Article Lead Image

Encryption backdoors aren’t worth the price

'We can, and we must, do better than this.'

 

Sen. Mike Lee

Internet Culture

Posted on Jan 8, 2016   Updated on May 27, 2021, 9:41 am CDT

There are no easy answers when it comes to keeping Americans safe and protecting civil liberties.

The American people have a right to be secure in their persons and property. Thieves need to be found before they steal again. Murderers need to be brought to justice. Terrorists need to be stopped before they launch an attack. In order to provide security, sometimes government needs to intrude on a person’s privacy.  

Today, Congress is being asked to infringe on individual privacy rights through a federal government mandate on device manufactures to include an encryption key for government use. I believe that those asking for this mandate have not shown that the potential benefits outweigh the costs to individual civil liberties.  

Our nation’s founders created a solid framework for balancing civil liberties with security interests. The Fourth Amendment secures citizens in “their persons, houses, papers, and effects” from unreasonable searches by the government. Applied by courts over many decades, the Fourth Amendment has served as a check on government power while still allowing the government to keep Americans safe.

Our nation’s founders created a solid framework for balancing civil liberties with security interests. 

Unfortunately, the Fourth Amendment cannot answer all of our civil liberty versus security balancing questions. In this technological era, Congress is often asked to provide the government new tools to make the job of protecting the American people easier. Some of these tools are worth the price in civil liberties lost. Many are not. The federal mandate for device encryption keys and backdoors is not worth the price.

Yes, there have been a number of times that law enforcement officials have been unable to penetrate encryption technology used by criminal suspects. But the best data we have shows the number of the incidents is fewer than a dozen compared to the hundreds of thousands of crimes that are investigated every year.

The simple fact is that technology has made it far easier for law enforcement to track, trace, and listen in on potential suspects, and we are all the better for it. But the instances where encryption technology have hindered law enforcement are few and far between.

Additionally, it is far from clear that such a mandate, as currently proposed, will deliver any of the security benefits that its proponents promise. Criminals could just choose to use foreign manufactured devices without an encryption backdoor or use apps that employ their own encryption technology, thus rendering the backdoor key into the device itself useless.

The federal mandate for device encryption keys and backdoors is not worth the price.

Even if it were possible to ensure that every device and every app could be penetrated, the drawbacks of a backdoor encryption mandate would still be more costly than people imagine.

First, any encryption key created for United States law enforcement could also be used by international hackers. Encryption is just math. It doesn’t care who uses it. If Apple is forced to create a backdoor to make it easier for the FBI to get into your iPhone, then they also made it that much easier for China’s Ministry of State Security to get into your phone too.

Second, any top-down encryption mandate forced on American tech companies would harm American innovation. To make any mandate workable, manufacturers would have to control not just the hardware on their devices, but also the software. This would make it all but impossible for hobbyists and start-up companies to tinker with gadgets in ways that allow for new innovations.

Finally, the economic costs of creating backdoors also weigh against a federal mandate. Encryption is currently one of the best tools that Americans and businesses can use to secure their transactions and their private information. Billions of dollars in online transactions rely upon end-to-end encryption each year. The security of those transactions and the transacting parties would be significantly compromised by this mandate.

We live in a dangerous world with an increasing number of threats facing the United States. Our Constitution grants the federal government broad powers to address these security challenges and defend the lives of American citizens. But it also places certain limits on the state, in order to safeguard civil liberties.

Any new national security policy must be judged in light of these twin responsibilities: protecting the lives and the liberties of the American people.

An encryption mandate imposed by the federal government fails on both counts. It would not substantially improve our national security agencies’ ability to protect the country, and it would jeopardize the American peoples’ liberties enshrined in the Fourth Amendment.

We can, and we must, do better than this. The future of security and our liberty depend on it. 

Sen. Mike Lee is a Republican from Utah. He is a member of the Judiciary Committee and serves as chairman of the Antitrust, Competition Policy and Consumer Rights Subcommittee. He has served in the Senate since 2011.

 Illustration by Max Fleishman 

Share this article
*First Published: Jan 8, 2016, 1:35 pm CST