This post comes in advance of this afternoon’s debate between Just Security contributors Andrew Weissmann and Peter Swire about Law Enforcement vs. SmartPhone Encryption at the New America Foundation in Washington, DC.
In response to Apple and Google’s announcements that they would encrypt their smartphones by default, former FBI General Counsel Andrew Weissmann recently argued in Just Security that “Congress needs to assess whether the growing inability to access such means of communication, with a court order, is coming at too great a cost.” He emphasized “the vital role lawful electronic interception plays in thwarting crime – including devastating terrorist attacks.”
I look forward to debating Weissmann on this topic. I have been working on encryption and global communications policy since the 1990s, when I chaired the White House Working Group on Encryption in the months leading up to the Clinton administration’s announcement that it would (finally) permit export of strong encryption. My previous writings show a series of arguments against federal agencies’ claims that they need backdoors because new crypto and other technologies means they are “going dark.”
A more accurate image is what Kenesa Ahmad and I have called “the golden age of surveillance,” where such capabilities are greatly expanded compared to any previous period.
Government agencies have unprecedented access to our location information now that we all carry cellphones. The potential availability of information about our contacts, confederates, and conspirators has massively expanded, as all of our texts, emails, and social network postings are saved by communications carriers. In addition, there are myriad new databases that create digital dossiers about our lives. In addition, as I explain here, changing technology is pushing government agencies to go to cloud providers for law enforcement and intelligence purposes. Even if police have difficulty getting into a smartphone, the relevant evidence very often is available from the cloud provider. (See this piece by Chris Soghoian for more information about the enormous wealth of potential evidence held by cloud providers.)
If government agencies were offered the choice of current capabilities or pre-Internet capabilities, they would overwhelmingly prefer their surveillance abilities today.
The availability of such powerful tools for collecting information means that there is no emergency to justify the built-in surveillance back doors (or front doors) that FBI Director James Comey, and others in the US government, are pushing for.
Strong encryption is even more vital in today’s globalized world than during the crypto wars of the 1990s. If there are backdoors or limits on effective encryption, then the security of global communications is only as strong as the security in the “least trusted country” thanks to the interconnected nature of our global communications system. Other countries will demand the same backdoors available to the U.S. government, with consequent risks to human rights. When the FBI or other agencies argue for weak security, we should consider the effects of surveillance by these other countries, many of whom lack the legal safeguards in the United States.
It is for all of the reasons that the other members and I on President Obama’s Review Group on Intelligence and Communications Technology urged the U.S. government to strongly encourage the use of effective encryption in our 2013 report to the White House.
A core element of this debate is whether overall security is improved by building weaknesses into our cybersecurity defenses. My own views are consistent with leading technologists such as the report of the IEEE-USA Committee on Communications Policy and Susan Landau’s book about the risks posed by new surveillance technologies.
At the end of the day building surveillance back doors into our technology will threaten our security, not enhance it. To date, there has been a notable lack of rebuttal from technologists supporting FBI Director Comey’s views.