The NSA Wants a Skeleton Key to Everyone’s Encrypted Data

 

Like it or not, you are your data. In this day and age, your receipts, social media activity, public records, GPS data, and Internet search history are the proof of who you are. And while you may have thought you had secrets, the Federal Government would like them.

The seemingly innocuous pieces of information we trade away every day create a detailed mosaic of our lives used to target advertising and create personality profiles that are exploited by the FBI, political operatives like Cambridge Analytica, and Russian propagandists.

And those are just the legal shenanigans! Instances of malicious hacking that jeopardize social security numbers and other important data are on the rise as well.
But all hope is not lost! There is but one meaningful defense against such intrusions, one used by whistleblowers, banks, the government (often poorly), and college students: encryption.

Encryption Is Powerful, so Naturally the Government Wants to Control It

Encryption, to oversimplify, is the process of putting your data in a combination locked safe, and it’s becoming more and more popular. Like all passcodes, these combinations are best stored non-electronically.
Automatically encrypted search engines and Internet services simplify the process for users. They protect individuals’ data from hacking, theft, and even the government, but they also retain a repository for all the combinations they use to lock data up.
But that may soon change.

If the executive agencies have their way, the NSA will have a record of every lock combination in use by every company – a skeleton key, if you will, to gain access to your digital home, papers, effects, and aspects of your person without warrant or probable cause – effectively mandating that companies hand over skeleton keys to the locks that they provide to their users, at any time: what they call “exceptional access”.

This is this Trojan horse that the NSA means to use to gain access to your private data even when it is encrypted.
Inherently, these central repositories for lock combinations are far more susceptible to brute force hacking than a distributed system wherein every individual secures their own lock combinations. Skeleton keys can be handy or, if they fall into the wrong hands, devastating.
This is this Trojan horse that the NSA means to use to gain access to your private data even when it is encrypted.

The NAS Proposal

In February, the prestigious National Academy of the Sciences (NAS) prepared “A Framework for Decision Makers” addressing encryption. Their solution? You guessed it: exceptional access. Even though their report has slipped under the radar, NAS reports often carry a lot of weight in Congress and within executive agencies, and it seems this one has.

But, importantly, a key source for the NAS report has cried “foul”.
The Electronic Frontier Foundation (or EFF) is the foremost mainstream defender of the First Amendment online. They are concerned that they were dismissed by the NAS proposal, calling it, “At best, unhelpful”.

The NAS proposal practically accepts that the federal government should have “backdoor” access, in some way, to all encrypted information. They suggest that the proliferation of strong encryption technology at the individual level would only help the bad guys. Exceptional access, however, would entrust the world’s most often hacked government entity with the guardianship of the entire nation’s data, and put companies like Facebook in charge of keeping it otherwise secure.

Even if you do undertake the process of encrypting your own data, something the CIA would consider in and of itself a “red flag”, any executive agency with exceptional access could demand a copy of your combination up-front.

A Government Skeleton Key Won’t Make Us Safer

Personal, strong encryption isn’t only the tool of criminals, spies, and whistleblowers. It is the surest defense against all forms of data theft, be it by state or non-state actors. If we forfeit this freedom in the name of security, we will surely lose the power of both.

It is vital to our individual and national security that our people, not just our service providers, have the robust means to protect their data and themselves without the risk that the supposed guardians of security ultimately turn out to be the very source of our insecurity, either by malice or malpractice. That is the purpose of the Fourth Amendment, after all.

Under the combination of The Patriot Act and FISA (Federal Intelligence Surveillance Act), any unusual metadata is grounds for full collection. Strange travel patterns, irregular spending, even sketchy Google searches, if they create “reasonable suspicion” of anything the secret FISA court deems worthy of further collection, more will be obtained.

Which leaves us with these crucial questions: are we really in as much danger as we believed we were immediately following the attacks of September 11th, 2001? Is the security we are actually gaining through the Patriot Act and the attack on private encryption worth the cost of freedom lost? Moreover, is centralized security really the only way to achieve security? As more of our lives are lived in the form of electronic data, that is a debate worth having.

 

yogaesoteric
April 22, 2018

Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More