Article Lead Image

Magharebia/Flickr (CC BY 2.0)

The FBI can’t win the war on encryption

Weakening encryption won’t solve ‘going dark,’ so why does the FBI want it?


Robyn Greene

Internet Culture

Sparks flew at this week’s Senate Judiciary Committee’s hearing on FBI oversight—especially around the topic of encryption. Among other topics, the hearing covered the efficacy of a policy to mandate encryption backdoors and the security implications of such a scheme. FBI Director James Comey made some surprising statements that will likely change the backdoor debate, if not end it altogether—eventually.

One of the most notable exchanges was between Comey and Sen. Mike Lee (R-Utah), where the senator pointed out that even if the United States outlawed unbreakable encryption, criminals and terrorists would still be able to obtain it from foreign developers and manufacturers, and so outlawing end-to-end encryption in the U.S. would not solve the “going dark” problem. Comey’s response was clear: “That’s right…there’s no way we solve this entire problem. Encryption is always going to be available to the sophisticated user.”

He then rolled back his admission, arguing that requiring a backdoor in the U.S., especially if done in coalition with other countries, would “solve a big chunk” of the problem. But that just doesn’t square with reality. His biggest concern is with sophisticated criminals and terrorists going dark, and yet he’s already acknowledged that anyone who is motivated to will always be able to access strong encryption, regardless of what U.S. or international policies are.

There are simply too many open-source encryption options available on the Internet that could be accessed regardless of a mandated backdoor. No international coalition short of a global ban on encryption would do the job—and it’s far from clear how such a ban would ever be implemented. The toothpaste is out of the tube, and has been for millennia. So in the end, the biggest effect that undermining encryption will have is to expose average citizens – possibly around the world—to cyber threats and crimes that they might have otherwise been protected from.

When you boil it all down, encryption is just math, and you can’t outlaw math. 

Comey also spent a lot of time during the hearing objecting to the term “encryption backdoor.” This is a red herring complaint—he doesn’t like the optics of asking for a “backdoor,” but it’s important to be clear on this point, it doesn’t matter what you call it—backdoors, front doors, golden keys, exceptional access, or a magic rainbow unicorn key—it always boils down to the same thing: a vulnerability in encryption.

This is why it was so surprising when Comey proclaimed that his extensive conversations with the tech industry had left him sure that creating law enforcement access to encrypted communications (building a backdoor) is “not a technical issue.” This is completely contradictory to what technical experts have been saying for decades.

Cryptographers settled this question during the Crypto Wars of the’90s and revisited it after Comey reinstigated the debate over Apple’s and Google’s announcements that they would provide default encryption on their smartphones to protect any data stored on them. Some of the world’s leading cryptographers again investigated whether it was technically possible to securely create access for law enforcement to encrypted communications without also creating a means of access for unintended parties, such as hackers or nation-state actors.

Their award-winning paper came to an unequivocal conclusion: “The damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago,” because of how dependent our economy and everyday lives are on the Internet and on encryption. The effects of weakening encryption would be devastating.

No government policy that prohibits companies from providing end-to-end encrypted devices or services to their customers will keep strong encryption out of the hands of the public.  Terrorists, criminals, or just an average Joe or Jane who is worried about their security and privacy will still be able to access and use end-to-end encryption because of the nature and ubiquity of the Internet—and the fact that when you boil it all down, encryption is just math, and you can’t outlaw math.

This begs the question: Why weaken the security of everyone if it fails to solve the problem Comey is attempting to address?

To be clear though, while this issue seems like it should have been put to bed ages ago, we’re not done with it yet. Sen. Dianne Feinstein (D-Calif.), the vice chair on the Select Committee on Intelligence, announced that she and Sen. Richard Burr (R-N.C.) will be introducing some kind of encryption legislation next year. So suffice it to say, anyone who cares about their privacy and security should keep their eyes peeled.

Robyn Greene is the policy counsel for the Open Technology Institute at New America Foundation specializing in issues concerning surveillance and cybersecurity. Prior, she worked at the American Civil Liberties Union’s Washington legislative office, where she focused on legislation and administration policies concerning surveillance, cybersecurity, government secrecy, and federal law enforcement oversight, and also ran issue-based grassroots advocacy campaigns with Grassroots Campaigns, on behalf of non-profit organizations including Amnesty International and the ACLU. She earned a B.A. in government and politics at the University of Maryland, and a J.D. from Hofstra University School of Law.

 Image via Magharebia/Flickr (CC BY 2.0) 

The Daily Dot