It’s been a busy year so far on the encryption front. A California court ordered Apple to provide the FBI with a tool to break into one of the San Bernardino terrorist’s iPhone. Apple CEO Tim Cook hit back, saying that Apple shouldn’t be forced to destroy its users’ data security. Reps. Ted Lieu (D-Calif.) and Blake Farenthold (R-Texas) proposed federal legislation that prohibits states from unilaterally restricting Americans’ ability to encrypt their data, at least until the national debate is resolve. Sen. John McCain (R-Ariz.) argued for legislation mandating that companies “adopt technological alternatives that would allow them to comply with lawful requests for access to content.” Yet forcing companies to remove encryption, ostensibly to hunt criminals and terrorists, technically dangerous, and harmful to Americans, businesses, and the economy.
In this debate, the United States government has not been speaking with one voice about encryption. Some of the strongest arguments against weakening strong encryption have come from security-minded federal agencies that share the concerns of the American technology community.
Michael Hayden, the former head of the National Security Agency, argued in January that “end-to-end encryption is good for America.” His argument is that encryption improves the overall security of American citizens and keeps them safe from other threats, including hacking and widespread monitoringby other governments’ intelligence agencies.
Hayden is not alone. Terrell McSweeny, a Federal Trade Commissioner, opposed weakening encryption at a recent U.S. Chamber of Commerce event on consumer data security. The commissioner argued that weakening encryption poses serious risks for consumers as well as businesses. Mandating an encryption backdoor, she said, would damage consumer data protections and undermine trust in the Internet economy.
Mandating encryption backdoors for American technology companies is unlikely to improve the overall security environment, she argued, because encryption tools produced abroad would be unaffected by American legislation. Meanwhile, domestic consumers and businesses relying on weakened encryption will be left more vulnerable than ever to bad actors. Believing that weakening encryption in the United States would produce better security is “magical thinking.”
Americans are increasingly worried about protecting their digital information, and do not believe that most entities handling their data will keep it safe. Given the growing importance of the digital economy in the United States—and the growing number of tools, applications, and devices that connect to the Internet—we should not be hindering the ability of individuals to protect themselves. Without strong digital protections, Americans could see increased identity theft, compromised online banking and social media, growing risks to online shopping, and even criminal infiltration of home security systems. Since people remain the weakest link in effective cybersecurity, national cyber safety will rely on supporting and promoting tools that can help Americans take their security into their own hands.
The government should focus on education and best practices, starting with its own agencies. Commissioner McSweeny added that the conversation about cybersecurity would benefit by bringing more technical experts into the administration and Congress. Many people with technical knowledge are skeptical that weakening encryption will make Americans more secure. Lieu, one of the few computer experts in Congress, has argued that the push to mandate encryption backdoors is “technologically stupid,” pointing out that there’s no way to prevent bad guys from exploiting this built-in weakness for their own ends.
A better understanding of how encryption works, and how it contributes to security, online and off, is badly needed in both business and government. A rush to fight terrorism and crime by weakening encryption risks eroding consumer trust in online banking and commerce, undermining one of the most vital parts of the American economy without delivering any clear gains in security. Standing for strong encryption doesn’t help the bad guys, but it is good for business and security. Congress should support legislation that allows Americans to protect themselves, not undermine the protections that they desperately need.
Op-ed by Joshua Hampson; originally published in The Hill