Have you stayed up to date with the ongoing debate about the encryption “problem”?
On the surface, it is a relatively simple argument. On one side, the government wants to have access to a “master decryption key” to solve the problem of spies and terrorists who communicate using encrypted messages. On the other side, the citizenry wants to preserve encryption because it protects all of our online transactions, and sometimes we like to share a private message as well.
Well, that was easy, wasn’t it?
Unfortunately, there are more than two sides to this story. As an example, consider these additional options to add to the debate:
Citizens who believe that they have nothing to hide, so they do not have to encrypt anything. Clearly, that is a position that has not been very well thought-through by those who hold it. None of these well-intended upstanding citizens would want their tax returns, banking transactions, or medical records transmitted or stored in clear text. When put in those terms, it is easy to dispense with this “nothing to hide, therefore, nothing to fear” conversation.
Another side to consider is the contradictory nature of governments who want a backdoor into encryption, yet seek to protect privacy at the same time. Germany is proceeding to pass legislation for encryption backdoors on all new devices, yet the German data protection agency has previously ordered Facebook to stop collecting WhatsApp user data.
Of course, yet another side is the one used by the criminals to protect their secret, nefarious plots.
The true problem with the entire debate is that it is difficult, if not impossible to separate the idea of privacy and encryption. If we remove technology from the equation, the problem is illuminated in a slightly different manner.
In most civilized nations, the government may only infringe on a person’s privacy under very controlled circumstances. One circumstance is the case where a person has no reasonable expectation of privacy. Two people plotting a crime on a crowded commuter train should not expect any privacy. However, a person expects privacy in his own home, and governments are prohibited from violating that right without a court order, warrant, or other official authorization.
Let’s imagine a hypothetical situation where the government is looking for a document in my home, yet I keep this important document written in code. Would that give them the right to demand the decryption key? Why is it any different when the conversation is moved into the digital realm? The last time I checked, I am not involved in any criminal enterprise, but that is not the reason I use encryption.
As I mentioned in a previous blog post: The privacy afforded through encryption is not a new development of the internet and it should not be treated as such. Encryption has been used in peace and war since the beginning of time, and civilization has moved forward despite the use of encryption.
The most salient argument that can be made is that even if the government is given a backdoor to the widely used encryption methods, the folks who want to subvert those efforts will create a new encryption algorithm free of that backdoor. Crime fighting is definitely a bit tougher in this digital age, but it is not impossible. Overcoming encryption is only one piece of the crime-fighting puzzle. Maintaining privacy is a broader and more important concern. Can the debate be shifted more towards strengthening privacy rather than weakening encryption?