Middle ground in encryption debate is difficult to find
No middle ground seems to exist in the ongoing debate over how law enforcement access to encrypted communications would play out in the United States and other countries.
On one side of the debate, the FBI and other law enforcement agencies want better access to the digital communications of suspected criminals. On the other side, privacy advocates and technology experts say there’s no way to build work-arounds into encryption without exposing the protected data to outside hackers.
There are alternative systems to end-to-end encryption, but they aren’t nearly as secure, cryptographer Bruce Schneier says. Any compromise in the encryption debate has to ask the question, “Do you want more or less security?” he says. “If you believe that security is essential against criminals and foreign governments and terrorists and all those other bad guys, then you have to have strong encryption that no one can break.”
Yet, some observers of the encryption debate say there may be room for compromise. Encryption can take many forms, and there are other ways to protect devices. Smartphone makers Apple and Google could, for instance, encrypt their customers’ data traffic, but also maintain a database of customer communications to which law enforcement agencies can gain access, with a court-ordered warrant.
“There are always trade-offs between liberty and security, but the fact is that Americans are much more likely to be the victims of cyberattacks than terrorist attacks.” — Tom Struble, policy counsel, TechFreedom
Separate encryption systems exist for some Apple and Google services, notes Ryan Hagemann, technology and civil-liberties policy analyst at The Niskanen Center, a Libertarian think tank. For example, Gmail is encrypted in transit, then decrypted upon arriving on Google’s servers. Police, through legal process, then have access to Gmail messages.
If law enforcement agencies gain the ability to unlock suspected criminals’ smartphones, some observers say, they may accept that they can’t access encrypted data in motion.
FBI Director James Comey has urged tech companies to create secure systems that give law enforcement access during criminal investigations.
“I think Silicon Valley is full of folks [who] have built remarkable things that changed our lives,” Comey said during a Congressional hearing in July. “Maybe this is too hard, but given the stakes… We’ve got to give it a shot.”
Leaving the backdoor to encryption wide open
But any encryption system that gives law enforcement agencies access also opens a backdoor for hackers, encryption experts and privacy advocates say.
“There’s no such thing as a data security vulnerability that only the good guys can access,” says Tom Struble, policy counsel at TechFreedom, another Libertarian think tank. “If our government forces companies to undermine their own security, that will allow cybercriminals, foreign governments, and others to exploit the vulnerabilities.”
Struble called on President Barack Obama to support strong encryption and “rebuke” his top law enforcement officials for calling for encryption backdoors.
“There are always trade-offs between liberty and security, but the fact is that Americans are much more likely to be the victims of cyberattacks than terrorist attacks,” he says. “Sacrificing our cybersecurity in the name of fighting terrorism is a terrible trade-off.”
If the U.S. demands access to encrypted communications, dozens of other countries won’t be far behind, privacy advocates suggest. Encryption systems can’t pick and choose which outsider has access and which one doesn’t, Schneier says.
“There’s no way I can build a system that operates differently, if there’s a certain piece of paper nearby signed by a judge,” he says. People could build a “system that has this insecurity of third-party access,” he says, “but do you want to build that?”
Some critics have argued that Apple and Google have pumped up their smartphone encryption as a way to keep governments out, following revelations of mass surveillance by the U.S. National Security Agency. That’s fine with Schneier, a critic of the NSA surveillance programs.
Restricting government access to digital communications is “a good thing,” he said. “If we didn’t do that, you couldn’t keep out Chinese government access.”