Thanks to robust end-to-end encryption, law enforcement agencies are increasingly being shut out from accessing digital communications, even with a court’s approval. Naturally, the government is now lobbying companies to retrofit their systems with backdoors for when an investigation might require access to communications. As well-intentioned as this is, it will ultimately lead to weaker security for millions of users. For the sake of security and privacy, backdoors and keys for this purpose should not be allowed.
In a recent speech, Deputy Attorney General Rod Rosenstein coined a new term, “responsible encryption,” while advocating for third parties to maintain backdoors for law enforcement. “Responsible encryption,” Rosenstein said, “can involve effective, secure encryption that allows access only with judicial authorization.” Although not an issue of encryption, Rosenstein’s desire for a backdoor evokes memories of Apple’s infamous showdown with the FBI over its refusal to unlock the iPhone of the San Bernardino shooter. The government would prefer to avoid confrontations like that one in the future and instead have a fast track to encrypted data during investigations.
Privacy or Access, not Both
Law enforcement has a job to do and their intentions are perfectly noble here. As more of our daily lives move online, digital activity and communications are crucial evidence in investigations. But what Rosenstein and the government are asking for constitutes an unprecedented security risk. Having messaging services like WhatsApp maintain an exceptional access key, or backdoor, creates a huge vulnerability for internal threats, cyber criminals, and hackers. It’s not a question of “if” such a key will fail, or be exploited, but a question of “when.” Not even the NSA can keep a lid on its data. Why should we expect the proverbial backdoor to be any more secure? The private communications of hundreds of millions of Americans are at stake here.
In a February Senate Intelligence Committee hearing, Senator Ron Wyden (D-OR) confronted FBI Director Christopher Wray over the idea of giving federal law enforcement access to encrypted data. "I don't pretend to be an expert on [cryptography],” Wyden told Wray, “but I think there is a clear consensus among experts in the field against your position to weaken strong encryption."
Wyden was referring to a letter he received from the top cryptographers in the world, which argued against “responsible encryption” as a non-achievable fallacy. Wyden tweeted the following on the same day of the Senate hearing: “I’ve been pushing the FBI Director to back up his claim that tech companies can weaken their encryption without harming cybersecurity. The experts say that it simply isn’t possible.”
Exceptional Access is not Encryption
Senator Wyden was echoing the hard truth about “responsible encryption” and exceptional access. If a third party builds a backdoor to encrypted data, can you really still call it encrypted? There’s no middle ground here, no matter how the government tries to frame it. Knowing your data is as secure as possible is part of the foundation of the growing digital economy. Anything less is a liability that undermines the system.