Backdoor Encryption Debate Back at the Forefront Thanks to Mueller Report
Among its many disclosures, the special counsel’s 448-page redacted report on Russia’s interference in the 2016 presidential election revealed that the investigation was stifled by the use of ephemeral and encrypted messaging systems.
"Further, the Office learned that some of the individuals we interviewed or whose conduct we investigated—including some associated with the Trump Campaign—deleted relevant communications or communicated during the relevant period using applications that feature encryption or that do not provide for long-term retention of data or communications records," the report noted. "In such cases, the Office was not able to corroborate witness statements through comparison to contemporaneous communications or fully question witnesses about statements that appeared inconsistent with other known facts."
All of this begs the question: Will the report impact the debate around absolute encryption versus government backdoor access? Probably not, experts say, seeing as how Mueller's report simply presents a new forum for old talking points.
April Doss, cybersecurity and privacy chair at Saul Ewing Arnstein & Lehr, called the competition between privacy interests and larger social needs an enduring challenge.
“I don’t see this report taking center stage in this debate, but I do think it provides a broader range of examples as to where these challenges arise,” she said.
Doss cited page 44 of the report, which notes that the Russian Military Intelligence Service (GRU) communicated with WikiLeaks via Twitter private messaging and unspecified encrypted channels. “We can expect that limited the ability of the intelligence agencies to understand what this foreign adversary, the GRU, was trying to do."
Just last fall, Five Eyes, a group consisting of governments from the U.S., Australia, Canada, the United Kingdom and New Zealand, released a communiqué asking tech companies to install backdoors in their encryption.
But tech providers have generally resisted such efforts, arguing that installing backdoors to afford law enforcement access to the communications of potential bad actors would make their systems vulnerable.
John Simek, vice president at cyber forensics and information security company Sensei Enterprises, sees the ongoing debate as cyclical, something that will enter the spotlight and then fade back out again with the turning of the news cycle.
"It’s ongoing. I don’t know that it’s ever died nor do I think it ever will die. And anyone that’s in the security realm will tell you that it’s a bad idea, but if you’re a government employee, you’re under the significant misperception that it’s a good idea," Simek said.
The very nature of communications like ephemeral messaging are part of what keep the conversation spinning like a hamster on a wheel. Sharon Nelson, president of Sensei Enterprises, said that people in the middle of divorces are often willing to pay big bucks in the hopes of reconstituting evidence of an affair. But chances are slim.
“To be a good vendor, you have to tell them it’s a much longer shot with the ephemeral products,” she said.
To be sure, there's no shortage of cheap and available ephemeral communications devices on the market. Last month, for instance, Facebook founder Mark Zuckerberg indicated that ephemeral messaging could play a big role in the future of the platform.
Nelson thinks combating elicit activity conducted over ephemeral messaging will take a strong legal deterrent. "I think that is where they have to go. When this stuff carries jail time it’s serious."
But it seems unlikely that the law will head too far in that direction any time soon, especially as the focus on privacy continues to sharpen within the United States.
Jarno Vanto, a partner in the privacy and cybersecurity group at Crowell & Moring, cited state-level efforts like the California Consumer Privacy Act, as well as calls in some circles for a federal privacy law as examples of the conversation trending towards the protection of electronic messages from third parties access.
“What I’m sensing is that this requirement for backdoors and government access to encrypted communications has taken a sidestep of that in the United States,” Vanto said.
