Should Companies Be Forced to Enable Surveillance and Compromise Security? The Government Thinks So.
[UPDATE 9/30/15] If leaked memos are any indication, there is a policy brawl brewing in the Obama administration over encryption. The ultimate decision — which could come at any time — remains unclear.
The Justice Department and others appear to be pushing for various technical changes by companies to provide greater access to encrypted devices and data — at the expense of consumers and security. At the same time, there seems to be a growing recognition that strong encryption is increasingly valuable to safeguard consumers and protect our fundamental rights. Today the ACLU, along with 19 other civil society and business groups, urged the president to make the right choice. We filed a “We the People” petition, which you can join here, asking him to reject policies that would weaken encryption and leave our private information vulnerable.
Companies may soon have even more access to your information — whether they want to or not.
At a congressional hearing yesterday, the Department of Justice urged Congress to pressure companies to weaken encryption by creating a so-called “backdoor” into products. That’s in response to the increasing use of strong encryption in commercial technology that makes your information inaccessible even to the companies whose tools you use. While the DOJ said they are not pursuing a mandatory backdoor for now — they left the door open to this type of proposal in the future.
The ACLU has long opposed these types of mandates. Weakening encryption standards, whether through a mandate or another form of government pressure, is a lose-lose proposition for security and privacy.
As experts — including technologists, the president’s own review group, and leading computer experts — have noted, strong encryption promotes greater national security. These experts emphasize that it is impossible to create a law enforcement backdoor that isn’t also wide open to criminals, hackers, and malicious governments. Not to mention the fact that if tech companies give the U.S. government backdoor access, other governments will surely demand the same.
Just ask the Greeks.
In 2004 and 2005, the mobile phones of dozens of members of the Greek government were spied on by an unknown adversary who exploited a backdoor meant for law enforcement. They’re by no means the only ones who have had their information compromised.
Google, Microsoft, and the U.S. government’s Office of Personnel Management are only a few of the many victims of malicious cyber actors in recent history. In the wake of these attacks, pursuing a policy that weakens — rather than enhances — information security is misguided.
Even more, the DOJ has produced no evidence demonstrating that encryption has been a barrier to legitimate investigations. On the contrary, according to recent reports, federal agencies encountered encryption in wiretaps only three times in 2014; only twice were they unable to decrypt the information.
The reality is that law enforcement has more access to electronic information — from emails, to call metadata, to location information — than ever before. In this golden age of surveillance, the government should not be considering proposals that provide even less privacy and security to Americans.
The problem, however, isn’t just one of security.
Mandating a backdoor into every electronic device is the expansion of a very dangerous idea: that the private sector should be responsible for building the surveillance infrastructure of the government. Such a policy essentially amounts to a surveillance tax on companies, and by extension consumers, simply because they chose to innovate and provide more secure products.
Moreover, opening all electronic communications to possible government scrutiny threatens the very notion of free expression and an open Internet. Fear of government surveillance creates a chilling effect, dissuading journalists, activists, and the public from engaging in protected speech. As reports have shown, fear of government surveillance has already made it more difficult for journalists to communicate with sources, leading to self-censorship and hindering reporting on critical national security issues.
That’s why the State Department itself has invested in encryption technologies that allow human rights activists and journalists abroad to communicate securely and anonymously — minimizing the likelihood that they will be targeted by repressive regimes. It’s also why many of our nations’ founders, including Thomas Jefferson, James Madison, Alexander Hamilton, and George Washington, communicated through encrypted letters.
And yet rather than applauding the march toward a more secure Internet, the DOJ is seeking to take us backward. If we let them, both privacy and security will lose out.