X

Trump presidency fuels heated encryption debate

Tensions mount at a cybersecurity event over Silicon Valley's role in helping law enforcement read encrypted terrorist communications.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read

Encryption is based on hard math, not compromises, EFF director Cindy Cohn says.

Seth Rosenblatt/CNET

Cindy Cohn says she's tired of having the same conversation about encryption .

That might be why Cohn, the executive director of the Electronic Frontier Foundation, made frank and impassioned comments throughout a debate held Wednesday between her and Daniel Rosenthal, the former director of counterterrorism at the White House who currently works at investigative firm Kroll.

"You're dumbing down everyone's security," Cohn said, if you're letting the government access encrypted data. The debate took place during the Versus16 conference in San Francisco put on by cybersecurity firm Vera.

Encrypted data is scrambled up so only the intended recipient can read it. It's also a controversial political issue. Privacy advocates and cybersecurity experts agree that encryption prevents the theft of data and keeps government surveillance in check.

But law enforcement officials warn they're losing valuable information because they can't access encrypted information when investigating crimes and terrorism. That concern became paramount earlier this year when the US Department of Justice tried to get court orders to force Apple to decrypt iPhones in multiple cases, one of which involved the iPhone 5C of a gunman in the attack in San Bernardino, California.

One person who criticized Apple for resisting that court order was Donald Trump, now president-elect of the United States. With a Trump presidency now approaching in January, his stance on encryption is one of the big open policy questions cybersecurity experts and privacy advocates have their eyes on. The debate may just be getting started.

So, that conversation Cohn is tired of? It usually starts with government and law enforcement officials calling on Silicon Valley to work hard to come up with a way to encrypt data without shutting law enforcement investigators out of terrorists' communications.

When Rosenthal began the debate Wednesday by making exactly that appeal, Cohn cut in with a quip.

"That problem with the sun coming up in the east -- you really gotta get on that," Cohn said.

Too many law enforcement advocates act like there must be a technical compromise that experts just are too stubborn to find. But that's not the case, because encryption is based on hard math, not compromises, Cohn said.

"Math doesn't work in the same way that a DC policy discussion works," she said.

Rosenthal said he feared a lack of compromise now could lead to more drastic measures by the government later. If there's another terrorist attack on US soil, "the cybersecurity community will be pushed aside, and people will tell the government, 'Do whatever you have to do to keep us safe.'"

Cohn replied that she didn't think compromising now would keep the US government from coming back later with more demands in the event of an attack. Scattered applause broke out in the audience.

Rosenthal said he doesn't think the US government has done enough to explain the threat of secret terrorist communications to the public.

"Terrorists are increasingly using encryption for their most sensitive operational planning," Rosenthal said. Without accessing the content of encrypted messages, law enforcement can learn who is in a terrorist network and where they are, but they won't be able to read a message that says exactly where their next attack will be, he said.

Declassifying more information about the threats that law enforcement are trying to protect the public from would also help earn the public's trust, he added.

Cohn replied that she didn't think that making encrypted communications accessible to law enforcement would solve the problem. Again, that's because encryption is based on math.

Anyone who understands the math behind the technology can build it, so if terrorists know that US companies will break their encryption for the government, they can build their own encrypted services.

"Strong encryption exists," Cohn said. "If you've got access to prime numbers, man, you can make a crypto algorithm."