May 4, 2016–Experts from different ends of the ideological spectrum today agreed that government mandates for tech-sector companies to create backdoors into encrypted devices and services would be harmful to advancing the goals of better information security, but they clashed over the value of intelligence and law enforcement agency surveillance programs. Speaking at an event organized by the Hudson Institute, Nadine Strossen, a professor at New York Law School and a former president of the American Civil Liberties Union, said she agreed with assertions that if the federal government were allowed to require – as the Federal Bureau of Investigation attempted to do earlier this year in litigation involving Apple, Inc. – companies to create security and encryption backdoors for the government’s benefit, the consequences would be dire if they were accessed by other parties with ill intent. 

“Exactly how serious the risks [of creating backdoors] are depend on exactly what the manufacturers would be expected to do,” Ms. Strossen said. “The worst case would be if Apple designed a code that would be capable of being used on Apple devices with the same operating system,” she said, adding, “If that leaks, the public danger would be catastrophic.”

 She also criticized the federal government for “overstating” its need in recent court actions to compel Apple to create workarounds to security and encryption technologies.  “The FBI insisted over and over again that it could not access the data” that it was seeking on Apple devices, yet “those claims turned out to be unfounded,” she said.

David Rivkin, a partner at Baker Hostetler LLP and a senior fellow at the Foundation for Defense of Democracies, said he agreed with Ms. Strossen on the encryption front.  “I don’t think that backdoors and mandatory encryption keys should be provided to law enforcement” because the risk of hackers and terrorists gaining access to the same workarounds would be a worse outcome than any benefit that the government would receive, he said.  “That data stream is going dark” to law enforcement, he said of encrypted communications.  And even if the government forced tech companies to provide encryption keys, criminals would still be able to generate their own communications encryption algorithms.   “It would not work, it’s not worth debating,” he concluded.

On the issue of federal government surveillance programs, particularly those involving the use of communications metadata, Ms. Strossen and Mr. Rivkin remained far apart.  Ms. Strossen asserted that the National Security Agency also overstated its case for the importance of using communications metadata to conduct surveillance, but she said it “backed down from its former extravagant claims” after the Obama administration and Congress moved to minimize the agency’s use of communications metadata.

She suggested that any government surveillance programs going forward should:  give the government the “burden” to support the program in detailed public statements;  be explained in public laws; be provided with safeguards against abuse; be subject to prior judicial authorization; be used only when necessary to achieve an articulated goal;  be the least intrusive means to achieve that goal; have benefits that outweigh harms, including to third parties and network service providers; and be overseen by a civilian government agency.

“Too much post-9/11 surveillance has not conformed to that framework, and has been the worst of both worlds – it has not made us more free, and it has not made us more safe,” Ms. Strossen said.

“I would engage in the most wide-ranging amalgamation of surveillance of most publicly available data” and apply cognitive computing technologies to that data, he said.  “If you put all of those things together, you can get some meaningful red flags” that would point law enforcement agencies to potential terrorism suspects, he said.  Mr. Rivkin also said he thought that objections to U.S. intelligence agency use of communications metadata were overblown, asking whether any target of such surveillance had been “punished, oppressed, put in prison, had accounts frozen?”

He also argued that increasing the involvement of federal judges in the process of intelligence agency practices oversight would be a “bad idea.” He said that judges should stick to the narrow issue of deciding whether warrants should be issued, and that Congress and the executive branch should improve the quality of their intelligence agency oversight. “Having the judiciary involve itself in something that is not judicial” is not a good idea, he said, adding,  “Let’s not idealize or over-venerate the idea that if you put a bunch of judges in there it would be better.” – John Curran, john.curran@wolterskluwer.com

Courtesy TRDaily