An article in January 11th’s Wall Street Journal by tech columnist Christopher Mims does a very good job of breaking down the arguments surrounding allowing secret government “backdoors” into encrypted messages that we post every day from our various devices. He makes his point clear at the start of the article when he says “I’m going to say this as plainly as possible… If we compromise our computing devices in a misbegotten attempt to stem criminal behavior or terrorism – as some… have suggested – then we deserve what will follow.”
It’s tempting, he notes, to think that if only companies like Apple, Google (now Alphabet) and Microsoft would create backdoors to all our encrypted data, that only law enforcement or the government knows about, they could take action when needed.
It’s a complicated topic, and our space is too brief to give justice to Mims’ full screed, but he makes a strong case. We already live in a world where our defenses are breached regularly he begins, noting how the Chinese government could probably compile a dossier on the web-browsing habits of every U.S. citizen. “State actors are outgunning besieged corporate IT departments,” he notes, leading to hundreds of millions of dollars of damages annually. Hence his comment from our title that no encryption is good enough.
As a result, many tech-providing companies today are using encryption even they cannot decrypt. And the fact is, as Mims points out, you can’t ban math – which is to say, encryption is well understood by a lot of players these days. The notion that the FBI won’t be able to foil a terrorist plot if a messaging app is encrypted is an arresting one, but it defies the larger logic. Sophisticated attackers will always move to whatever channels are available to them, and there will always be channels available.
Former NSA Director Michael McConnell recently wrote: “If law enforcement and intelligence organizations face a future without assured access to encrypted communications, they will develop technologies and techniques to meet their legitimate mission goals.”
Basically, that amounts to what today is called “lawful hacking,” which says that there are “vulnerabilities in the system, and it is better to exploit those than to build in other weaknesses,” as outlined by a group of academics in a recent paper on cryptography and security. It’s an acknowledgement that our PCs and phones are in fact inherently quite insecure.
It’s a debate that will likely rage on for a good long time among well-intentioned people. And a byproduct of course of our advancing technologies, which sometimes, aren’t so advanced as we’d like to think.