Crossroads Blog | CYBER SECURITY LAW AND POLICY

Current Affairs, Cyber Legislation, encryption

The Blind Leading The Blind: CA and NY Push anti-encryption for smartphones

California Joins New York in Opposing Phone Encryption (ComputerWeekly.com):  Warwick Ashford, writing for Computer Weekly reports that now California is joining New York in considering legislation to force technology companies to give law enforcement workaround to access encrypted devices.  Ashford states that the means proposed by New York and California to access encrypted data are similar; however the ends are somewhat divergent as the NY focus is on countering terrorism whereas California is focused on eliminating human trafficking.

The article posits that were these proposals to be passed then businesses in New York or California that require encrypted devices would be forced to buy or lease said devices from suppliers that from outside states.  Furthermore, the tech companies themselves are staunchly opposed to back-door access to encrypted devices, according to the article.

So is the NY and California approach more a “blind leading the blind”, or perhaps “dumb and dumber”?   The California Assemblyman that is spearheading this legislation, Jim Cooper, readily admits that 99% of Californians’ phones would not be involved in any law enforcement operations, yet this legislation would make 100% of all the California devices more vulnerable to hacking, according to Ashford.

Cooper, apparently not a strong Constitutional advocate is quoted in the article as saying “… Human trafficking trumps privacy, no ifs, ands or buts about it”. This view seems to be in opposition to some recent high-profile Supreme Court cases, but why let a silly thing like the Constitution or the Supreme Court get in the way of really good legislation.  Meanwhile, the Dutch government has taken the view that strong encryption is vital to protecting national interests and the protection of citizens, reports Ashford.

If we ignore the privacy argument, the role of smartphones and their manufacture and sale in interstate commerce, then New York and California might be able to make a case for restricting the sale of encrypted devices that don’t allow back-door access for law enforcement.  Of course, if we look at the Constitution or the Supreme Court’s interpretation of privacy rights these proposed pieces of legislation seem like nothing more than grandstanding and trying to appeal to the “flavor of the month”.  One needs to look at the overall picture and understand that the introduction of back-doors for access to encrypted data merely simplifies the state and non-state actors ability to obtain and exfiltrate data.  If we develop a blanket policy with respect to encryption then we chip away at the very foundation of internet communication and the ability to establish secure communication channels for the transmission of sensitive data (i.e. performing financial/banking transactions, encrypting sensitive corporate data such as trade secrets, etc.).

It is, therefore my opinion that if you want my encrypted data you will have to pry the private keys from my cold dead hands — no secret backdoor access should be allowed.

Leave a Reply