Yesterday was a full day of techno-centric fun with the Senate convening a number of committee hearings on the issue of encryption. But the purported reason behind these hearings – a full and informed debate on the merits of regulating encryption technology – was merely a façade for giving the government another bite at the encryption apple they failed to nibble away almost a quarter century ago.
Back in May, the Niskanen Center and other partners penned a letter to President Obama, urging him to “reject any proposal that U.S. companies deliberately weaken the security of their products … [and] instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology.” The hearings today showed a strong push against those requests from Deputy Attorney General Sally Yates and FBI Director James Comey.
While both Yates and Comey pointed out that “encryption is a great thing,” their concerns over portions of the Internet “going dark” led them to conclude that a “better balance between privacy and security” needed to be achieved. Specifically, while they adamantly denied they were requesting legislation mandating the installation of backdoor access points into hardware and software, Yates argued that it was necessary for companies to maintain the ability to respond to lawful court orders, lest “critical information become warrant proof” due to unbreakable encryption.
So instead of installing encryption backdoors accessible by government intelligence agencies, they requested for such “capabilities” to be controlled by private companies. Unfortunately, a security hole is a security hole, whether installed and maintained by the government or by corporations, and no amount of technical wizardry can make that hole accessibly only by non-malicious actors.
Though Comey has been making the argument for increased encryption controls couched in amorphous language like “terrorist threats,” “national security,” and concerns over ISIL members “beheading American citizens and soldiers” on the homefront, such fear mongering is nothing new. These are the same staid, stale talking points the government used throughout the 1990s when the Crypto Wars were playing out between the online libertarian-leaning Cypherpunk movement and various government agencies. In a recent Reason article, Andrea Castillo details this old battle, similarly noting that these arguments are nothing new, as the FBI and other government agencies fought long and hard to control and regulate encryption technology. Luckily, they failed, and the resulting dissemination has empowered the mass proliferation of online services that otherwise would be impossible, such as financial service transactions and online banking.
As Legal Fellow Mark Potkewitz noted in a TechFreedom press release from yesterday, “[t]he FBI is playing a tired political game … They will doubtless try to appear pragmatic and open to compromise. In fact, they’re recycling their playbook from the 1990s … while failing to substantiate their vague, alarmist claims about part of the Internet ‘going dark.’” Echoing Potkewitz’s sentiments, Abigail Slater, Vice President of Legal and Regulatory Policy at the Internet Association, released a statement arguing that “[p]roposals to mandate weakened encryption would undermine security and end user confidence in the Internet without any clear national security benefits.
We must also bear in mind that any effort to attempt an end-run around encryption is only likely to produce unintended consequences we cannot yet fully comprehend or foresee. Additionally, the nature of the Internet as a platform for constant innovation cannot be ignored in the context of this debate. If online encryption is weakened or mandated to contain backdoor protocols for companies to access, the only thing that is certain is that the economic, and social, ramifications will be profound.