COMMENTARY ON LAW AND TECHNOLOGY

CREATING AN ENCRYPTION BACKDOOR FOR LAW ENFORCEMENT


04May-2015

Millions of Americans worry about identity theft or cyber crime.  Data about us is everywhere, including in our pockets.Smart phones are often used to access email, take photos, and access bank statements and bills.One way to protect our data is through the stronger encryption of data on our mobile devices.  Last September, Apple and Google announced that future versions of their mobile operating systems would have very strong encryption, by default.  The only person who would have the ability to decrypt information on a mobile device would be the owner of that device.  Even Apple would not have the key to decrypt the data on your iPhone.

These stronger encryption methods would not just keep your data secure from criminals. It would also keep your data out of databases filled with government surveillance data. This is not a coincidence. In fact, it is a major selling point for these companies. Millions of Americans are concerned about what the government does with their information, especially after the NSA leaks of 2013.  European countries were also jarred by revelations about how far the NSA’s surveillance practices had reached.

Now, faced with stronger encryption that would make investigations more difficult, law enforcement agents are asking Congress to intervene. And this is not the first time. In the 1990s, as communications transitioned to digital formats, law enforcement argued for a backdoor to allow investigators to bypass encryption.But encryption is difficult enough, and making a backdoor or a “golden key” to allow law enforcement to decrypt communications would have created more problems than it solved. Ultimately, their attempts to create a backdoor failed.

But some concessions to law enforcement were made in the 1990s. The Communications Assistance for Law Enforcement Act, or CALEA, was enacted in 1994.Law enforcement agents were concerned that moving telephone communications onto digital infrastructure would make it more difficult to place wiretaps and conduct surveillance. CALEA requires communications companies, including broadband providers, to design their systems to ensure that law enforcement could access information, when necessary.But CALEA includes an explicit exception for encryption: providers cannot be compelled to decrypt customer communications if the provider does not have the means to do so. Apple and Google say that they will not have the means to decrypt information stored on customer cellphones in these new operating systems. This means that police could not compel Google to investigate your mobile device, even with a court order.

Today, stronger encryption is becoming the norm. Members of law enforcement, including the FBI and police forces are not pleased with this development.The FBI warns that these privacy protections lead to investigations going nowhere because collecting evidence is more difficult than before.  Just like in the 1990s, the FBI is arguing for a backdoor to allow encrypted information to be decrypted for government investigations. On April 29th, the brand new Subcommittee on Information Technology in the House Oversight committee held a hearing on encryption.Law enforcement representatives argued their case. But they could not address the key point underlying their opponents’ arguments: If the good guys can get through a backdoor, so can the bad guys. Computer code is neutral. It does not care about your intentions. Yet the Department of Justice thinks that software developers should build security holes into their products on purpose!Fortunately, members of Congress at the hearing were unreceptive to the arguments of law enforcement, so it is unlikely that any such bill would even be introduced. Encryption is essential for privacy and information security, and this is something where we cannot afford to compromise.

I’m Jay Kesan.