hackers from Russia, or some Baltic state, or China, or wherever compromised the security of banking giants (who purportedly use the latest technology in security and hire the brightest), or the security of some government agency (including the military), or even the leading tech companies like Google.

Granted, in these cases, it wasn't really a backdoor that was manipulated – there aren't any backdoors, as far as I know – but bugs, security holes, and other weaknesses.  From a technical standpoint, however, there is no difference between these weaknesses and a backdoor, although there is a difference in terms of policy or intent: a backdoor is put there on purpose.

In other words, a backdoor is a weakness you plant on purpose.  That's it; nothing more, nothing less.  And while the government can promise to only use it in accordance with the law, what it cannot do is promise that everyone else who finds this backdoor will stick by that promise.

Or, as the authors at vice.com put it more eloquently:
So the next time a law enforcement official demands that Apple and Google put backdoors back into their products, remember what they're really demanding: that everyone's security be sacrificed in order to make their jobs marginally easier. Given that decreased security is only one of several problems raised by the prospect of cryptography regulation, you should ask yourself: Is that trade worth making?

It's like that Refrigerator Joke

This latest fight over encryption reminds me of that observation, that a person will open the fridge, late at night, looking for something to munch on.  He (or she – but usually he) finds nothing to his liking and closes the refrigerator door.  He then comes back 5 minutes later and opens it again, eyeing the contents again, then closes the door; and then comes back again… despite the fact that nothing has changed.

Likewise with encryption and the argument for a backdoor.  Nothing has fundamentally changed in terms of the argument against encryption (and hence the need for a backdoor), while the arguments for the use of encryption have increased dramatically.

Related Articles and Sites:
https://news.vice.com/article/what-default-phone-encryption-really-means-for-law-enforcement
 
<Previous Next>

Why You Shouldn’t Be Afraid of the Cloud

HIPAA Disk Encryption: Laptop Theft Affects 3400 In Georgia

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.