Encryption has never been so crucial for our online security as it is right now, yet so at risk – and even some cops are worried.
This is the technology that the best VPN and messaging apps use to scramble people's communications into an unreadable form to prevent unauthorized access. Yet, encryption is increasingly the target of lawmakers who are looking for ways to guarantee a way for authorities to access encrypted data.
The problem is that, experts have long warned, there's no way to create such a backdoor to encryption without inevitably undermining its level of protection. A crucial safety net, especially nowadays, as cyberattacks are getting increasingly more frequent and destructive.
It didn't, then, come as a total surprise that "A Shield in Uncertain Times: The Role of Encryption" was the theme of this year's commemoration for Global Encryption Day, which falls on October 21.
What was certainly more staggering was witnessing a former investigator join technologists and activists in the call to protect encryption.
Talking during an online discussion, James A. Baker, Former General Counsel of the US Federal Bureau of Investigation, said: "Encryption helps keep people safe. Encryption is vital to law enforcement to protect society."
Client-side scanning? "A fundamentally bad idea"
"Going dark" is the term that law enforcement uses to describe the inability to access digital communications due to strong encryption. An obstacle that, they say, makes it difficult to conduct investigations.
This debate, and the so-called "crypto-wars" that come with it, are nothing new. Yet, the novelty lies in how lawmakers have been trying to find a solution to end it, what's known as client-side scanning.
EU lawmakers are especially infamous for pushing this idea in what's been nicknamed the Chat Control proposal.
Here, Europeans' private chats could soon be scanned directly on the device in the lookout for child sexual abuse material (CSAM) before getting encrypted. According to Signal, this is exactly how malware works.
This is also the reason why the US halted the Online Safety Act's provision on encryption backdoors since "it's technically feasible to do so."
Baker also believes that client-side scanning is just "a fundamentally bad idea."
He said: "It won't help law enforcement to protect the people they want to protect, but it will expose them to more threats."
That's because, as technologists have said time and time again, it's not technically possible to build a backdoor that only law enforcement can exploit. This means that such a system would also create an entry point for cybercriminals and adversary governments into our private communications.
Baker, however, recognizes that law enforcement and lawmakers are under a lot of pressure to find a solution that can help investigators halt hideous crimes, like terrorism or child abuse, while maintaining online security for everyone.
Yet, he believes that focusing on encryption is not the right path.
He said: "Encryption is one of the tools we have to protect citizens and organizations. If we, as law enforcement, think we need to protect society, we need to factor that in and find a different way [to combat crimes]."
