Locks and keys

End-to-end en­cryp­tion could put law en­force­ment in dan­ger of ‘go­ing dark.’

The Washington Post Sunday - - OPINION SUNDAY -

ACONTENTIOUS de­bate about en­cryp­tion of data on smart­phones and else­where has be­come even more in­tense in re­cent weeks. A col­li­sion is un­fold­ing be­tween law en­force­ment de­voted to fight­ing crime and ter­ror­ism and ad­vo­cates of pri­vacy and se­cure com­mu­ni­ca­tions. In these chaotic dig­i­tal times, both are vi­tal to the na­tional in­ter­est, and it is im­per­a­tive that ex­perts in­vest se­ri­ous time and re­sources into find­ing ways to rec­on­cile the con­flict.

FBI Di­rec­tor James B. Comey has raised alarms — most re­cently in tes­ti­mony to Congress this month — about the prospect of law en­force­ment “go­ing dark,” mean­ing that it would be un­able to ob­tain in­for­ma­tion, with a court or­der, from en­crypted com­mu­ni­ca­tions on smart­phones and other sources. The rea­son for this alarm are the de­ci­sions by Ap­ple and Google to pro­vide end-to-end en­cryp­tion as the de­fault in their op­er­at­ing sys­tems, mean­ing that only the holder of the de­vice can un­lock the in­for­ma­tion. The tech­nol­ogy com­pa­nies say they do not hold the key (although they do hold data in servers that would still be ac­ces­si­ble by lawen­force­ment). Mr. Comey warns that this en­cryp­tion could pro­vide a safe haven for ter­ror­ists and crim­i­nals. He has not pro­posed a spe­cific fix, but in­sisted that the prob­lem of “go­ing dark” is “grave, grow­ing and ex­tremely com­plex.”

Mr. Comey’s as­ser­tions should be taken se­ri­ously. A rule-of-law-so­ci­ety can­not al­low sanc­tu­ary for those who wreak harm. But there are le­git­i­mate and valid counter ar­gu­ments from soft­ware engi­neers, pri­vacy ad­vo­cates and com­pa­nies that make the smart­phones and soft­ware. They say that any de­ci­sion to give law en­force­ment a key— known as “ex­cep­tional ac­cess” — would en­dan­ger the in­tegrity of all online en­cryp­tion, and that would mean weak­ness ev­ery­where in a dig­i­tal uni­verse that al­ready is awash in cy­ber­at­tacks, thefts and in­tru­sions. They say that a com­pro­mise isn’t pos­si­ble, since one crack in en­cryp­tion — even if for a good ac­tor, like the po­lice — is still a crack that could be ex­ploited by a bad ac­tor. A re­cent re­port from the Mas­sachusetts In­sti­tute of Tech­nol­ogy warned that grant­ing ex­cep­tional ac­cess would bring on “grave” se­cu­rity risks that out­weigh the ben­e­fits.

Last Oc­to­ber in this space, we urged Ap­ple and Google, paragons of in­no­va­tion, to cre­ate a kind of se­cure golden key that could un­lock en­crypted de­vices, un­der a court or­der, when needed. The tech sec­tor does not seem so in­clined. Two ma­jor in­dus­try as­so­ci­a­tions for hard­ware and soft­ware wrote Pres­i­dent Obama in June, “We are op­posed to any pol­icy ac­tions or mea­sures that would un­der­mine en­cryp­tion as an avail­able and ef­fec­tive tool.” The tech com­pa­nies are right about the over­all im­por­tance of en­cryp­tion, pro­tect­ing con­sumers and in­sur­ing pri­vacy. But these com­pa­nies ought to more forthrightly ac­knowl­edge the le­git­i­mate needs of U.S. law en­force­ment. All free­doms come with lim­its; it seems only proper that the vast free­doms of the In­ter­net be sub­ject to the same rule of lawand pro­tec­tions thatwe ac­cept for the rest of so­ci­ety.

This con­flict should not be left unat­tended. Nine­teen years ago, the Na­tional Academy of Sciences stud­ied the en­cryp­tion is­sue; tech­nol­ogy has evolved rapidly since then. It would be wise to ask the academy to un­der­take a new study, with spe­cial fo­cus on tech­ni­cal mat­ters, and rec­om­men­da­tions on how to rec­on­cile the com­pet­ing im­per­a­tives.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.