Encryption: A Modest Proposal
By Laura Haight
Originally published as the Digital Maven in Upstate Business Journal on March 18, 2016
Dear US Citizen:
Effective immediately, your government is taking additional steps to protect your safety and ensure you can have what the Constitution promises - life, liberty and the pursuit of happiness.
Unfortunately, to protect you, a few things will have to change. On the upside, some of these changes may actually relieve you of the burdensome responsibility of your own security.
First and foremost, you no longer have to worry about strong passwords. Under our new federal rules, no password longer than 6 alpha characters will be permitted. Those of you still using your dog’s name and adding 1, 2, 3, etc. to it, will be pleased with this change. This will make it far easier for law enforcement agencies to access the phones, tablets and digital assets of the small percentage of the population that is criminal and the even smaller percentage that are on the terror watch list. Of course, this is critical if we are going to be able to adequately protect you from crime or terror attacks.
Is a communication like this in our future? Reflexively, we say ‘No! Of course not.’ But the battle over encryption of data on mobile devices is just the first salvo in a civil rights struggle that can have long-standing implications. What do we want more: Privacy or security? Apple’s Tim Cook says, “We’re America, we should have both.”
I agree. Despite the fear-mongering warnings of the FBI and others, minimizing personal privacy rights is not the only path to security.
First, we should take a look at how this came to be such a crucial issue in the first place: A bungled combination of two government agencies acting at cross-purposes apparently caused the San Bernardino terrorist’s iPhone o to become locked and, eventually, automatically wiped, a standard security measure. (//goo.gl/eeoKcI).
Facing a SNAFU, fueled by a lack of communication and coordination, the FBI deflected. Now it is Apple’s fault that terrorists lock their phones, use highly secure passcodes, and encrypt their messages. We should all be doing this. Advocates of forcing Apple to crack into this specific iPhone say ‘We’re not asking for the moon, just this ONE PHONE!’
I am not a programmer and I am certainly not an Apple engineer. But I know there is no such thing as developing something for one-time use and never being asked to use it again. Once they know it is possible, the FBI and federal judges will be ordering Apple to crack into iPhones right and left. If we even think there might be something suspicious, we’ll be creeping in the backdoor. And that backdoor could be yours if you liked something the wrong thing on Facebook or dated someone who did, or were a Muslim living in the US.
And who knows what other potential reasons could expose you to unbridled scrutiny. We don’t need to go back more than a few years to the NSA cell phone listening scandal to see this in practice, but if you want a really good lesson in the corruption of the Constitution born out of fear, refresh yourself on the House Un-American Activities Committee and the age of McCarthyism in the mid-1940s.
Beyond the privacy issues, opening that backdoor won’t be enough as most of the apps running on the iPhone, especially those that encrypt texts and email messages, are not created by or owned by Apple. And while we’re on this subject, let’s not forget the Android Marketplace and Windows Store, where there are almost no controls on app developers.
So, what are we ultimately saying? A window with dozens of tiny little cracks will eventually break. The more backdoors we create, the more times we use them, the more likely it is that information leaks to hackers, cybercriminals and, yes, even terrorists, who can then turn our own efforts against us, even as they find new tools to block us.
The fact is we are more secure for the long-haul with unbreakable end-to-end encryption in use everywhere, as former CIA director and four-star general Michael Hayden said recently.
Finally, let’s ask ourselves two questions: 1) are we at least as smart if not smarter and more innovative than we were in World War II when the German’s Enigma Code - the unbreakable communication method of its day - was broken? 2) what would the FBI have done if the court had not ruled in its favor? Would the agency have thrown up their arms in surrender? Unlikely. No, the terrorists don’t win. We have brilliant minds and innovative spirits. There is, as your mother and mine, always used to say, more than one way to skin a cat.
It is time we stopped chipping away at privacy and technology innovation in the name of security. We’re America, we can have – and should demand – both.