Last week, FBI Director James Comey once again campaigned for “backdoors” into the encryption programs of tech companies.
“Tech execs say privacy should be the paramount virtue,” he told the House of Representatives Appropriations Committee. “When I hear that, I close my eyes and try to imagine what the world looks like where pedophiles can’t be seen, kidnappers can’t be seen, [and] drug dealers can’t be seen.”
The United States government is playing to fear, uncertainty, and doubt. The reality is the government already collects a tremendous amount of personal data about its citizens through the location data our phones give away, National Security Agency metadata programs and online shopping habits without our consent.
Encryption is how privacy-conscious Internet users fight back against the unblinking eye of government mass surveillance and protect themselves online. Even if the NSA can break some encryption technologies, we’re at least making it harder and more expensive for them to track law-abiding citizens en masse. When Comey asks for backdoors, he is really just asking to make his job easier—with dubious benefits and very serious risks.
We must protect encryption because backdoors are inherently insecure.
A backdoor is a deliberately introduced security vulnerability into an otherwise secure ecosystem. The Federal Bureau of Investigation is trying to misdirect the public into believing the existence of some magically secure, abuse-proof backdoor. That may be possible in theory; however, in the real world, it quite simply is not. Doing encryption correctly is hard enough without Comey or the NSA requesting backdoors. Far more accomplished cryptography experts than I will tell you there is no such thing as a secure backdoor.
Backdoors are based on knowledge. Whoever knows the secret knock can open the secret door, but the door doesn’t care who knows the secret knock. The problem with secrets is that they eventually become known outside their intended circle. If the FBI (or anyone else) had backdoors into all encryption technologies, they would become the target of every spy agency and malicious hacker on the planet. Once the secret knock was hacked, leaked, accidentally posted, or made known through sheer incompetence, anyone—FBI or otherwise—could use it.
We already have evidence that backdoors built for good guys are routinely used by the bad guys. In 2010, Chinese hackers subverted a Google Gmail system designed to comply with U.S. government surveillance requests. The bad guys can and do steal golden keys.
Let’s pretend, despite everything the experts tell us, that somehow it were possible to design a backdoor that would open encryption without being exploitable by hackers and criminals. We’d still be at the mercy of the FBI and NSA, organizations that would access and analyze the data of its citizens without their knowledge and without due process.
Encryption is not a barrier to national security. Golden Frog, where I serve as president, and others in the tech community that care about online privacy, are not anti-law enforcement. We are not interested in jeopardizing national security. We believe in protecting the customers who rely on us to secure their Internet connection, which in turn ensures that the data they send and receive is encrypted and safe from prying eyes. That data belongs to them; it’s their property. It doesn’t belong to us, an Internet access provider, or the government.
The government doesn’t need a golden key to decrypt everything. If you want the data, don’t ask for a backdoor. Instead, get a warrant and come through the front door. We need due process, probable cause, a real judge, and a warrant—not backdoors.
When Comey talks about encryption, he makes it sound as if the bad guys are using a super tool to avoid detection by law enforcement. This is a perception that we all need to work together to change. Using encryption does not mean you have something to hide.
At last year’s South by Southwest Interactive Conference, NSA whistleblower Edward Snowden said, “Encryption works.”
He’s right: It’s a best practice for giving yourself a reasonable level of online privacy and security. Encryption is a form of self-defense. Privacy-conscious people use it to protect their Internet communications and private information from hackers as well as government and corporate intrusion. Businesses encrypt confidential and proprietary information such as trade secrets and customer data.
If you encrypt your digital communications, you should be celebrated. You’re fighting the good fight. You should not draw suspicion from the FBI or NSA. In the same way that firearms are synonymous with the Second Amendment and protecting yourself, using encryption to protect your data should be a fundamental right. Encryption is the Second Amendment for the Internet.
Sunday Yokubaitis is the president of Golden Frog, a company that fights for online privacy and to open up a free and secure Internet for people around the world.
Illustration by Max Fleishman