Bypassing Encryption Measures: The Security Implications

encryption bypassed security

Law enforcement and security experts are once again at battle over the thorny issue of data privacy. It was recently announced that federal agencies were unable to unlock the smartphone of the man responsible for the mass shooting at a church in Texas, which took 26 innocent lives. The situation has once again ignited the debate over the use of encryption. Allowing access to smartphones without undermining protection features offered by encryption technologies is a real challenge in this debate. And it’s more than just privacy that is at stake. This blog post will attempt to discuss why mandates by federal agencies to instill encryption bypass features in smartphones and other devices can be potentially dangerous for everyone.

Types of Smartphone Encryption

To unwind the debate a bit, understanding the different types of encryption in smart devices is necessary. For law enforcement, there are generally two types of encryption found in smart devices which protect information they may want to access as key pieces of evidence for ongoing criminal investigations.

The first type of encryption covers “data in motion,” which encrypts data that is moving through a network — in other words, messages transmitted from one device to another. This can include end-to-end encryption, which is considered the most secure kind of communications encryption, Some examples that utilize end-to-end encryption include Apple’s iMessage, Facebook’s WhatsApp, and Line. Then, there is encryption for “data at rest,” which encrypts data that is stored inside the device itself.

Encryption is designed to stop unauthorized access to private information. However, this private information could allow law enforcement officials to prosecute criminals in a court of law. As a result, enabling encrypted communications poses a challenge for government officials since even phone makers and app developers cannot access encrypted messages and data messages. Furthermore, it is virtually impossible to obtain the keys for decryption, especially for end-to-end encryption.

Why Are Backdoors So Dangerous?

As we’ve established, encryption makes it difficult for outsiders like federal agents to tap into smartphones. For this reason many government bodies are advocating and even pressuring tech companies to integrate backdoors that can allow these governmental bodies to bypass device security features like encryption when situations like this arise.

This way, they can catch and process criminals more effectively if incriminating data is found. However, this can be potentially dangerous as it leaves the rest of us, the general public, vulnerable. Backdoors meant to access and read data and messages leaves opens a “door” for hackers to break into, increasing the risk of data tampering for millions of people.

Non-Encryption Workarounds  

However, bypassing isn’t the only option. There are other alternatives that law enforcement can implement as to not leave smart devices vulnerable to new backdoors that could be exploited by malicious hackers. Law enforcement can work together with the tech community and use existing resources in their possession to get the information they require. For example, law enforcement officials could use geolocation tracking across multiple platforms, including social media, data on the cloud (which can be accessed with the help of third-parties), and Internet service provider (ISP) logs, which can expose potential criminal activity on the Internet. Another option worth looking into is utilizing existing vulnerabilities for wiretapping on the Internet, but this may raise some ethical hacking concerns among the cyber community.

Privacy is something we all care about. But the debate that we are currently seeing between law enforcement and security experts raises more than just the privacy concerns of a single individual. Backdoors have the potential to compromise the privacy of millions of others for the sake of prosecuting one individual. For this reason, many are weary of methods to bypass encryption features. Where do you stand in the debate?