‘Exceptional Access’: legal frameworks, technology & trust

Open sesame!

Legal frameworks are hard

One of the hardest parts (if not the hardest) of the exceptional access debate is the cross-jurisdictional legal capabilities required to make it possible and the nuanced application when actually trying to do it.

Technology problems are easy

In the exceptional access debate, the prominent technology ideas are fairly simple in concept (and likely in practice).

Earning (and keeping) trust is hard

We implicitly place a lot of trust in application developers & platform operators

Apps such as WhatsApp, Facebook Messenger and even Signal only tell you what they do — actually knowing what they are doing is very hard.

Governments & law enforcement

For a variety of reasons the public at large may be already distrusting of government and law enforcement on a variety of topics.

Mythbusting

“They want to break encryption”

No, they do not.

“WhatsApp, Signal (etc) would be rendered insecure”

Highly unlikely — unless the mechanisms are implemented incredibly poorly (which would be the app developer’s or platform operator’s fault or choosing)

  • “writing decent code so security isn’t undermined by trivial vulnerabilities
  • making sure there’s appropriate independent vetting of critical code before it’s added to the product
  • protecting development networks so they know what’s really in the product and that it hasn’t been covertly modified by some external malfeasant
  • protecting critical security artefacts like code signing keys”

“This is a backdoor for anyone else to abuse”

Only if poorly implemented in server/client software by the application developer and/or platform operator.

“This is mass surveillance”

Adding a party to a conversation requires identifying that conversation and/or at least one existing participant within — and one hopes the legal basis is existing material suspicion (in that it is more than a hunch or a ‘see what we get’ collection exercise).

So, where does this put us?

Legal frameworks

Within FVEY, Australia made the first move with TOLA (Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018) and there has been significant backlash.

Technology

This isn’t about busting encryption so as far as the technology propositions go — I’m happy to leave it there until I hear something that doesn’t make any sense.

Trust

Ultimately the question of whether you trust law enforcement, governments, application developers and platform operators to come up with, implement, stick with and monitor a ‘good idea’ is something only you can answer — my only ask is that you weigh both sides with a logical brain and a pragmatic lense.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joel Samuel

Joel Samuel

The thin blue line between technology and everything else. joelgsamuel.com