The US Government’s Misguided War on Encryption

encryptionLaw enforcement agencies have gotten used to having easy access to all forms of electronic communications from phone calls to faxes to emails and social media.

Many politicians, including Senator John McCain, have called for placing limits on encryption technology as a way to fight terrorism. In a recent editorial on the Bloomberg website, Senator McCain said

Islamic State and other terrorist groups espouse a primitive ideology and rely on medieval tactics, but they use distinctly modern tools: social media and communications platforms designed to evade our most advanced efforts to fight terrorism.

By taking advantage of widely available encryption technologies, terrorists and common criminals alike can carry out their agendas in cyber safe havens beyond the reach of our intelligence agency tools and law enforcement capabilities. This is unacceptable.

Law enforcement’s concerns are eloquently expressed by then FBI Director Louis Freeh, who back in 1997 said

Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity. We will lose one of the few remaining vulnerabilities of the worst criminals and terrorists upon which law enforcement depends to successfully investigate and often prevent the worst crimes.

Many people would agree that if there were a way to safely allow businesses and companies to encrypt their data communications while safely allowing law enforcement a decrypt data after receiving a proper search warrant that would be a good thing.

Unfortunately, there is no technological way to do that.

The only way to make encrypted communications available to law enforcement is by including a “back door” in the software. Any backdoor that can be legitimately used by law enforcement can most certainly be illegally exploited by hackers and cybercriminals.

Terrorism is scary, but for Americans it is not a major problem. Since 9/11 only 45 Americans have been killed by Islamic terrorism. Some of the things more likely to kill you than terrorists: TVs (TVs falling on people kill 176 people a year), cows (20 Americans a year are killed by cows), elevators (27 killed per year), and that perennial favorite to illustrate something is unlikely, getting struck by lightning, which kills 49 people per year, 15 times the number killed by Islamic terrorism over the last 14 years.

Cybercrime, on the other hand, is a very real threat to Americans. The US Department of Justice website says

Cybercrime is one of the greatest threats facing our country, and has enormous implications for our national security, economic prosperity, and public safety.

MacAfee estimates that cybercrime costs the global economy more than $400 billion per year. 40 million people in the USA alone had their personal information stolen last year, potentially leading to all sorts of problems from hackers accessing their bank accounts to having their credit ruined by fake credit cards.

We do not make light of terrorism; terrorism is indeed a real problem, and organized crime is certainly a real problem. But limiting the public’s access to encryption will do nothing to help law enforcement.

Strong encryption is already available. Banning American companies from using or exporting strong encryption simply means that the bad guys will get their encryption elsewhere.

Trying to ban the use of all secure communications, such as end-to-end encryption, would be as effective as trying to ban all guns in the United States. Law abiding citizens would disarm themselves and only the criminals would continue to have weapons.

We can’t afford to disarm ourselves in the war against cybercrime. Robust cybersecurity, such as PACid’s BoSS solution, without “back doors” that could be exploited by cyber criminals, needs to be available to all. With the growing pervasiveness of connected devices – especially including the “Internet of Things” – law enforcement will still have many opportunities for collecting intelligence on the bad guys.