Civil Liberties

Feds Twist Tech Companies' Arms for Backdoor Access to Encryption

|

Reason 24/7
Reason

With all of the recent revelations about government snooping on phone calls and Internet activity, the natural reaction of the tech savvy has been to turn to encryption to put their communications beyond the reach of snoopy officials. For people less willing or able to master encryption software, many Internet companies are easing the process by building electronic security into their services. As it turns out, this concerns government officials to such an extent that they're demanding the keys to the store from companies great and small, so that they can peruse files, posts and emails at their leisure.

From CNet:

The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping.

These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.

If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption—which often appears in a browser with a HTTPS lock icon when enabled—uses a technique called SSL, or Secure Sockets Layer.

"The government is definitely demanding SSL keys from providers," said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.

If you're saying to yourself, "Wow, I didn't know the law let the feds do that," well, you're in good company. The law doesn't seem to let the feds demand that people build holes into their encryption (although this is a new and unclear area). But really, what's a lack of legal authority when you have the ability to strong-arm companies into compliance?

The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. "I believe the government is beating up on the little guys," the person said. "The government's view is that anything we can think of, we can compel you to do."

It's good to be king. Especially if you're nosy.

Follow this story and more at Reason 24/7.

Spice up your blog or Website with Reason 24/7 news and Reason articles. You can get the widgets here. If you have a story that would be of interest to Reason's readers please let us know by emailing the 24/7 crew at 24_7@reason.com, or tweet us stories at @reason247.