Monday, April 13, 2015

The NSA wants ‘front door’ access to your encrypted data

The systemic flaws in the front-door solution

The first problem with Rogers proposed front-door solution is that it’s a meaningless feel-good measure given the current regulatory structure of our national security system. Before the Snowden leaks, Google, Microsoft, and other digital providers were forbidden from disclosing that they’d received national security letters, even in aggregate. Thanks to Snowden, we now know that Yahoo went to bat for users, challenging the legality and authority of the NSA — and lost, every time.

Giving half a key to Google or Yahoo would be meaningless unless the company possesses the authority to refuse to use it. In theory, the court system offers robust oversight of how such capabilities are used. In practice, the FISA court has operated more like a rubber stamp body than an organization devoted to judicial oversight. The government, as a whole, doesn’t currently have a great track record of respecting suspects’ rights — the FBI is on record as ordering local police departments to drop cases rather than disclose how secret stingray hardware may have been used in ways that fundamentally violate those suspects’ Fourth Amendment rights.

The other systemic problem with Rogers’ suggestion is that it assumes a degree of trust between corporations and government at a time when such good feelings are at an all-time low. The NSA has demonstrated no practical ability to differentiate between friend and foe. Its decision to hoover up data running across Google’s transatlantic cables may have been legal, but it illustrated a total lack of respect for Google — and a willingness to resort to extrajudicial methods when it was convenient.

The NSA could avoid this problem by sharing the key with government-appointed escrows rather than corporations, but this simply hides the process from public view. That’s already extremely problematic.

http://www.extremetech.com/extreme/203275-the-nsa-wants-front-door-access-to-your-encrypted-data

No comments:

Post a Comment