Encryption has become a very thorny subject of late, particularly in but not just limited to the US, which isn’t that surprising considering most of the tech companies of the world call the country their HQ. Although it has since slightly weakened its formerly strong language, the US government stands by its position. Speaking at the World Economic Forum in Switzerland, US Attorney General Loretta Lynch reiterated that position. The US doesn’t want encryption back doors. They just want access to encrypted systems through another door that isn’t the front. So maybe a side door perhaps.
A front door access to an encrypted system, whether a device or service, would be akin to a user giving another person, in this case the government, their access key. Normally, that should be enough, but the issue is for those instances where a user refuses to give up his or her Fifth Amendment right. In those cases, the government wants to be able to compel device manufacturers, service providers, and tech companies in general to give them access, which would imply that these companies either have duplicate copies of users’ keys or have special keys of their own that unlock special doors unbeknownst to users.
Ever since Edward Snowden’s whistleblowing, those companies, such as Apple and Google, have refused to store copies of those user keys on their servers. In the end, this practically absolves them of having to comply with law enforcement’s demands to hand over those keys, because they don’t exist in the first place. Now the US government wants the second route. The Attorney General calls it “the ability for companies to respond to law enforcement warrants, court-ordered, court-authorized requests for information.” Others just call it a backdoor.
The US federal government isn’t alone in this outlook either. China has already passed something similar and the UK is close to doing so via its Investigatory Powers Bill, which Apple has already publicly spoken out against. Inside the US, New York City and the state of California have separately but very similarly proposed laws that would do the same.
Unsurprisingly, it’s not a popular view among tech companies and privacy advocates and some governments have taken up that perspective as well. The Netherlands and, more recently, France have rejected bids to implement laws that would require companies, even foreign ones, to install such access points for governments to use. It is, at this point, a never ending back and forth that doesn’t seem to have any resolution forthcoming any time soon.