The US Federal Trade Commission (FTC) has fired a second shot at the FBI over its demand for backdoors in encryption systems.
Following a blog post last month by the regulator's CTO in which he outlined why he was glad to have strong firmware encryption after his laptop was stolen, today FTC Commissioner Terrell McSweeny has also outlined why encryption is a good thing – and carefully suggests that introducing a way to undermine it may not be such a great idea.
"Now, more than ever, strong security and end-user controls are critical to protect personal information," McSweeney wrote in a blog post on Thursday.
She goes on to highlight areas where strong protection of data is vital going forward: the "internet of things" where "addressing privacy and security is vital to achieving that potential"; the vast databases that companies are creating but which need to be secured; and products such as smartphones that store more and more of our personal information.
She also wades into the disk encryption area seemingly in full support of it: "Disk encryption can protect information stored on the hard-disk from unwanted access, and hardware passwords essentially prevent machines from being used without the password. Using these tools can also make it easier for consumers to recover lost or stolen devices."
Then comes the shot at the FBI and the NSA – which have both argued in recent months for special access to encryption systems so they can see what is going on globally – something that technologists, tech companies, and Senators have been less than excited about.
"Encryption and end-user protections can raise issues of access for law enforcement," McSweeney notes. "Some argue that data storage and communications systems should be designed with exceptional access – or 'back doors' – for law enforcement in order to avoid harming legitimate investigative capabilities. However, many technologists contend that exceptional access systems are likely to introduce security flaws and vulnerabilities, weakening the security of products."
She notes that this argument is "hardly new," but argues things are a little different these days: "What is changing is the extent to which we are using connected technology in every facet of our daily lives. If consumers cannot trust the security of their devices, we could end up stymieing innovation and introducing needless risk into our personal security. In this environment, policy makers should carefully weigh the potential impact of any proposals that may weaken privacy and security protections for consumers."
In other words, don't be stupid.
The fact that this argument comes in the form of a blog post on a third-party site is a sign that the regulator has no real jurisdiction over what the FBI does or does not do, and that the FTC does not have a formal position on encryption, but it is a clear sign that there will be some significant opposition within the government to forcing backdoors into products. ®