Latest in Gear

Image credit: Reuters/Lucy Nicholson

DOJ renews push to require access to encrypted devices

It's hoping researchers will tell it what it wants to hear.
355 Shares
Share
Tweet
Share
Save

Sponsored Links

Reuters/Lucy Nicholson

No, US law enforcement hasn't given up on its dreams of forcing tech companies to allow access to encrypted devices. New York Times sources have learned that the Department of Justice and the FBI have been meeting with security researchers in an effort to develop systems that would let police reach encrypted data without making them vulnerable to hacking. At the same time, officials have reportedly renewed talks about asking Congress to draft and pass legislation requiring the use of those mechanisms. The White House circulated a memo in February giving agencies ways to consider "solving the problem," according to the news outlet.

None of the agencies involved have commented on the report, although the tipsters stressed that there weren't any imminent moves. The new conversations involved former Microsoft exec Ray Ozzie, former Intel security chief Ernie Brickell and UC San Diego professor Stefan Savage. The focus was on unlocking device data rather than trying to intercept messages.

It's not certain which ideas would have sway. However, Ozzie has been working on a system where a device would generate a post-encryption key that would live on-device in a separately encrypted storage area. In theory, only the manufacturer could access that key and unlock the main partition at will. The Obama administration had explored a similar approach, but had been stuck on the possibility that crooks might find a way to delete access keys or to find firmware that didn't have the key (say, devices from other countries). The current DOJ is wondering if the solution really needs to be airtight, according to sources -- the key approach would be considered good enough for "ordinary" crooks who wouldn't have the know-how to delete the key.

The new push is still unlikely to please many privacy advocates and security experts. Both camps maintain that there's no such thing as a device that's open to law enforcement, but secure against malicious intruders -- if you introduce a vulnerability for one side, you introduce it for everyone. What's to stop rogue developers from writing tools that make it easy to strip the secret key? There are also philosophical problems. Mandatory access implies that the government has a right to access user data, and that this right is ultimately more important than the security risk it might create for innocent people.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
355 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Volta Football is exactly what 'FIFA 20' needs

Volta Football is exactly what 'FIFA 20' needs

View
Skullcandy's Crusher ANC block noise while you feel the bass

Skullcandy's Crusher ANC block noise while you feel the bass

View
Zero's 2020 electric motorcycles include one that's loaded for adventures

Zero's 2020 electric motorcycles include one that's loaded for adventures

View
‘Call of Duty’ comes to mobile on October 1st

‘Call of Duty’ comes to mobile on October 1st

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr