Encryption, code breaking, going dark | Homeland Security Newswire

EncryptionBring in the nerds: EFF introduces actual encryption experts to U.S. Senate staff

By Andrew Crocker and Nate Cardozo

Published 7 May 2018

Policymakers hear frequently from the FBI and the Department of Justice about the dangers of encryption and the so-called Going Dark problem, but they very rarely hear from actual engineers, cryptographers, and computer scientists. Last week in the U.S. Capitol Visitor Center, the Electronic Frontier Fundation (EFF) convened a closed-door briefing for Senate staff about the realities of device encryption.

Last week in the U.S. Capitol Visitor Center, the Electronic Frontier Fundation (EFF) convened a closed-door briefing for Senate staff about the realities of device encryption. While policymakers hear frequently from the FBI and the Department of Justice about the dangers of encryption and the so-called Going Dark problem, they very rarely hear from actual engineers, cryptographers, and computer scientists. Indeed, the usual suspects testifying before Congress on encryption are nearly the antithesis of technical experts.

The all-star lineup of panelists included Dr. Matt Blaze, professor of computer science at the University of Pennsylvania, Dr. Susan Landau, professor of cybersecurity and policy at Tufts University; Erik Neuenschwander, Apple’s manager of user privacy; and EFF’s tech policy director Dr. Jeremy Gillula.

The discussion focused on renewed calls by the FBI and DOJ to create mechanisms to enable “exceptional access” to encrypted devices. EFF’s legislative analyst India McKinney opened the briefing by assuring staff that the goal of the panel was not to attack the FBI’s proposals from the perspective of policy or ideology. Instead, our goal was to give a technical description of how device encryption actually works and answer staff questions about the risks that exceptional access mechanisms necessarily introduce into the ecosystem.

Dr. Blaze framed his remarks around what he called an undeniable “cybersecurity crisis” gripping the critical information systems we all rely on. Failures and data breaches are a daily occurrence that only come to the public’s attention when they reach the catastrophic scale of the Equifax breach. As Blaze pointed out, “security is hard,” and the presence of bugs and unintended behavior in software is one of the oldest and most fundamental problems in computer science. These issues only become more intense as systems get complex, giving rise to an “arms race” between those who find and fix vulnerabilities in software and those who exploit them.