Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
You’re From The Government? Come In!
“Encryption” generally conjures up images of clandestine communication between spies, saboteurs, hackers, and the mildly paranoid, often typing away furiously on a keyboard in a dark room until someone says “I’m in!”
The truth, however, is far more mundane. Almost everyone in the West — and certainly everyone reading this — uses some kind of encryption technology on a weekly, if not daily, basis. You may not be aware that you’re using it, but you’re using it nonetheless. If you like buying things on Amazon, doing your banking from home, or paying your bills from your computer, you rely on ubiquitous, relatively inexpensive, and strong encryption. Companies also use it in a myriad of other, equally mundane, ways that are essential to their business. Encryption makes the world go ’round.
Unfortunately, it’s also useful to those trying to make the world stop. That, understandably, has FBI Director James Comey worried. In order to help fight criminals and terrorists, Comey has been calling for greater cooperation between industry and the government on encryption. Specifically, Comey wants industry to design its encryption technologies to be quickly accessible to law enforcement and national security. Just last week, Comey testified before congress to that effect (from the NYT):
A spokesman for the F.B.I. declined to comment ahead of Mr. Comey’s appearance before the Senate Judiciary Committee hearings on Wednesday. Mr. Comey recently told CNN, “Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption.”
A Justice Department official, who spoke on the condition of anonymity before the hearing, said that the agency supported strong encryption, but that certain uses of the technology — notably end-to-end encryption that forces law enforcement to go directly to the target rather than to technology companies for passwords and communications — interfered with the government’s wiretap authority and created public safety risks.
It takes little imagination to see how such access could be incredibly useful in foiling criminals and terrorists. But, as Patrick G. Eddington points out via the Cato Daily Podcast, any means that allow the government to gain access to encrypted information also make it easier for malefactors to access as well. Adding an extra door to your house — no matter how well-locked — always makes it easier for someone unwanted to break in. As such, the government’s request for back-door access is not merely costly to encryption, but fundamentally at odds with its purpose.
If you go back to that NYT piece, you’ll see that industry figures are arguing forcibly that, if Comey’s requests are met, their businesses won’t work. Basically, their argument is that his desire to protect us from the malicious use of encryption — i.e., Islamic State or al Qaeda members sending each other coded messages about attacks, etc. — risks destroying innocuous-but-important use of the same technology for the rest of us.
So here’s the question: putting aside the legal matters for a moment — i.e., let’s just assume that it’s all constitutional — is it good policy for our law enforcement and national security agencies to have back-door access to all encrypted material? Put another way, should all commercial encryptors be legally required to share their methodologies with the government?
Published in General, Science & Technology
NO!
There is a rather obvious technical fallacy that encryption technology would only be developed under government guidelines, providing a key to government parties. There is absolutely nothing to prevent third parties outside US jurisdiction from delivering sound encryption technologies using widely documented algorithms available today. It’s unreasonable to assume that only US approved encryption would be used in the marketplace by legitimate or corrupt parties.
“Do not tell secrets to those whose faith and silence you have not already tested.” – Elizabeth I
This is exactly what people do when they transmit plaintext over the Internet.
Tom, how long before Comey and the administration take a page from Cameron’s efforts in the U.K.?
and this:
Wait a minute is not encryption basically DRM for all your copyrighted material? Under copyright law your material is automatically copyrighted when you write it. So the 1997 copyright law make it a federal crime to circumvent DRM protections. So the courts ruling is only about privacy law violations not copyright violations. So you you can always go after someone reading material you wrote if they break the encryption protecting that material.
I would need to look it up but I actually think the federal penalties for copyright volition under the 1997 law are a lot harsher than standard theft let alone privacy breach penalties.
Sure, and it’s stronger than that: encryption is the sealed envelope that others have analogized, and the government (for instance) must get a warrant to open the envelope, in most cases.
What Misthiocracy and I have been on about is the presence or absence of a presumption of privacy for unencrypted material: emails sent over third party networks, imagery posted to a Facebook under Facebook’s alleged privacy seal, unencrypted material sent as a necessary condition of doing business (email headers, for instance), and so on.
Eric Hines
No. It’s promoted as a convenience.
Yes, like similar attempts at weakening the populace for the benefit of police, it mostly just goes after the low hanging fruit: idiot/lazy criminals who didn’t go the extra mile. Problem is, vastly more non-criminals are casualties of such policies, which is why they must not be allowed.
And if I am not mistaken, security companies and police agencies are often very familiar with each other, and government agencies always remember those who helped them and those that didn’t. And I would bet that data security companies and the NSA have an even closer relationship.