Ride the Lightning

Mueller Report: Backdoor Encryption Debate is Still Alive and Well

April 24, 2019

We were pleased to be quoted with several other experts in Frank Ready's Legaltech News article (sub.req.)which focused on a particular section of the Mueller Report. Amid its many disclosures, the special counsel’s 448-page redacted report on Russia’s interference in the 2016 presidential election revealed that the investigation was stifled by the use of ephemeral and encrypted messaging systems.

“Further, the Office learned that some of the individuals we interviewed or whose conduct we investigated—including some associated with the Trump Campaign—deleted relevant communications or communicated during the relevant period using applications that feature encryption or that do not provide for long-term retention of data or communications records,” the report noted. “In such cases, the Office was not able to corroborate witness statements through comparison to contemporaneous communications or fully question witnesses about statements that appeared inconsistent with other known facts.”

Ready asked several experts whether the report would impact the debate around absolute encryption versus government backdoor access? Probably not, we all said, seeing as how Mueller’s report simply presents a new forum for old talking points.

April Doss, cybersecurity and privacy chair at Saul Ewing Arnstein & Lehr, called the competition between privacy interests and larger social needs an enduring challenge. “I don’t see this report taking center stage in this debate, but I do think it provides a broader range of examples as to where these challenges arise,” she said.

Doss cited page 44 of the report, which notes that the Russian Military Intelligence Service (GRU) communicated with WikiLeaks via Twitter private messaging and unspecified encrypted channels. “We can expect that limited the ability of the intelligence agencies to understand what this foreign adversary, the GRU, was trying to do.”

Just last fall, Five Eyes, a group consisting of governments from the U.S., Australia, Canada, the United Kingdom and New Zealand, released a communiqué asking tech companies to install backdoors in their encryption. But tech providers have generally resisted such efforts, arguing that installing backdoors to afford law enforcement access to the communications of potential bad actors would make their systems vulnerable.

Sensei Vice President John Simek saw the ongoing debate as cyclical, something that will enter the spotlight and then fade back out again with the turning of the news cycle. “It’s ongoing. I don’t know that it’s ever died nor do I think it ever will die. And anyone that’s in the security realm will tell you that it’s a bad idea, but if you’re a government employee, you’re under the significant misperception that it’s a good idea,” he said.

The very nature of communications like ephemeral messaging are part of what keep the conversation spinning like a hamster on a wheel. As I told Ready, people in the middle of divorces are often willing to pay big bucks in the hopes of reconstituting evidence of an affair. But chances are slim. “To be a good vendor, you have to tell them it’s a much longer shot with the ephemeral products,” I said.

I also noted that combating elicit activity conducted over ephemeral messaging will take a strong legal deterrent. “I think that is where they have to go. When this stuff carries jail time it’s serious.” Mind you, I was only referencing those who are under a legal duty to preserve messages!

And the debate goes on . . .

Email:    Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson