{"id":6054,"date":"2017-08-04T07:41:33","date_gmt":"2017-08-03T23:41:33","guid":{"rendered":"https:\/\/www.curtin.edu.au\/news\/dangerous-precedent-tech-giants-refusing-decrypt-users-data\/"},"modified":"2023-03-24T15:44:38","modified_gmt":"2023-03-24T07:44:38","slug":"dangerous-precedent-tech-giants-refusing-decrypt-users-data","status":"publish","type":"post","link":"https:\/\/www.curtin.edu.au\/news\/dangerous-precedent-tech-giants-refusing-decrypt-users-data\/","title":{"rendered":"A dangerous precedent: why the tech giants are refusing to decrypt users\u2019 data"},"content":{"rendered":"

With so much of our sensitive, personal information being digitised these days, it\u2019s comforting to know that it\u2019s protected by encryption technology so robust it can\u2019t be accessed by any unauthorised party \u2013 even the most powerful intelligence agencies in the world.<\/p>\n

But in recent years, an increasing number of nations, including Australia, have been pushing the likes of Google and Facebook to break that encryption. Politicians argue that gaining access to the personal data of terrorists would be a highly effective and reasonable course of action, but their frustration has steadily mounted after a series of unsuccessful attempts to force the hand of tech companies to help.<\/p>\n

In the wake of the horrific 2015 San Bernadino, California shooting, Apple refused to help US authorities unlock the iPhone of attacker Syed Farook. After the Manchester bombing in May 2017, messenger service Whatsapp wouldn\u2019t decrypt the messages of the attacker Khalid Masood. Their reason? They say any tool they come up with to decrypt data will inevitably create a \u2018backdoor\u2019 \u2013 a vulnerability in the system that will inevitably be exploited by hackers. This, they say, would present an even greater risk.<\/p>\n

In June 2017, heads of the intelligence services of Canada, New Zealand, Australia, the UK and the US \u2013 known as the \u2018Five-Eyes\u2019 alliance \u2013 met in Ottowa, where they agreed to \u201cexplore shared solutions\u201d to the encryption stalemate.<\/p>\n

Fresh from that meeting, Prime Minister Malcolm Turnbull joined Attorney General George Brandis and Australian Federal Police Commissioner Michael Phelan in July to announce new Federal laws that will oblige a range of social media platforms to allow access to users\u2019 data. He declared the laws \u201cvitally important reforms to keep Australians safe.\u201d<\/p>\n

But the actual effectiveness of such laws is unclear, as the tech giants, mostly based in California, fall outside Australia\u2019s geographical jurisdiction. And they remain steadfastly defiant.<\/p>\n

American cybersecurity expert and Curtin alumnus Dr Richard Forno explains that although the political attacks against encryption are in the interest of public safety, potential future government-mandated weaknesses in encryption technology would leave the personal data of law-abiding web users significantly more vulnerable to hackers.<\/p>\n

\"Dr
Dr Richard Forno<\/figcaption><\/figure>\n

\u201cI think the renewed push for controlling, limiting or \u2018backdooring\u2019 encryption in recent years may look attractive to politicians eager to show they are doing something against terrorism or crime, but in the end it will result in a less secure internet for everyone,\u201d he says.<\/p>\n

\u201cWe fought this battle in the early 1990s when the modern internet was new, but sadly, these same issues and the so-called \u2018War on Cryptography\u2019 have returned \u2013 only now the internet is an indispensable part of modern society, and making it less secure is not a good idea for many reasons.<\/p>\n

\u201cShould weakened encryption become reality through legislation, the \u2018bad guys\u2019 will simply create and use their own encryption technologies, staying ahead of the good guys, so the only folks really impacted will be law-abiding governments, companies and citizens now being forced into using less-secure technologies and thus made more vulnerable to online attacks.”<\/p>\n

Forno was one of the early researchers on the topic of \u2018information warfare\u2019 and has has forged a highly successful career as a cybersecurity advisor to an impressive list of clients, spanning military, government and commercial sectors in his US homeland. In 1996 he helped build a formal cybersecurity program for the United States House of Representatives.<\/p>\n

In 2010 he received a PhD in Internet Studies from Curtin.<\/p>\n

These days, he directs the Graduate Cybersecurity Program at University of Maryland, Baltimore County (UMBC), serves as the Assistant Director of UMBC’s Center for Cybersecurity, and is a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society.<\/p>\n

He says attacking encryption is simply too dangerous a precedent.<\/p>\n

\u201cThe bottom line,\u201d he says, \u201cis that governments are going to have to learn to adapt with the times and the reality of modern technology, even if it means some of their prior capabilities to monitor communications become reduced.\u00a0After all, you can’t halt innovation or human ingenuity \u2013 either for the bad people or the good ones.\u201d<\/p>\n

If data encryption is so strong, why do we still have cyberattacks?<\/h2>\n

Cyberattacks are still common because there are plenty of other weaknesses that cybercriminals can target \u2013 the most common being our trust. Forno explains.<\/p>\n

\u201cWhen you think about it, people are the cause of, and can be the solution to, nearly all of our cybersecurity problems, but unfortunately while the human brain is the most complicated computer in the world, it’s also the one most easily compromised,\u201d he says.<\/p>\n

\n

What is phishing?<\/h3>\n

Phishing is an attempt to gain access to sensitive information, such as credit card details or passwords, often by directing a web user to a fake website that resembles a legitimate one. It\u2019s any online scam that exploits the trust of the victim.<\/p>\n<\/div>\n

\u201cDespite all the tools, techniques, policies, and procedures implemented, companies frequently fall victim to common attacks such as phishing or social engineering.\u00a0What explains that, other than the end-user being tricked?\u00a0After all, the potential for being tricked isn’t something exclusive to the internet \u2013 it\u2019s part of the human condition.\u201d<\/p>\n

The crippling WannaCry and Petya ransomware attacks in 2017 are good examples of this. They were created by criminals with high-level technical knowledge, but their effectiveness relies on victims being tricked into downloading seemingly innocent files containing the malicious software. Once on the victim\u2019s machine, it encodes the data with a unique encryption, which the hackers promise to unlock on payment of a ransom.<\/p>\n

Forno says the technical side of cybersecurity is therefore only part of the equation, and that<\/p>\n

\u201cTo be a good cybersecurity professional, you need to be a decent geek \u2013 that is, you need some familiarity with the technology involved,\u201d he says, \u201cbut my view, after 20 years in the cybersecurity industry and now as an educator, is that knowing about people is just as, if not more, important.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

The likes of Apple and Whatsapp have so far refused to help authorities access the private messages of terrorists. And for good reason.<\/p>\n","protected":false},"author":5,"featured_media":6055,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","wds_primary_category":0,"wds_primary_research-areas":0,"footnotes":""},"categories":[3],"tags":[],"research-areas":[],"class_list":["post-6054","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-campus-and-global-community"],"acf":{"post_options":{"":null,"additional_content":{"title":"","content":"","image":false},"related_courses":[{"title":"Internet Communications","qualification":"","link":"http:\/\/courses.curtin.edu.au\/course_overview\/postgraduate\/Internet-comm","description":"Learn essential skills and develop deeper understandings of the growth, uses and application of the Internet in many fields.","faculty":"Humanities"}],"credits":{"author":"","photographer":"","media":false},"display_author":true,"banner":{"image":false}},"post_components":false},"featured_image":"https:\/\/www.curtin.edu.au\/news\/wp-content\/uploads\/2022\/07\/whatsapp.jpg","author_meta":{"first_name":"Jarrad","last_name":"Long","display_name":"Jarrad Long"},"publishpress_future_action":{"enabled":false,"date":"2026-04-17 09:03:33","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/posts\/6054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/comments?post=6054"}],"version-history":[{"count":0,"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/posts\/6054\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/media\/6055"}],"wp:attachment":[{"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/media?parent=6054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/categories?post=6054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/tags?post=6054"},{"taxonomy":"research-areas","embeddable":true,"href":"https:\/\/www.curtin.edu.au\/news\/wp-json\/wp\/v2\/research-areas?post=6054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}