The strong encryption debate… I have been researching FBI Director James Comey’s “Conversations” with the House of Representatives and with U.S. Senators, as well as anything having to do with the subject for the past 6 months or so. This has been taking up most of my time, as I am using the research for several courses in my last semester at W.G.U. My first research paper is for my English course and it just needs to be about 10-15 pages, however it has been taking me a long time since I keep finding more sources, and I am just about done with my annotated bibliography. This bibliography needs to have 10 sources cited using A.P.A formatting, along with a summary, Source Credibility, and Source Relevance for each source. This ‘annotated bibliography’ is almost 10 pages long itself, and I am looking into cutting it shorter to save some of this information for the actual paper.
Anyway, my thesis is similar to the following…
The United States government should not implement legislation to require device manufacturers and internet communications firms to put backdoors into their devices for law enforcement to be able to access users' encrypted data because this would only hurt United States companies since users wanting encryption would simply use services and devices from outside the United States and further complicating encryption with mandated exceptional access will only cause already complicated software to become more complicated and therefore will lead to more vulnerabilities. Backing up my argument I use the relatively small amount of available credible sources on this subject. I have had to use Hearings on C-Span and magazine articles since I have only found about 5 scholarly journals on the subject (available without paying a fee online).
Now of course, anyone who really understands encryption knows that only the sender and the receiver should be able to know what is in the message. However, this has actually become rare, as cloud services often keep a key that they use to be able to get into your data if they are presented with a court order. For example, Dropbox, OneDrive, and Google Drive all tell you that your data is encrypted, but that doesn’t mean that the provider cannot find out what you are storing, as long as you don’t pre-encrypt what you upload to the cloud, they have to be able to show you your data, like when you use a browser to access your cloud storage. This means that if the government goes to Google and gives them your email address, they can access your cloud drive data and give it to law enforcement. There are solutions that allow you to pre-encrypt your data before you send it up there (into the cloud storage) but what then happens is that if you use the providers methods of accessing the data, it will then be encrypted and unreadable until you use your encryption solution to enter the key and then be able to read your data again.
New York and California are attempting to pass legislation that will require device manufacturers to be able to decrypt any devices sold in those states, however, it is easy enough to purchase a mobile phone from anywhere in the world on the internet, so I don’t see how this is going to affect terrorists or criminals, who will most likely just purchase phones from elsewhere if this becomes law. If you want to read my paper you can download it from the following link, just click below and save it to your computer.
Encryption: Decriminalizing Necessary Security – DOI: 10.13140/RG.2.1.4874.0888