Locks and keys
End-to-end encryption could put law enforcement in danger of ‘going dark.’
ACONTENTIOUS debate about encryption of data on smartphones and elsewhere has become even more intense in recent weeks. A collision is unfolding between law enforcement devoted to fighting crime and terrorism and advocates of privacy and secure communications. In these chaotic digital times, both are vital to the national interest, and it is imperative that experts invest serious time and resources into finding ways to reconcile the conflict.
FBI Director James B. Comey has raised alarms — most recently in testimony to Congress this month — about the prospect of law enforcement “going dark,” meaning that it would be unable to obtain information, with a court order, from encrypted communications on smartphones and other sources. The reason for this alarm are the decisions by Apple and Google to provide end-to-end encryption as the default in their operating systems, meaning that only the holder of the device can unlock the information. The technology companies say they do not hold the key (although they do hold data in servers that would still be accessible by lawenforcement). Mr. Comey warns that this encryption could provide a safe haven for terrorists and criminals. He has not proposed a specific fix, but insisted that the problem of “going dark” is “grave, growing and extremely complex.”
Mr. Comey’s assertions should be taken seriously. A rule-of-law-society cannot allow sanctuary for those who wreak harm. But there are legitimate and valid counter arguments from software engineers, privacy advocates and companies that make the smartphones and software. They say that any decision to give law enforcement a key— known as “exceptional access” — would endanger the integrity of all online encryption, and that would mean weakness everywhere in a digital universe that already is awash in cyberattacks, thefts and intrusions. They say that a compromise isn’t possible, since one crack in encryption — even if for a good actor, like the police — is still a crack that could be exploited by a bad actor. A recent report from the Massachusetts Institute of Technology warned that granting exceptional access would bring on “grave” security risks that outweigh the benefits.
Last October in this space, we urged Apple and Google, paragons of innovation, to create a kind of secure golden key that could unlock encrypted devices, under a court order, when needed. The tech sector does not seem so inclined. Two major industry associations for hardware and software wrote President Obama in June, “We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool.” The tech companies are right about the overall importance of encryption, protecting consumers and insuring privacy. But these companies ought to more forthrightly acknowledge the legitimate needs of U.S. law enforcement. All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be subject to the same rule of lawand protections thatwe accept for the rest of society.
This conflict should not be left unattended. Nineteen years ago, the National Academy of Sciences studied the encryption issue; technology has evolved rapidly since then. It would be wise to ask the academy to undertake a new study, with special focus on technical matters, and recommendations on how to reconcile the competing imperatives.