Decrypting the encryption debate.
by Kate Dinnison
Encryption is essentially the process of turning information into code that prevents snoops, criminals, and spies from accessing it. Apps like Signal, Whatsapp, Aloo, Duo and Confide are bringing this technology to the masses but are posing problems to the aims of law enforcement and intelligence services worldwide. What we’re seeing today is an absolutist clash that is based on ideological binaries. Privacy and security are complicated ideas in the digital age, especially when faced with cases such as Apple vs. FBI in 2016.
After the San Bernadino shootings in December 2015, the encryption debate entered the public arena when the FBI submitted a federal court order for Apple to create code unlocking the iPhone of one of the shooters in order to obtain information for further investigations. An open letter to Apple from FBI director James Comey argued they do not desire to “break anyone’s encryption or set a master key loose on the land.” The security features of the iPhone software prevents the FBI from automatically testing passwords, or using “brute force” for risk of the device locking them out permanently. For a more technical explanation from a cryptographer, go here.
However, Apple and the anti-exceptional access camp worry that customers will lose faith in the security of their products. The risks involving building ‘back doors’ are varied, but the main arguments arise from economic comparative advantage and erosion of cybersecurity. For security, it could change the norm of having one-time use decryption keys, which protects past and future communications. Additionally, it would augment system complexity, whereby additional code creates new potentialities for vulnerability. Lastly, the storage of exceptional access keys by tech companies becomes a target for attack, risking high-volume theft of user data.
The questions posed by the encryption debate are therefore twofold:
- Do we desire a world of end-to-end encryption?
- Should authorities be able to still intercept decrypted signals while holding up security and privacy objectives?
Creating an internet where surveillance is technically impossible also forms a vast ungoverned space, which is appealing to the techno-anarchist type. Not only would your data be protected from state actors, but non-state criminal hackers. However, Benjamin Wittes, a senior fellow at the Brookings Institution urges one to, “consider the comparable argument in physical space: the creation of a city in which authorities are entirely dependent on citizen reporting of bad conduct but have no direct visibility onto what happens on the streets and no ability to conduct search warrants (even with court orders) or to patrol parks or street corners.”
As the encryption-security-privacy saga continues into 2017, more actors and cases will bring this subject to head. The case of Apple vs. FBI was unique because it involved domestic terrorism, which allowed the FBI to appeal to the public with a sense of urgency. But lawmakers and companies must think of the long-term implications over the immediate gains. James Comey ends his letter by saying: “And in that sober spirit, I also hope all Americans will participate in the long conversation we must have about how to both embrace the technology we love and get the safety we need.” Until then, it is likely we will see the public struggle over encryption on an ad-hoc and very partisan basis.