(I was going to add this to the book at the last minute, but decided to make it a blog post instead.)
Some politicians and many top people in the intelligence community are railing against the enhanced security measures coming into the mainstream as a result of the Edward Snowden bombshells. They say that communications are “going dark”, preventing the “good guys” from finding the “bad guys”. For example, the director of the FBI has proclaimed that by encrypting the contents of their iPhone, Apple is allowing its customers to place themselves “above the law” – the implication being that you have no right to privacy, at least not where law enforcement is concerned. Basically, the law enforcement and intelligence agencies would like privileged access to all encryption – a “back door”. They feel that their need to snoop on everyone in hopes of ferreting out the few bad guys trumps any individual’s privacy. They claim that there are checks and balances in place, and that these back doors will not be abused. Though we, as ordinary citizens without security clearances, will have no way to audit them, it’s okay because they will audit themselves.
What you may not know is that this battle has been raging for decades. During the Cold War, strong encryption was classified as a “munition” and was highly restricted – though at the time, encryption was really only used by the military, so no one really noticed. Later, as financial institutions and big businesses began to need strong encryption for their digital data and transactions, the government began to issue licenses for using this technology on a case-by-case basis. However, with the advent of the personal computer and electronic commerce in the 1990’s, it became clear that everyone needed access to this essential technology. This cause was championed by a group of people who called themselves “cypherpunks” and is documented in the book “Crypto”, by Steven Levy. In the end, they convinced the US government that access to strong encryption was essential, and the restrictions were lifted.
At the time, it was viewed as a major victory. However, in the background, the intelligence agencies simply changed tactics – instead of trying to restrict the use and export of strong encryption, they decided to actively try to undermine and weaken the technology – allowing them to break it. This was revealed by Edward Snowden in a huge pile of documents that he turned over to reporters in early 2013.
The intelligence and law enforcement communities believe that somehow they can create a back door that only they can enter. But the truth is that if you weaken something, then anyone can exploit that weakness, and that puts us all at risk. It would be like forcing lock makers to design locks that can easily be picked using a supposedly secret technique. There’s just no way to guarantee that that technique will not be discovered and exploited by someone else, particularly if it becomes known (or even suspected) that such a technique exists.
We can and should debate where the line should be drawn between the need for privacy in a democracy and the need for special, highly restricted access by law enforcement. But deliberately hobbling encryption technology is not the answer and puts everyone at risk.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!