There’s a lot of debate going on right now about banning encryption. Now, some
people might refer to this as a backdoor or “providing government access” or
whatever term they’d like to use to discuss it, but as a security professional,
I see only one thing as encryption: the kind that’s completely unbreakable, even
by the FBI or the NSA or the Chinese government or anyone else. Anything else
is simply not encryption, as it does not guarantee your confidentiality. So,
I’m going to talk about banning encryption as equivalent to providing a
government backdoor or any of the other clever ways it’s being spun.
First, I want to talk about why banning encryption will fail. Encryption
software is a Pandora’s Box, and it’s already open. Attempting to ban all
encryption would work about as well as banning nuclear weapons, banning guns, or
banning drugs. The war on drugs alone is enough evidence that government bans
do not have meaningful impact, and that the people who are affected the most are
the innocent bystanders. Strong cryptosystems already exist, and attempting to
ban them will result in insecurity for the masses, but criminals will continue
to use the existing systems, resulting in no improvement in the ability to fight
crime.
Further, so long as any government supports liberty and freedom, there will be
other places to get their strong crypto. Even if companies in the United States
and the United Kingdom are prohibited from distributing strong cryptography,
there are nearly 200 other countries in the world where such software might come
from. So, we can assume that criminals will continue to have access to these
tools, while the legitimate users are deprived of their use.
So, if the US demands a back door in a previously-secure system, and the author
complies, then China comes along and demands a back door, we end up with a swiss
cheese of backdoors waiting to fall over. We know that governments can’t
secure their own
data,
so what makes us think they’ll be able to secure their keys for these systems?
America’s constitution is based on foundations of freedom and liberty, and it
seems we’ve been scared by our own politicans into giving up these freedoms.
Anonymity and privacy are critical to democracy – they allow minorities to
express their viewpoint without fear of retribution, they allow groups to
organize, and they allow whistleblowers to do so safely. Cases like the breach
of the Democrat donor
database
show how strong encryption could have protected privacy in the political
process.
According to Human Rights Watch,
“Strong encryption and anonymity are critical for protecting human rights defenders, journalists, and ordinary users in the digital age,” and the United Nations Commission on Human Rights states:
Encryption and anonymity, and the security concepts behind them, provide
the privacy and security necessary for the exercise of the right to
freedom of opinion and expression in the digital age. Such security may be
essential for the exercise of other rights, including economic rights,
privacy, due process, freedom of peaceful assembly and association, and
the right to life and bodily integrity. Because of their importance to the
rights to freedom of opinion and expression, restrictions on encryption
and anonymity must be strictly limited according to principles of
legality, necessity, proportionality and legitimacy in objective.
We’ve hit upon a critical era for society, and it’s important we don’t lose
sight of the freedoms and liberties that have built what we have and have made
America great. It’s because I believe in personal liberties that I support the
EFF and the ACLU, and consider
privacy my single most important issue in the 2016 election cycle.