On encryption, big tech isn't budging

The importance of cybersecurity
The importance of cybersecurity
Costolo: Social media is doing enough in encryption debate
Costolo: Social media is doing enough in encryption debate
'No good way' to allow government encryption access: Pro
'No good way' to allow government encryption access: Pro

The Paris terror attacks have reignited the debate around privacy and security, with a number of prominent U.S. officials, including CIA Director John Brennan and California Sen. Dianne Feinstein, blaming encrypted technology and recent curbs on intelligence-gathering for empowering the terrorists.

And while it is unclear what role, if any, encrypted communication played in the attacks, there are already voices in and out of government demanding law enforcement be given access to electronic communication.

But the tech industry — which has led the charge in favor of private, encrypted communications — so far isn't budging.

"I view encryption like many view the 2nd amendment," said Mark Cuban in a post on his Cyber Dust messaging app — a service that deletes user's messages 24 seconds after they are read. "Encryption is a fundamental underpinning of the freedom of speech."

In Europe, the U.K. is considering the Investigatory Powers Bill, also known as the Snoopers charter, which would force tech companies to help provide unencrypted communications to police or spy agencies, fueling fears that companies could be forced to terminate end-to-end encryption.

Tim Cook
Mike Blake | Reuters

Apple CEO Tim Cook recently spoke out against this in an interview with The Telegraph newspaper on Nov. 10. "To protect people who use any products, you have to encrypt. You can just look around and see all the data breaches that are going on. These things are becoming more frequent. They can not only result in privacy breaches but also security issues," said Cook.

Cybersecurity and privacy experts CNBC spoke with universally agreed that the benefits of encryption far outweigh the potential threats raised by lawmakers.

"Today, every online communications platform offers encryption to their users. The motivation for doing so is the desire to protect people's privacy and safety. It protects people from cybercriminals from stealing information or in more extreme cases it protects people from more dangerous issues," said Fortinet director Deena Thomchick.

Silicon Valley security CEOs on info sharing act

"These types of platforms have been used to coordinate positive reforms in any number of countries and this same encryption protected the people involved in those activities. For this reason, a few years ago a number of major platforms in the social media and information-sharing space decided to default to always encrypting communications. Unfortunately, these same technologies developed to protect individuals are sometimes used by bad actors to hide criminal activity," she said.

Ben Johnson, former NSA employee and Bit9+CarbonBlack chief security strategist, agreed. "The problem is that when the bad guys can use the same technology, the same information, the same process as the good guys, how can you stop only the bad guys from using it?"

The Electronic Frontier Foundation also weighed in, issuing a statement. "These heinous attacks must not be used to justify further erosion of our security, civil liberties or privacy," wrote EFF executive director Cindy Cohn. The privacy advocacy organization points out that there has been no public confirmation that the terrorists used end-to-end encryption, nor that it was the encryption of communications that caused the intelligence agencies to fail to detect the plot.

"What we do know is that strong encryption is crucial to allow political organizers, government officials and ordinary people around the world to protect their security, privacy and safety from criminals and terrorists alike. Any 'back door' into our communications will inevitably (and perhaps primarily) be used for illegal and repressive purposes rather than lawful ones," wrote Cohn.

The biggest problem is that the US cannot get a backdoor in all encryption software. It is simply not practical.
Peter Firstbrook
Gartner analyst

So-called back doors would enable government agencies to access encrypted communications using keys provided by tech companies. That opens up a whole new set of issues, said Gartner analyst Peter Firstbrook.

"The biggest problem is that the U.S. cannot get a back door in all encryption software. It is simply not practical. The terrorists will simply switch or overlay encryption tools to avoid surveillance," he said.

If the government has a back door, said Firstbrook, it will weaken encryption and eventually get discovered by bad actors and used to steal personal, identity and banking information. Quite apart from the security and privacy issues, there are commercial concerns, a big problem for Silicon Valley. "If the U.S. government has a back door in U.S. products, it will kill the international appeal of U.S. products. What foreign government or citizen will buy an Apple iPhone or Android phone if they knew the U.S. CIA can crack the encryption used?"

Most people who endorse a back door, use the "if you have nothing to hide" argument, said Firstbrook. "However, there are a number of private details that everybody has that they don't want exposed and just having a surveillance state can change the way people converse and behave."

Publicly, the technology firms of Silicon Valley have remained rather quiet in the days since the attacks in Paris — none of the big companies CNBC spoke to would comment.

But behind the scenes, the discussion continues.