FBI Director Christopher Wray recently used every trick in the book to justify his dislike of user privacy, including the familiar three-word standby that should invoke more fear in a citizen than almost any other phrase uttered by a government official: for the children. When public opinion hasn’t gone their way, government leaders often rely on this appeal to the emotions of the typical voter. By sandwiching the meat of the ‘ask’ in between two hyperbolic slices of bread, the hope is that we will swallow the disgusting meal.
So just what did the Director try to sneak onto our menu? If you paid attention to his testimony, in between his discussion about online extremist groups organizing terrorist acts like the attack on the U.S. Capitol on January 6 and the need to combat online rings of pedophiles, he took a dig at end-to-end encryption.
“We are concerned about end-to-end encryption…We will not be able to get access to the content that we need to keep people safe.” – Director Wray
Just what is end-to-end encryption? It’s a method to scramble data, such as messages, in such a way that only the person sending the message and the person intended to receive the message can view it. Any third party, including hackers, who might intercept the message en route will see only a mess of unusable characters. There are numerous methods, but let’s take a common one known as the Advanced Encryption Standard (AES) with 256 bits, or AES-256. Think of AES-256 as a giant digital lock on your data, and only you and the intended recipient have the key. No one else in the universe has this key, so a hacker’s main option is a “brute-force attack.” Basically, they just guess what the key is until the lock opens. If your phone has a 4-digit PIN, there are 10,000 possible combinations from 0000 to 9999. A laptop running password cracking software could crack that in minutes. By using the AES-256 lock, however, you have 78-digit PINs with 2,256 possible key combinations. Cracking that takes a little longer…about 27 octillion years according to some estimates with today’s technology.
If you use a virtual private network (VPN), your Internet traffic is effectively locked in this way between you and the VPN provider. If you use the “encrypt” button on your emails, you’re doing almost the same thing. This is normally no problem unless you’re under investigation by the FBI.
What does the FBI want? Despite claims by Director Wray that they do not want a “backdoor” (i.e., a permanent key for all those digital locks), that’s basically what they’re asking. There’s no denying that it would make life easier for law enforcement if people had no way to digitally lock up their data. It would also be easier if they could conduct constant surveillance on everyone, get rid of that pesky Fourth Amendment to the Constitution of the United States, and implant us with tracking microchips in the name of public safety—“for the children.”
This debate isn’t new, but as a cybersecurity expert in the field, with the United States still reeling from major security breaches of late, including the SolarWinds and Microsoft Exchange Server hacks, I say that demonizing end-to-end encryption is the last thing this country should be doing. If there are break-ins in your neighborhood, you don’t want the police telling you to unlock all your doors so it’s easier for them to investigate, do you? The very idea is ludicrous on its face.
I support the FBI and its mission, and I sympathize with the difficulties they have in helping to prevent terrorist attacks and bring other criminals to justice. We can’t, however, sacrifice civil liberties, personal privacy, or at the very least sound cybersecurity practices in the name of making things easier for law enforcement.
J. Dallas Brooks is an Air Force veteran writer, cybersecurity expert, and adjunct professor of Cybersecurity who lives with his family on their ranch in southern Colorado. Find him on Twitter @GenXCandide or at www.jdallasbrooks.com.