The Debate Between The US Government And The Tech Industry About Encryption, Explained
In an unusually contentious political season, there seems to be one thing that unites leaders from both parties: the need to thwart terrorists using encrypted messages. Everybody from President Obama and Hillary Clinton to Donald Trump and Jeb Bush are calling on the private sector to facilitate backdoors for security officials.
The tech industry, for its part, has balked. A letter to President Obama, signed by dozens of top firms as well as civil liberties organizations and security experts, urged him to “reject any proposal that U.S. companies deliberately weaken the security of their products,” saying that it would “undermine our economic security.”
The truth is that such a policy would provide little benefit at great cost. While it would impair the marketability of American products, perhaps permanently, criminals and terrorists could simply use encryption protocols beyond the reach of the US government. At the same time, the general public would face increased vulnerability to hackers looking to steal our data.
A Brief History Of Encryption
To better understand the debate, let’s start at the beginning. The first truly modern cryptography effort was launched at Bletchley Park, the facility outside London that housed Britain’s code-breakers during World War II. Their goal was to break the Enigma code that was being used by the German Navy to coordinate submarine attacks in the North Atlantic.
The Enigma machine used a series of rotors and spindles to make any message appear to be a random garble, but could be easily decoded by another Enigma machine that shared the same settings. It was considered an unbreakable system, but Alan Turing created a machine powerful enough to mathematically break the code and turned the tide of the war.
After the war, Winston Churchill ordered its machines—essentially the world’s first digital computers—destroyed. Yet, rather than enhance Britain’s security, Churchill’s decision did little more than undermine British technology. Within a few years, John von Neumann created a similar machine based on Turing’s ideas and, with the blessing of the US government, made it’s design widely available, which helped launch a computer industry that still dominates today.
At about the same time Claude Shannon, considered by many to be the “father of mathematical cryptography,” came up with an idea for a truly unbreakable code. Rather than series of rotors and spindles like the Enigma, he proposed that long random numbers serve as a key. It was a revolutionary idea that would have far reaching consequences.
The Commercialization Of Secrecy
For decades, Shannon’s concept of mathematical cryptography was primarily pursued by governments and militaries. Yet as electronic communication became more widespread, there was a growing need for private companies and individuals to keep communications secure.
Enter Whitfield Diffie and Martin Hellman. In 1976, the two published a paper that created the concept of public key cryptography, which would allow just about anybody to establish highly secure communications. In short order, Ron Rivest, Adi Shamir, and Leonard Adleman developed a working version, now known by their initials, RSA.
Today, we use RSA and similar systems in just about everything we do online. From digital signatures and secure payments for e-commerce, to keeping health records and corporate information safe. It’s hard to imagine the modern economy working without the possibility to create secure environments.
Politicians and national security officials think that it may be possible to have the best of both worlds: A secure environment for private transactions that includes a “backdoor” for government to use, presumably with a court order, to penetrate terrorist groups and criminal networks. Yet technology experts warn that the idea is not only naive, but dangerous.
The Unintended Consequences Of Backdoors
Randy Terbush, CTO of Lifeguard Health Networks and an expert in commercial and open source cryptography, points out that the current debate is not new, but dates back to the 1990’s, when the NSA urged technology companies to include Clipper Chips in their products. That effort failed, but the NSA did manage to negotiate a backdoor in the RSA algorithms.
Terbush believes that the US government’s insistence that U.S. companies use only authorized encryption solutions merely led to the development of open source encryption solutions beyond their reach. So law abiding companies were vulnerable, but international criminals and terrorists remained secure.
Further, he suggests that the current argument being made against encryption of civilian communications and computing devices simply leaves Americans more vulnerable to identity theft, and as has been demonstrated, is doomed to failure. Highly publicized attacks at major companies like Home Depot and J.P. Morgan underline the need for more vigilance, not less.
Finally, he argues that “you can’t regulate use of encryption technology that’s widely available.” Requiring US products to be less secure than those of other countries will only serve to undermine American industry, a fact also pointed to in the letter to President Obama from the tech companies.
Weakening Encryption Will Not Make US Safer
In the final analysis, it’s hard to see how weakening private security by mandating backdoors will make us any safer. Terrorists have a variety of ways to circumvent the US government’s ability to control data encryption. So the strategies being proposed by politicians and national security officials are more likely to affect law abiding citizens than our enemies.
What’s more, it’s unclear it will make the work of government officials any easier. Despite some erroneous reports, there is no evidence that the San Bernardino attackers used any special encryption protocols. The problem was that they hadn’t done anything significant enough to arouse suspicion.
And intelligence agencies still retain the ability to track movements, record keystrokes and listen to conversations through a variety of methods. Remember, in the case of Osama bin Laden, we were able to track him down even though he didn’t use any electronic communication at all. Even in a secure marketplace with strong encryption, we are far from powerless.
So the dilemma we face today is similar to the one that Winston Churchill had at the end of World War II. He chose to destroy his nation’s technology and British industry paid an enormous price. We should endeavor to choose more wisely.
– Greg