Banning Encryption Will Fail... And It's a Bad Idea, Too23 Mar 2016 in Security
There’s a lot of debate going on right now about banning encryption. Now, some people might refer to this as a backdoor or “providing government access” or whatever term they’d like to use to discuss it, but as a security professional, I see only one thing as encryption: the kind that’s completely unbreakable, even by the FBI or the NSA or the Chinese government or anyone else. Anything else is simply not encryption, as it does not guarantee your confidentiality. So, I’m going to talk about banning encryption as equivalent to providing a government backdoor or any of the other clever ways it’s being spun.
First, I want to talk about why banning encryption will fail. Encryption software is a Pandora’s Box, and it’s already open. Attempting to ban all encryption would work about as well as banning nuclear weapons, banning guns, or banning drugs. The war on drugs alone is enough evidence that government bans do not have meaningful impact, and that the people who are affected the most are the innocent bystanders. Strong cryptosystems already exist, and attempting to ban them will result in insecurity for the masses, but criminals will continue to use the existing systems, resulting in no improvement in the ability to fight crime.
Further, so long as any government supports liberty and freedom, there will be other places to get their strong crypto. Even if companies in the United States and the United Kingdom are prohibited from distributing strong cryptography, there are nearly 200 other countries in the world where such software might come from. So, we can assume that criminals will continue to have access to these tools, while the legitimate users are deprived of their use.
So, if the US demands a back door in a previously-secure system, and the author complies, then China comes along and demands a back door, we end up with a swiss cheese of backdoors waiting to fall over. We know that governments can’t secure their own data, so what makes us think they’ll be able to secure their keys for these systems?
America’s constitution is based on foundations of freedom and liberty, and it seems we’ve been scared by our own politicans into giving up these freedoms. Anonymity and privacy are critical to democracy – they allow minorities to express their viewpoint without fear of retribution, they allow groups to organize, and they allow whistleblowers to do so safely. Cases like the breach of the Democrat donor database show how strong encryption could have protected privacy in the political process.
According to Human Rights Watch, “Strong encryption and anonymity are critical for protecting human rights defenders, journalists, and ordinary users in the digital age,” and the United Nations Commission on Human Rights states:
Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age. Such security may be essential for the exercise of other rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity. Because of their importance to the rights to freedom of opinion and expression, restrictions on encryption and anonymity must be strictly limited according to principles of legality, necessity, proportionality and legitimacy in objective.
We’ve hit upon a critical era for society, and it’s important we don’t lose sight of the freedoms and liberties that have built what we have and have made America great. It’s because I believe in personal liberties that I support the EFF and the ACLU, and consider privacy my single most important issue in the 2016 election cycle.