Yahoo's Security Chief On Encryption Debate: What Is The Greater Good?
The extremely high-profile dispute between Apple and the FBI has ushered in a new phase in the debate over the future of secure communications. Though many Americans still struggle with the technical implications of encryption, it's now a household word.
Bob Lord is a 20-year veteran of cryptography and communications security, a former head of security at Twitter and now chief information security officer at Yahoo. When he talks about encryption, he invokes the imagery of a whisper — this idea that you should be able to re-create the most private means of physical communication in the digital world as well.
Major companies, including Google and Yahoo, have been working on projects to adopt easy end-to-end encryption more widely — it's currently mostly available through special programs and on messaging services like WhatsApp or iMessage. Investigators are raising alarms that search warrants and subpoenas are becoming powerless over more of our digital lives.
Lord is visiting Washington this week to meet with lawmakers and talk about the realities of encryption. He sat down for an interview with NPR, and we talked about encryption for activists and average Joes and the greater good. The interview has been edited for length and clarity.
What's the decision-making process that goes into making that choice at a company like Yahoo, that you want to adopt encryption that would make data indecipherable even for you?
When we talk about encryption and we read about encryption in the news, it's often in the context of the Apple-FBI struggle. ... And that's an appropriate thing for us to have a national conversation about. There are other constituencies that we should also talk about.
There are human rights activists throughout the world who struggle to communicate freely, to organize and to share their thoughts because their governments are looking to control the telecom companies, the phone companies, they look to decrypt messages and in some cases they block the use of cryptography. These are real challenges. ...
[Many people live in] countries where they cannot speak freely, cannot share their feelings about being gay or share their views of the government freely. And so for them the ability to whisper to each other privately is not a theoretical thing or a small thing — it is everything to them.
I want to make sure we're talking about a broader range of places where encryption has changed the way things work. Yes, it's used by terrorists. It's also used by people who are looking to voice their opinions on issues and to save lives.
I'd also point out that those groups are relatively small. ... The vast majority of people are neither human rights activists nor terrorists.
I'm glad you bring that up. What happens to the rest of us, who don't fall into those categories?
There is a real danger, a growing danger, and the danger to these average people comes from a variety of different places. It can come from Eastern European criminal syndicates; it can come from foreign nation-states. And we should talk about the role that encryption plays in protecting those people when they try to communicate with their banks, with their doctors, with the government over tax issues.
I think it can be hard for an average person to imagine a foreign government or a criminal hacking ring really being after something I specifically am doing on an individual level. How does the ability of someone to read my email correlate with the ability of that person to mount an attack on, say, my health care provider?
Your mail account may be a trust anchor to other services. You may have password resets sent to your mail account, for example. ...
We've seen a number of interesting health care attacks in the last year. Some of them we can't entirely understand — there were some that didn't seem to be monetized, it didn't seem like the attackers started to make money on identity theft, which is what you'd expect them to do. And so we may conclude from that they either didn't bother, but that doesn't seem reasonable, or that their motivations might have been something different, it may have been nation-state kinds of attacks.
So your information does get swept up to these kinds of attacks, even if you think that you in particular are not worthy of a nation-state attack, even if you think you have nothing to hide, and even if you think you have nothing to protect.
But to echo our recent interview with Android's chief of security, what's the tangible benefit in going from the basic encryption that's relatively broadly adopted now to end-to-end encryption? How much safer does it make my data from something like that?
I guess there are two answers. We could walk through some threat models — threat modeling is the way we tend to think about things in the security community: What are the assets that you're trying to protect and from whom and under what circumstances.
The other is just that we as Americans tend to have this view that we should be able to speak privately. And that's fairly well-ingrained in the way that we're raised, and the way that we try to structure the government, and the reason why we make it so difficult for law enforcement to do certain kinds of things in this country — as permissive as we sometimes think that they are, the powers that we think may be overly broad, the reality is that compared to many countries, it's really quite specific and really quite well-regulated.
I do not share the sense of terror that people feel over the use of encryption, broadly speaking. It doesn't seem to me like this is going to become a problem that prevents law enforcement from doing their jobs in the long term.
And so I think there's a slant of this that says that the right for people to speak privately is truly a right, and it is part of the foundation on which we built a lot of our culture and institutions.
What I'm trying to get at is, what's the tangible benefit of end-to-end encryption versus the encryption that Yahoo already has? Are you effectively just trying to just stay ahead of the bad guys or is it a truly groundbreaking and necessary change in how you think about encryption?
I'll give you an example from history. SSL ( Secure Sockets Layer protocol) was invented at Netscape — I used to work at Netscape — it was invented to protect you from man-in-the-middle attacks when there was really no credible way a man could get in the middle. There was no Wi-Fi, that had not yet been invented, there were no coffee-shop hotspots. ...
We knew that it was going to be important to protect your communication from your desktop computer. It was there to protect those communications between your desktop and your bank. And we saw many merchants not using SSL, and I'm unaware of any major theft of credit card numbers during that time. It was a little bit ahead of the problem.
Many technologies take a while to incubate before they're ready for prime time. The time to start developing them isn't the time when the danger is hitting people over the head and causing mass strife. The time to invent these technologies, to standardize on them, to shake out the bugs, to get the usability issues under control is slightly in advance of the manifestation of the massive problem. We don't want to be in a situation when people say, why isn't anybody doing anything about this? ...
That's part of it. But I wouldn't underestimate — the number of people who do live in the troubled parts of the world is large. It's a large percentage of people who live in the countries where they cannot speak freely, cannot share their feelings about being gay or share their views of the government freely. And so for them the ability to whisper to each other privately is not a theoretical thing or a small thing — it is everything to them.
I think a challenge in the U.S. is the juxtaposition of that argument of existential challenges faced by foreigners against the inability, as presented by the law enforcement community, to investigate crimes that are closer to home.
And it is a struggle for us because we are an international company, as most of the providers that you have been talking to are — they work on a global scale. ... There are a lot of people that we care about who are not U.S. citizens as well. ... People on this global stage are thinking a little bit differently.
One middle-ground suggestion we've heard is this concept of "lawful hacking," this idea that the FBI and local law enforcement should step up their tech game and try to catch up to the tech community instead of counting on the tech community to slow down. Is that a plausible or comfortable solution?
That's certainly not a comfortable solution. When law enforcement gets into the business of hacking in, you create really strange dynamics and really strange incentives. ...
I don't doubt that that will be a bridge to whatever we end up with, or a bridge to the next bridge to the next bridge. But it is not a comfortable place for us to be, where we start treating law enforcement like the enemy, and that's kind of where that starts to go. ...
What other options do you see for law enforcement? You want to build encryption as secure as possible, which means no built-in vulnerabilities and also means at some point, you might not be able to help investigators even if you wanted to comply with a court order. But you also don't want to be in a dynamic where you're chased both by criminal hackers and the law enforcement hackers. What else is there?
The question is: Is everything moving to a place where encryption is used and it thwarts law enforcement? Or are we talking about, in the grand scheme of things, a fairly modest number of places? I don't know the answer to that, but I do not share the sense of terror that people feel over the use of encryption, broadly speaking. It doesn't seem to me like this is going to become a problem that prevents law enforcement from doing their jobs in the long term.
Some of them say it already does, predominantly with phones.
I think the question is: Is that realm that is challenging for them to use in the course of investigation ... expanding without bound? Will it encompass all digital communications? I think the answer is no. I don't think that everything is going to become a major obstacle to law enforcement. ...
So yes, are these phones creating challenges? Yes, I absolutely believe that that's the case. ... The other thing that we should talk about, to counterbalance that, is what is the greater good? ...
I think that these technologies are, on the whole, the ones that are going to give us greater comfort that our lives are going to be secure from ongoing threats, both domestically and abroad. The incentive structure for people to steal your money, to steal your identity is so powerul. And the ways that they go about it can range from the mundane, from the "You've got to be kidding me, that worked?" to "Oh my God, that was absolutely brilliant and I'm stunned that they were able to link all these pieces of the attack together."
So the question is, what is the right thing for the largest number of people under the largest number of circumstances, and that's where I think perhaps we have some element of a disconnect. And that's where I'd like to see more of the conversation head.
Copyright 2020 NPR. To see more, visit https://www.npr.org.