The backdoor threat to encryption

This post originally appeared in the opinion page of the Boston Globe on October 1, 2015.

As they ratchet up a campaign for backdoor access to information on iPhones and other devices with encryption, some law enforcement leaders paint a dark vision of technology. Manhattan DA Cyrus Vance suggests that passcodes on smartphones blocked identification of a murderer. British Prime Minister David Cameron sees a “safe haven” for terrorists “in dark places.” FBI Director James Comey alludes to phones buzzing devilish messages in the pockets of ISIS recruits and says widespread encryption “threatens to lead us to a very, very dark place.”

Sure, it’s the job of law enforcement officers to look on the dark side, and to focus on protecting people and catching criminals. But evil lies with terrorists and criminals — not the phones or apps they use. Cellphones are targets simply because they have become such rich new sources of evidence for law enforcement. Chief Justice John Roberts called them windows into our entire lives.

Comey acknowledges the benefits of strong encryption may outweigh the costs, but says “part of my job is make sure the debate is informed by a reasonable understanding of the costs.” Part of my job at the Commerce Department a few years ago was to make sure government debate on security and law enforcement issues was informed by a reasonable understanding of costs to security and privacy, innovation, economic growth, and democratic values in the world.

With backdoors, these costs are real. Leading cryptologists have detailed how backdoors would create “grave security risks.” Comey has suggested to Congress that tech companies can solve this problem if only they spend enough time on it. Yet no amount of magical thinking can undo the contradiction between promoting strong encryption as a defense against the barrage of identity theft, espionage, and other cybercrimes while opening up new vulnerabilities.

There is an acute need to strengthen data security everywhere, and no realistic way to leave a door open for good guys and democracies that have rigorous checks and balances but not for cybercriminals or authoritarian states.

Backdoors undermine not only security, but also the competitive position of US companies that are trying to strengthen global trust in their brands and correct perceptions of “direct access” for US intelligence and law enforcement left by the Snowden leaks.

If backdoors are adopted for US products, people intent on keeping information secure, whether for benign or nefarious reasons, will turn to alternatives like cheap burner phones, devices sold in other countries, and encryption applications.

The United States would face a choice of whether to join the ranks of countries that try to block devices and services. That dilemma shows another important cost of backdoors — they undermine America’s position in the world.

The United States has promoted technologies that help democratic activists avoid surveillance by repressive governments, objected to measures in India and China that imply backdoors or block imports of encrypted devices like Blackberries, and taken unprecedented steps to provide transparency and limits on foreign intelligence collection. If the United States adopts backdoor requirements, though, no matter how constrained by checks and balances, it will face cries of hypocrisy.

In the backdrop of President Obama’s discussions with Chinese President Xi Jinping about cybersecurity are concerns about Chinese measures that require “secure and controllable” information technology and assert “Internet sovereignty.” It is hard to picture our president making headway on such concerns if his own government is contemplating backdoors.

In the end, the president himself likely will have to decide where his administration comes out on backdoors. When he does, he will have to pick sides.

The choices are less stark than the law enforcement meme “going dark” implies. Even so, it may be, as Chief Justice Roberts has written, that “Cellphones have become important tools in facilitating coordination and communication among members of criminal enterprises” but “Privacy comes at a cost.” So do security and trust.

The time has come for the president to shut the door on backdoors and send a clear message to the world that American technology is a trusted instrument of freedom.