Governments Undermining Encryption Will Do More Harm Than Good

Governments are threatening to undermine the encryption that keeps our online communications private.
Governments Undermining Encryption Will Do More Harm Than Good
Updated:

Western governments, notably the U.K. and the United States, are pushing the software industry to open “backdoors” into our encrypted communications.

The argument touted by government agencies for nearly 20 years is that terrorists use strong encryption to hide their communications, therefore we should ban strong encryption.

British Prime Minister David Cameron has been outspoken in his desire for such a ban.

And last week, President Barak Obama’s chief of staff and a team of national security officials flew to Silicon Valley to meet with top technology companies Twitter, Microsoft, YouTube, Facebook, LinkedIn, Apple, and Dropbox. It’s likely they discussed collaboration between the Silicon Valley and the U.S. intelligence and law enforcement on backdooring encryption.

Next week, Australian Prime Minister Malcolm Turnbull will meet the U.S. president in Washington, D.C., and encryption may also be on their security agenda.

Australia is already a member of the “5-Eyes“ alliance, and a user of the PRISM regime to spy on citizens, which was revealed by Edward Snowden. It is also a signatory to the Trans-Pacific Partnership (TPP). It seems likely Australia will try to follow the U.S. and U.K. lead.

In response to this push to undermine encryption, an open letter to governments, called “Secure the Internet,” was published this week. It is signed by more than 170 companies, organizations, and individuals from around the world, including leading data security researchers.

The letter calls for all governments to reject backdooring or the weakening of encryption products.

Keys to the Door

Encryption is used by most of us every day, typically with no conscious effort. If you log into your email or bank site with an address starting “https://” then you are using encryption.

It seems likely governments around the world are trying to either woo or cajole the tech industry and security researchers to “break” the software they build by installing backdoors or other holes for the government to access our communications effortlessly.

The problem with installing backdoors is that bad actors—organized crime, fraudsters, hostile foreign governments, and the like—may also focus their attention on these security holes. Any universal “passkey” built into such a system would be immensely valuable, and worth spending enormous resources to capture, thus making those who had them significant targets for espionage.

The push to emasculate the strong encryption we use every day is akin to the government telling every citizen we can't lock our front door.

The push to emasculate the strong encryption we use every day is akin to the government telling every citizen we can’t lock our front door, or maybe we can only use a weak little latch. It’s like requiring everyone to send our passwords to a central government office.

The aim should be to improve security on the Internet, not to break it. Governments colluding to break Internet security introduces the risk of breaking our evolving digital economy as well by undermining trust in businesses and banks. Imagine logging into your online banking at National Australia Bank, ANZ, Westpac, Commonwealth Bank, or your insurance company, and not knowing if the encryption was secure.

The argument that terrorists might use encryption so we should ban it is without nuance and probably even effect.

The argument that terrorists might use encryption so we should ban it is without nuance and probably even effect. Terrorists might also use steak knives to commit crimes, but we don’t make steak knives illegal. Steak knives have other useful purposes in society. And, like strong encryption, these benefits greatly outweigh the very small risks.

Will It Even Work?

The “Secure the Internet” letter references the research paper authored by a who’s who of the world’s top computer security researchers.

The paper highlights the numerous problems with implementing such policies in practice. Many of these researchers were around when the first major push came from government to impose weakened encryption on the masses in the form of Clipper Chip in 1997.

They concluded “the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago.” Such schemes kill innovation. Indeed, the authors query whether Facebook and Twitter would even exist today if the previous scheme had been imposed.

Australian security agencies have significantly expanded their powers over the past few years. The agencies can break into computers remotely, plant software, copy data, access related metadata, install keyloggers to track a target’s every keystroke.

These agencies’ methods require some targeting, although some do not even require the oversight of a judge. They already can force anyone to reveal a hard drive’s encryption passphrase or face a prison term for failing to do so.

Agencies have also had a huge budget increase, with an extra $838 million added for national security in the 2015 budget. In short, they have a cornucopia of powers and resources to chase terrorists.

At some point, that chase has to be about the mundane gumshoe work of gathering “HUMINT”—intelligence from human contacts—not just about sitting at a desk of computers scanning communications.

Realistically, backdooring strong encryption software, which is what is being floated here, will not stop terrorists.

Realistically, backdooring strong encryption software, which is what is being floated here, will not stop terrorists. They will simply find and use other channels, including secure software distributed via other countries that do not have such restrictive laws.

Making Us More or Less Secure?

The desire to break the computer security of an entire population also hints at the more insidious aim of governments trawling all of our private communications. With Edward Snowden’s revelations about exactly this, it is important to view this recent push to destroy the innocent citizen’s right to use encryption securely through this lens.

The contradiction of this push is that governments are trying to force our communications to be less secure while claiming to make us more secure.

If we want to retain our freedoms, we will also need to take some responsibility by changing our own mindsets. We as citizens need to accept that there is some risk in an uncertain world.

If we want to retain our freedoms, we will also need to take some responsibility by changing our own mindsets. We as citizens need to accept that there is some risk in an uncertain world. We cannot expect law enforcement or intelligence agencies to provide 100 percent guarantees; it is both unrealistic and unreasonable.

The urge to “do something” after terrible attacks like those in Paris, should be spent fixing the underlying causes of terrorism, not creating legislative overreach designed to grab tomorrow’s headline.

Keeping the keys to our own house requires a balanced approach in all things.

Suelette Dreyfus is a research fellow at the department of computing and information systems at the University of Melbourne in Australia. This article was originally published on The Conversation.

Suelette Dreyfus
Suelette Dreyfus
Author
Related Topics