April 28, 2015
Tomorrow, OTI Policy Director Kevin Bankston will testify before the House Committee on Oversight and Government Reform’s Subcommittee on Information Technology about encryption and potential U.S. policy responses. In his statement, Bankston will argue against recent suggestions from high-profile figures like the FBI Director and the Manhattan District Attorney that Congress should legislate to limit the availability of strongly encrypted products and services. Drawing upon lessons from both the past and recent events, he articulates ten reasons why Congress should not require that companies build surveillance “backdoors” into their systems to preserve the government’s ability to obtain plaintext copies of encrypted data.
1. Surveillance backdoors were already rejected as a policy approach two decades ago, including by Congress.
In the 1990s, American policymakers faced a similar debate during a period often referred to as the “Crypto Wars,” where the Clinton Administration battled against privacy advocates and the technology industry to limit the spread of strong encryption both within the United States and overseas. One conflict was over the U.S. government’s attempts to promote so-called “key escrow” solutions—such as the much-maligned “Clipper Chip” technology—in which the government or a trusted third party would hold master keys that could decode any encrypted communications. The other conflict was over the U.S. government’s attempts to restrict the proliferation of strong encryption products overseas by treating them as munitions subject to export controls. After a groundswell of opposition from privacy advocates, industry representatives, and prominent politicians, the Clipper Chip and subsequent commercial key escrow proposals were abandoned, while the Clinton Administration gradually relaxed export restrictions on products containing strong encryption.
The victory in the Crypto Wars reflected a growing realization that, as Representative Bob Goodlatte argued in 1999, “Only by allowing the use of strong encryption, not only domestically but internationally as well, can we hope to make the Internet a safe and secure environment.” Indeed, by the time the Crypto Wars ended, a majority of House members had signed onto Goodlatte’s Security and Freedom Through Encryption (SAFE) Act, which would have reaffirmed Americans’ right to distribute and use strong encryption, barred the government from mandating the use of key escrow technologies, and allowed for the export of strong encryption.
2. It would seriously undermine U.S. cybersecurity.
The endless string of high profile data breaches last year demonstrated the acute cybersecurity challenges that we are currently facing in the United States. And since the recent crypto controversy began last September, every technical expert that has spoken publicly has concluded that it is impossible to devise and implement a real-world system that provides government access to data stored on encrypted device or end-to-end encrypted communications without compromising its security against hackers, industrial spies, and other malicious actors. No matter what you call it, mandating guaranteed government access to encrypted data opens us up to a variety of new cyber-threats. Even the chief cybersecurity adviser to the Commerce Department’s National Institute of Standards and Technologies has publicly admitted that when it comes to designing a secure ‘key escrow’ system where the government has access to a master decryption key that can’t be subverted by other attackers, “[t]here’s no way to do this where you don’t have unintentional vulnerabilities.”
3. It would cost the American economy untold billions of dollars.
The sheer complexity and cost of implementing a key escrow scheme at the scale of the current Internet would cost American technologies billions of dollars — not to mention the additional billions that would be lost as consumers worldwide lost confidence in the security of American computing products and online services. Requiring that American companies provide the U.S. government with the technical capability to decrypt their users’ data would compound the already significant economic impact of the Snowden revelations. Backdoor mandates would give foreign users — including major institutional clients such as foreign corporations and governments — even more incentive to avoid American products and give their business to foreign competitors instead.
4. It would not succeed at keeping bad actors from using unbreakable encryption.
Encryption technology is nearly ubiquitous today, and much of it — like PGP and TrueCrypt — is free and open source. A government mandate prohibiting U.S. companies from offering products or services with unbreakable encryption is of little use when foreign companies can and will offer more secure products and services, or when an independent coder anywhere on the planet has the resources to create and distribute free encryption tools. As former Homeland Security Secretary Michael Chertoff bluntly explained earlier this year, “[T]hat genie is not going back in the bottle.”
5. Surveillance backdoors are not necessary to keep us safe from criminals — but strong encryption is key.
So far, the opponents of strong device encryption have failed to offer any compelling examples where encryption seriously hindered a criminal investigation or prosecution. Indeed, rather than “going dark,” there’s good reason to believe that thanks to the growing role played by digital technology in nearly all aspects of our lives, law enforcement is in the midst of a “golden age of surveillance.” Police officers and intelligence agents can access more data about what we say, where we go, what we do, and with whom we associate and communicate than ever before. Intelligence officials have acknowledged that metadata about private communications can tell them just as much — if not more, in some cases — than the actual contents of those communications. And with the rise of the “Internet of Things,” this golden age promises to get even brighter for law enforcement in the next few years.
On the other hand, widespread use of strong encryption makes us all safer, especially when it comes to smartphones. With a growing epidemic of smartphone theft (according to Consumer Reports, 3.1 million smartphones were stolen in the U.S. in 2013, nearly double the number stolen in 2012), encryption can help shield the vast amount of personal information stored on those devices and protect against identity theft and other kinds of fraud. That’s why even the FBI itself advised consumers with smartphones to turn on their encryption (until they abruptly changed course and deleted that advice from its website last month).
6. It would undermine — and turn on its head — the Fourth Amendment right to be secure in our papers and effects.
The Fourth Amendment gives individuals the right to be secure in their papers and effects, prohibiting unreasonable searches and seizures and requiring that any warrant authorizing such a government invasion be issued by a court based on a showing of probable cause. Recent Supreme Court cases like Riley v. California have argued that the need for vigorous enforcement of that right has become even more acute in the context of powerful digital technologies. The court did not pretend that requiring warrants for searches of cellphones seized incident to arrest did not risk diminishing law enforcement’s effectiveness — it simply recognized that allowing warrantless searches posed an even greater risk to our Fourth Amendment rights considering the scope of data available on those phones.
Encryption opponents would push in the other direction and flip our Fourth Amendment rights on their head, casting the Fourth Amendment as a right of the government — a right to dictate that the contours of the physical and digital worlds be redesigned to facilitate even easier surveillance. But as former computer crime prosecutor Marc Zwillinger recently put it, “I don’t believe that law enforcement has an absolute right to gain access to every way in which two people may choose to communicate… And I don’t think our Founding Fathers would think so, either. The fact that the Constitution offers a process for obtaining a search warrant where there is probable cause is not support for the notion that it should be illegal to make an unbreakable lock.” The law has never prohibited the creation of unbreakable locks, nor required us to hand our keys over to the government just in case it might need them for an investigation.
7. It would threaten First Amendment rights here and free expression around the world.
Repeated court challenges to export controls on encryption during the Crypto Wars illustrate how any attempt by the government to limit the distribution of encryption software code, which is itself speech, would raise serious First Amendment concerns. Similarly, a legal regime that forced individuals to hand ove rtheir private encryption keys to the government or to their communications providers for law enforcement purposes would also raise novel issues of compelled speech under the First Amendment. What’s more, a mandate against unbreakable encryption and in favor of backdoors for government could have even broader chilling effects. By contrast, encouraging the availability of strong encryption free of surveillance backdoors can enable free expression both in the United States and around the world, including by stymieing the censorship and surveillance efforts of governments with less respect for human rights than our own.
8. It would encourage countries with poor human rights records to demand backdoor access of their own.
The governments of countries like China, India, and the United Arab Emirates have long advocated for various measures that would require companies to implement key escrow systems or other forms of backdoors as a condition of their ability to do business in those countries. The United States government has roundly criticized these proposals in the past. Yet how can we continue to credibly push back against, for example, the Chinese government for proposing an anti-terrorism bill that would require U.S. companies to hand over their encryption keys, if we impose a similar requirement here at home? On what grounds will U.S. companies be able to continue to argue that they cannot implement such requirements and hand over the keys to foreign governments — even those with a history of human rights abuses — if they have already had to do so for the U.S. government? A failure by the United States to protect Americans’ ability to encrypt their data will undermine the right to encrypt around the world will in turn have a broader impact on human rights, undermining our foreign policy objectives
9. An overwhelming majority of the House of Representatives and the President’s own hand-picked advisors have already rejected the idea.
Last year, an overwhelming and bipartisan majority of the House of Representatives rejected the idea of encryption backdoors when they approved the Sensenbrenner-Massie-Lofgren amendment to the Defense Appropriations Act (H.R. 4870) by a vote of 293 to 123. Responding to reports that the NSA had worked to insert surveillance backdoors into a variety of hardware and software products, that amendment would have prohibited the NSA or the CIA from using any funds “to mandate or request that a person…alter its product or service to permit the electronic surveillance…of any user of said product or service for said agencies.” Although it did not make it into the final Cromnibus spending bill in December, the amendment was still a potent indicator that Congress is skeptical of U.S. government efforts that would weaken the security of American hardware and software products.
The five experts hand-picked by the President to review the NSA’s surveillance activities in 2013 were equally skeptical of encryption backdoors. The final report of the President’s Review Group on Intelligence and Communications Technologies recommended that, with regard to encryption, the U.S. government should:
“(1) fully support and not undermine efforts to create encryption standards;
(2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and
(3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.”
10. It would be vigorously opposed by a unified Internet community.
Decades before the massive online advocacy campaign that stopped the SOPA and PIPA copyright bills in 2012, the “Crypto Wars” represented the Internet community’s first major political engagement — and it was a rousing success. An unprecedented alliance of Internet users, technologists, academics, the technology industry, and newly-emerging Internet rights advocacy organizations flexed its muscles for the first time and made a huge difference in the political process, through public campaigns, Congressional testimony, online petitions, and more. That Internet community has only grown larger and more vocal in the intervening years, and will certainly make its voice heard if we find ourselves in the midst of a second round of the Crypto Wars.
Fortunately, that conflict can be avoided, especially if we shift toward policies that will promote rather than undermine the widespread use of strong encryption.
Read Bankston’s full written testimony here (pdf).
For a shorter brief and printable handout, please see this post.