Modern field guide to security and privacy

Opinion: Why we all have a stake in encryption policy

Rapid advances in technology could soon turn science fiction notions of effortless encryption into a reality. But ensuring that we can trust that technology will take more public vigilance against government and corporate eavesdropping.

 

|
Pablo Martinez Monsivais/AP
FBI Director James Comey testified on Capitol Hill in September on cybertheats. Mr. Comey has warned that strong end-to-end encryption on consumer devices can harm terrorist and law enforcement investigations.

In William Gibson's latest novel, "The Peripheral," he imagines a future in which people have the ability to effortlessly encrypt spoken conversations in real time, in ways that are unbreakable to the artificial intelligences deployed by governments to eavesdrop on everyone.

It's a vision of the future that presents a timely thought experiment against the backdrop of government and law enforcement officials' calls for "backdoors" into encryption products, for use by government agencies with law enforcement and national security missions. And while the Obama administration recently stated that it would not pursue legislation to require these backdoors, the question is far from settled.

The encrypted conversation scenario remains, for now, well within the realm of science fiction, due mainly to the effortless nature with which Mr. Gibson’s characters deploy this technology. With a few exceptions, contemporary use of strong, end-to-end encryption is limited to those willing to put up with the complicated mechanics that most cryptographic tools require. There is nothing "effortless" about it.

Which is why, as director of New America's Open Technology Institute Kevin Bankston points out, the recent "apocalyptic" warnings by law enforcement of "going dark" are premature, at best. Law enforcement and other government agencies with an interest in civilian access to crypto technologies are rarely stymied by encryption, since criminals so infrequently deploy it. When it is used, there are often flaws in implementation that lets government agents bypass encryption without having to go through the trouble of actually deciphering it.

Thus, even the notional smart criminal runs into the same problems the rest of us do when we try to use encryption – it's complicated, it's nonintuitive, and when it's used incorrectly, it leaves open security holes that can be exploited. Until we reach something like Gibson’s effortless crypto, truly ubiquitous encryption is beyond our reach.

But if we extrapolate a future path based on the rapid advances in technology we have seen over the past few decades, we could quite easily make the case that effortless encryption is inevitable. This observation is not lost on those same government agencies calling for crypto backdoors, who now seek to establish law enforcement-friendly standards that can become fully baked into our legal system by the time we reach encryption ubiquity.

It is therefore worthwhile for everyone to start considering a world where effortless, ubiquitous encryption is possible, since advances in technology will one day likely force the question upon us. If we fail to meaningfully engage with our government on this level, we will waive our right to shape the domestic surveillance policies of this future. Thus, engage we must, starting with a solid understanding of the landscapes both before and behind us.

Which brings me to University of Washington School of Law assistant professor Ryan Calo's recent article. He argues that tech giants Apple and Google, who have implemented reasonably effortless versions of end-to-end encryption into some of their communication products, may be our best hope of resisting government surveillance. That is to say, if consumers ask for the sort of effortless encryption technology envisioned in Gibson's possible future, these demands could translate into market forces that would provide corporations with the incentives to build this technology in the face of government resistance.

My concerns – and I expect Mr. Calo's, as well – with this scenario are twofold. First, imagine that some future Apple or Google is the implementer of the effortless encryption, and we further assume that they have implemented this technology in such a way as to require all communication to be transmitted via their networks. In this case, courts may well hold that we have no reasonable expectation of privacy – in a Fourth Amendment context – in the information we voluntarily share with these companies. This aging doctrine has continued to roil in our courts, and has a direct effect on our ability to trust corporations to keep our data safe from warrantless government searches.

Second is the concern that emerges from the very basis of these corporate incentives. Governments can be quite effective at shaping market forces, and many of these same companies that might build our effortless encryption solution also realize significant benefits from government contracts. The first company to build effortless encryption may find itself left out when it comes to future government business. And corporations, as private actors, are not subject to the constitutional restrictions placed on government. Corporations will follow where the market leads them.

We are, of course, a nation that can effect change through the political process. And we can project a certain kind of power when we vote with our pocketbooks. But this issue is too important to the future health of an open and free society to trust it to either market forces or government bureaucracies.

What's at stake is our ability to privately converse, conduct business, associate, and otherwise communicate with our fellow citizens without the fear of unwanted snooping. We owe it to ourselves to carefully consider all of the costs and benefits as we prepare for the day when effortless encryption is more than just a thought experiment, so that we, as citizens, approach the conversation as informed stakeholders.

Jeffrey Vagle is lecturer in law and executive director of the Center for Technology, Innovation, and Competition at the University of Pennsylvania Law School. Mr. Vagle is also an affiliate scholar with the Stanford Law School Center for Internet and Society. Follow him on Twitter @jvagle.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: Why we all have a stake in encryption policy
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/1014/Opinion-Why-we-all-have-a-stake-in-encryption-policy
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe