Notes/Explanation
This is an advantage stem that can be read with the Surveillance State Repeal Act and Secure Data Act affirmatives (and
others that we haven’t worked on yet). It accesses many of the other impact areas that we have developed in other
advantage files. This file contains the internal link stem for the advantage; the impact scenarios are found in other
advantage files and the solvency cards for a particular plan are found in that affirmative file.
In later iterations, this file should be integrated with the impact and solvency files and moved into a comprehensive
affirmative file. For now, it will enable practice debates about this part of the topic. To answer the case, the negative
should use the relevant advantage and case negatives.
1AC Options
1AC — Encryption Advantage Stem
Contention __ is Encryption
First, U.S. government attacks on encryption leave everyone vulnerable,
jeopardizing privacy and data security. There is no such thing as a “good guys
only” backdoor.
Doctorow 14 — Cory Doctorow, journalist and science fiction author, Co-Editor of Boing Boing, Fellow at the
Electronic Frontier Foundation, former Canadian Fulbright Chair for Public Diplomacy at the Center on Public Diplomacy
at the University of Southern California, recipient of the Electronic Frontier Foundation’s Pioneer Award, 2014 (“Crypto
wars redux: why the FBI's desire to unlock your private life must be resisted,” The Guardian, October 9th, Available Online
at http://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-the-fbis-desire-to-unlock-yourprivate-life-must-be-resisted, Accessed 06-24-2015)
Eric Holder, the outgoing US attorney general, has
joined the FBI and other law enforcement
agencies in calling for the security of all computer systems to be fatally
weakened. This isn’t a new project – the idea has been around since the early 1990s, when the NSA classed all strong
cryptography as a “munition” and regulated civilian use of it to ensure that they had the keys to unlock any technological
countermeasures you put around your data.
In 1995, the Electronic Frontier Foundation won a landmark case establishing that code was a form of protected
expression under the First Amendment to the US constitution, and since then, the whole world has enjoyed relatively
unfettered access to strong crypto.
How strong is strong crypto? Really, really strong. When properly implemented
and secured by relatively long keys, cryptographic algorithms can protect your
data so thoroughly that all the computers now in existence, along with all the
computers likely to ever be created, could labour until the sun went nova
without uncovering the keys by “brute force” – ie trying every possible permutation of password.
The “crypto wars” of the early 1990s were fuelled by this realisation – that computers were
changing the global realpolitik in an historically unprecedented way. Computational crypto made
keeping secrets exponentially easier than breaking secrets, meaning that, for the
first time in human history, the ability for people without social or political
power to keep their private lives truly private from governments, police, and
corporations was in our grasp.
The arguments then are the arguments now. Governments invoke the Four
Horsemen of the Infocalypse (software pirates, organised crime, child
pornographers, and terrorists) and say that unless they can decrypt bad guys’
hard drives and listen in on their conversations, law and order is a dead letter.
On the other side, virtually every security and cryptography expert tries
patiently to explain that there’s no such thing as “a back door that only the good
guys can walk through” (hat tip to Bruce Schneier). Designing a computer that bad guys
can’t break into is impossible to reconcile with designing a computer that good
guys can break into.
If you give the cops a secret key that opens the locks on your computerised
storage and on your conversations, then one day, people who aren’t cops will get
hold of that key, too. The same forces that led to bent cops selling out the public’s personal information to Glen
Mulcaire and the tabloid press will cause those cops’ successors to sell out access to the world’s computer systems, too,
only the numbers of people who are interested in these keys to the (United) Kingdom will be much larger, and they’ll
have more money, and they’ll be able to do more damage.
That’s really the argument in a nutshell. Oh, we can talk about whether the danger is
as grave as the law enforcement people say it is, point out that only a tiny number of
criminal investigations run up against cryptography, and when they do, these
investigations always find another way to proceed. We can talk about the fact
that a ban in the US or UK wouldn’t stop the “bad guys” from getting perfect
crypto from one of the nations that would be able to profit (while US and UK business
suffered) by selling these useful tools to all comers. But that’s missing the point:
even if every crook was using crypto with perfect operational security, the
proposal to back-door everything would still be madness.
Because your phone isn’t just a tool for having the odd conversation with your friends –
nor is it merely a tool for plotting crime – though it does duty in both cases. Your phone, and all the other
computers in your life, they are your digital nervous system. They know
everything about you. They have cameras, microphones, location sensors. You
articulate your social graph to them, telling them about all the people you know and how you know
them. They are privy to every conversation you have. They hold your logins and
passwords for your bank and your solicitor’s website; they’re used to chat to your therapist and the STI clinic and
your rabbi, priest or imam.
That device – tracker, confessor, memoir and ledger – should be designed so that
it is as hard as possible to gain unauthorised access to. Because plumbing leaks at the seams,
and houses leak at the doorframes, and lie-lows lose air through their valves. Making something airtight is
much easier if it doesn’t have to also allow the air to all leak out under the right
circumstances.
There is no such thing as a vulnerability in technology that can only be used by
nice people doing the right thing in accord with the rule of law. The existing
“back doors” in network switches, mandated under US laws such as CALEA, have become the
go-to weak-spot for cyberwar and industrial espionage. It was Google’s lawful interception
backdoor that let the Chinese government raid the Gmail account of dissidents. It was the lawful interception backdoor in
Greece’s national telephone switches that let someone – identity still unknown – listen in on the Greek Parliament and
prime minister during a sensitive part of the 2005 Olympic bid (someone did the same thing the next year in Italy).
The most shocking Snowden revelation wasn’t the mass spying (we already knew about
that, thanks to whistleblowers like Mark Klein, who spilled the beans in 2005). It was the fact that the UK
and US spy agencies were dumping $250,000,000/year into sabotaging operating
systems, hardware, and standards, to ensure that they could always get inside
them if they wanted to. The reason this was so shocking was that these spies
were notionally doing this in the name of “national security”– but they were
dooming everyone in the nation (and in every other nation) to using products
that had been deliberately left vulnerable to attack by anyone who
independently discovered the sabotage.
There is only one way to make the citizens of the digital age secure, and that is to
give them systems designed to lock out everyone except their owners. The
police have never had the power to listen in on every conversation, to spy upon
every interaction. No system that can only sustain itself by arrogating these
powers can possibly be called “just.”
Second, these government programs are an attack on encryption itself. The
damage is done even if agencies don’t abuse backdoors.
Gillmor 14 — Dan Gillmor, Director of the Knight Center for Digital Media Entrepreneurship at the Walter Cronkite
School of Journalism and Mass Communication at Arizona State University, Fellow at the Berkman Center for Internet &
Society at Harvard University, recipient of the Electronic Frontier Foundation’s Pioneer Award, 2014 (“Law Enforcement
Has Declared War on Encryption It Can’t Break,” Future Tense—a Slate publication, October 1st, Available Online at
http://www.slate.com/blogs/future_tense/2014/10/01/law_enforcement_has_declared_war_on_encryption_it_can_t_b
reak.html, Accessed 06-24-2015)
Suppose two suspected criminals happened to be the last two people on Earth
who could understand and speak a certain language. Would law enforcement
argue that they should only be permitted to speak in a language that others
could understand?
That's an imperfect but still useful analogy to a "debate" now taking place in American
policy circles, as law enforcement reminds us that it will never be satisfied until
it can listen in on everything we say and read everything we create—in real time
and after the fact.
The spark for this latest tempest is Apple's announcement that iPhones will
henceforth be encrypted by default. Data on the device will be locked with a key that only the phone
user controls, not Apple. Meanwhile, Google's Android operating system—which, unlike Apple's iOS, has
offered this functionality for several years now as an option—will also make device encryption the
default setting in its next version.
Attorney General Eric Holder and FBI Director James Comey are leading the howdare-you chorus, with close harmony from the usual authoritarian acolytes. Their
goal can't only be to get Apple and Google to roll back this latest move, because as many people have pointed out, almost
all of what people keep on their phones is also stored in various corporate cloud computers that law enforcement can pry
open in a variety of ways, including a subpoena, secret order in alleged national security cases, or outright hacking.
No, the longer-range objective seems plain enough. This
is the launch of the latest, and most
alarming, attack on the idea of encryption itself—or at least encryption the government can't
easily crack. In particular, as the latest push to control crypto makes clear, law
enforcement wants so-called back doors into users' devices: technology that users
can't thwart, just in case the police want to get in.
Never mind that Congress has already said it doesn’t expect communications providers to provide such capabilities in
most cases. Here's relevant language from the law:
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to
decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the
carrier and the carrier possesses the information necessary to decrypt the communication.
What's discouraging to people who believe in digital security—that is, security for our
devices and our communications from criminals, business competitors, and
government spies who flout the Constitution, among others—is law enforcement's
disconnection from the reality that back doors increase vulnerability. University of
Pennsylvania researcher and security expert Matt Blaze put it this way: “Crypto
backdoors are dangerous even if you trust the government not to abuse them.
We simply don't know how to build them reliably.”
The hackers of the world—criminals, foreign governments, you name it—will be thrilled if
Holder, Comey and the no-privacy-for-you backup singers get their way.
The other, even worse, disconnect is the implicit notion that there is no measure
we shouldn’t take to guarantee our ability to stop and punish crime. The
Constitution, and especially the Bill of Rights, says we do take some additional risks in
order to have liberty. Why have we become so paranoid and fearful as a society
that we’d even entertain the notion that civil liberties mean next to nothing in the
face of our fear?
[Insert Impact Module(s) and Solvency Card(s)]
1AC — Long “Open Letter” Card
[If reading this impact, plug-in the relevant terminal impact cards.]
U.S. government attacks on encryption decimate cybersecurity, crush tech
industry competitiveness, and undermine global Internet freedom.
Open Letter 15 — An Open Letter to President Obama co-signed by 36 civil society organizations (including the
American Civil Liberties Union, Electronic Frontier Foundation, Electronic Privacy Information Center, and the Free
Software Foundation), 48 technology companies and trade associations (including Apple, Facebook, Google, Microsoft,
and Yahoo), and 58 security and policy experts (including Jacob Applebaum, Eric Burger, Joan Feigenbaum, and Bruce
Schneier), the full list of signatories is available upon request under the “FYI: Open Letter To Obama” header, 2015 (Open
Letter to Obama, May 19th, Available Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 1-2)
We the undersigned represent a wide variety of civil society organizations dedicated to
protecting civil liberties, human rights, and innovation online, as well as
technology companies, trade associations, and security and policy experts. We are
writing today to respond to recent statements by some Administration officials regarding the deployment
of strong encryption technology in the devices and services offered by the U.S. technology industry. Those officials
have suggested that American companies should refrain from providing any
products that are secured by encryption, unless those companies also weaken
their security in order to maintain the capability to decrypt their customers’ data
at the government’s request. Some officials have gone so far as to suggest that
Congress should act to ban such products or mandate such capabilities.
We urge you to reject any proposal that U.S. companies deliberately weaken the
security of their products. We request that the White House instead focus on
developing policies that will promote rather than undermine the wide adoption
of strong encryption technology. Such policies will in turn help to promote and
protect cybersecurity, economic growth, and human rights, both here and
abroad.
Strong encryption is the cornerstone of the modern information economy’s
security. Encryption protects billions of people every day against countless
threats—be they street criminals trying to steal our phones and laptops, computer criminals
trying to defraud us, corporate spies trying to obtain our companies’ most valuable trade secrets, repressive
governments trying to stifle dissent, or foreign intelligence agencies trying to compromise our and
our allies’ most sensitive national security secrets.
Encryption thereby protects us from innumerable criminal and national security
threats. This protection would be undermined by the mandatory insertion of any
new vulnerabilities into encrypted devices and services. Whether you call them “front doors”
or “back doors”, introducing intentional vulnerabilities into secure products for the
government’s use will make those products less secure against other attackers.
Every computer security expert that has spoken publicly on this issue agrees on
this point, including the government’s own experts.
In addition to undermining cybersecurity, any kind of vulnerability mandate would
also seriously undermine our economic security. U.S. companies are already
struggling to maintain international trust in the wake of revelations about the
National Security Agency’s surveillance programs. Introducing mandatory
vulnerabilities into American products would further push many customers—be
they domestic or international, [end page 1] individual or institutional—to turn away
from those compromised products and services. Instead, they—and many of the
bad actors whose behavior the government is hoping to impact—will simply rely
on encrypted offerings from foreign providers, or avail themselves of the wide
range of free and open source encryption products that are easily available
online.
More than undermining every American’s cybersecurity and the nation’s
economic security, introducing new vulnerabilities to weaken encrypted
products in the U.S. would also undermine human rights and information
security around the globe. If American companies maintain the ability to unlock
their customers’ data and devices on request, governments other than the United
States will demand the same access, and will also be emboldened to demand the
same capability from their native companies. The U.S. government, having
made the same demands, will have little room to object. The result will be an
information environment riddled with vulnerabilities that could be exploited by
even the most repressive or dangerous regimes. That’s not a future that the
American people or the people of the world deserve.
The Administration faces a critical choice: will it adopt policies that foster a
global digital ecosystem that is more secure, or less? That choice may well define
the future of the Internet in the 21st century. When faced with a similar choice at
the end of the last century, during the so-called “Crypto Wars”, U.S. policymakers
weighed many of the same concerns and arguments that have been raised in the current debate,
and correctly concluded that the serious costs of undermining encryption
technology outweighed the purported benefits. So too did the President’s Review
Group on Intelligence and Communications Technologies, who unanimously
recommended in their December 2013 report that the US Government should “(1) fully
support and not undermine efforts to create encryption standards; (2) not in any
way subvert, undermine, weaken, or make vulnerable generally available
commercial software; and (3) increase the use of encryption and urge US
companies to do so, in order to better protect data in transit, at rest, in the cloud,
and in other storage.”
We urge the Administration to follow the Review Group’s recommendation and
adopt policies that promote rather than undermine the widespread adoption of
strong encryption technologies, and by doing so help lead the way to a more
secure, prosperous, and rights-respecting future for America and for the world.
1AC — Short “Open Letter” Card
[If reading this impact, plug-in the relevant terminal impact cards.]
U.S. government attacks on encryption hurt cybersecurity, the economy, and
human rights.
Open Letter 15 — An Open Letter to President Obama co-signed by 36 civil society organizations (including the
American Civil Liberties Union, Electronic Frontier Foundation, Electronic Privacy Information Center, and the Free
Software Foundation), 48 technology companies and trade associations (including Apple, Facebook, Google, Microsoft,
and Yahoo), and 58 security and policy experts (including Jacob Applebaum, Eric Burger, Joan Feigenbaum, and Bruce
Schneier), the full list of signatories is available upon request under the “FYI: Open Letter To Obama” header, 2015 (Open
Letter to Obama, May 19th, Available Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 1)
We the undersigned represent a wide variety of civil society organizations dedicated to
protecting civil liberties, human rights, and innovation online, as well as
technology companies, trade associations, and security and policy experts. We are
writing today to respond to recent statements by some Administration officials regarding the deployment
of strong encryption technology in the devices and services offered by the U.S. technology industry. Those officials
have suggested that American companies should refrain from providing any
products that are secured by encryption, unless those companies also weaken
their security in order to maintain the capability to decrypt their customers’ data
at the government’s request. Some officials have gone so far as to suggest that
Congress should act to ban such products or mandate such capabilities.
We urge you to reject any proposal that U.S. companies deliberately weaken the
security of their products. We request that the White House instead focus on
developing policies that will promote rather than undermine the wide adoption
of strong encryption technology. Such policies will in turn help to promote and
protect cybersecurity, economic growth, and human rights, both here and
abroad.
1AC — Civil Liberties Module
[If reading this impact, plug-in appropriate terminal impacts — privacy,
journalism, bigotry, etc.]
Encryption is a fundamental human right. Without it, privacy and freedom of
speech are impossible.
O’Neill 14 — Patrick Howell O'Neill, Reporter who covers the future of the internet for The Daily Dot—the
“hometown newspaper of the internet,” 2014 (“Encryption shouldn’t just be an election issue—it should be a human
right,” Kernel Magazine, October 19th, Available Online at http://kernelmag.dailydot.com/issue-sections/staffeditorials/10587/encryption-human-right/#sthash.zpesaOpG.dpuf, Accessed 06-24-2015)
We are all born with certain inalienable rights. Now, the notion of free speech—core to the entire
idea of human rights—must be constantly re-examined in the face of a rapidly changing world where the most important
speech increasingly takes place on the Internet.
Free speech isn’t merely about the abstract idea of saying whatever you want. It’s the
freedom to speak, ask questions, and seek knowledge without anyone, hidden or
otherwise, looking over your shoulder. In the digital age, free speech is about being
able to use the Internet unmolested by the greedy eyes of corporations with
incentive to sell your personal data, hackers wanting to steal or destroy it, and
massive regimes collecting it all.
Everything a person does online is saved as data. The messages you send, the
websites you look at, the files you save are all data that can live on forever. The
only way to protect your most personal data—your location, credit card numbers, political
thoughts, medical queries, and everything else you do on a phone, tablet, or computer—from malicious spying
eyes is through encryption.
That’s why encryption should be considered a human right.
Modern encryption—at its core, really good mathematics that make it possible to protect your data so that no computer
can decrypt it without your go ahead—is legally protected by a 1995 American court decision that declared computer
code constitutionally protected free speech. But many of the world’s top cops continue to demonize encryption, saying it
will inevitably enable and immunize criminals on massive scales.
Criticisms of encryption coming from corners of power are louder now than
they’ve been in two decades. Earlier this week, James B. Comey, director of the Federal Bureau of
Investigation (FBI), said that law enforcement agencies should have access to encrypted communications, because “the
law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem.” He believes
Apple’s new smartphone encryption puts its users “beyond the law.”
What is bound to be one of the great political issues of this century is only now
beginning to enter the mainstream in a clear way. One day in the not-too-distant
future, cryptography will be an election issue. Prominent politicians will debate
louder than ever about privacy and secrecy while voters—even moms and dads—will
cast ballots with strong encryption on their minds.
That’s not to say the debate hasn’t already begun. The war over encryption is four decades old. It
dates back to the 1970s when a new invention called public key cryptography definitively broke the government’s
monopoly on secrets. All of sudden, using free software that utilized clever mathematics and powerful cryptography,
normal people were able to keep data private from even the most powerful states on the planet.
The war over encryption—most notably the so-called “crypto wars” of the 1990s—saw the American
government try to make strong encryption a military-grade weapon in the eyes
of the law. Opposed chiefly by the Electronic Frontier Foundation, courts declared
computer code to be free speech and said the government’s regulations were
unconstitutional.
Despite the landmark legal victory, the war over encryption has continued to this
day.
John J. Escalante, chief of detectives for the Chicago Police Department, has called
encryption mostly a tool of pedophiles—a claim that’s disingenuous and
misleading, if not outright dangerous. For one thing, many city and federal police
agents use encryption tools regularly, and encryption stymied a total of nine
police investigations last year. There are plenty of ways to investigate crimes
involving cryptography that don’t involve banning or curtailing it.
There’s no denying that these tools have some very ugly users. However, for the
few billion of us who want to keep our digital lives private from unwanted
eavesdroppers and hackers, being forcefully grouped in with terrorists and
pedophiles is a hard insult to stomach.
Encryption works to protect you—and everyone else—online. More than that, it’s the
best protection you have. There are simply no other options that can compare.
If, for some reason, you assume a hack will never happen to you, let me give you some
perspective on the current state of digital security. 2014 is known in information technology circles as
“the year of the breach” because it has boasted some of the biggest hacks in
history. 2013 had a nickname too: The year of the breach. Come to think of it, 2012 was
called something eerily similar: The year of the breach.
2011? You get the idea.
This isn’t merely one year of massive security breaches, it’s an era of profound digital
insecurity in which sensitive personal data—the information that can be put together to add up to a
startlingly complete picture of our lives and thoughts—is under attack by criminals, corporations,
and governments whose sophistication, budget, and drive is only growing.
Consider the following, put forth by Eben Moglen, a law professor at Columbia University, in 2010: “Facebook
holds and controls more data about the daily lives and social interactions of half
a billion people than 20th-century totalitarian governments ever managed to
collect about the people they surveilled.”
The Internet’s “architecture has also made it possible for businesses and
governments to fill giant data vaults with the ore of human existence—the
appetites, interests, longings, hopes, vanities, and histories of people surfing the
Internet, often unaware that every one of their clicks is being logged, bundled,
sorted, and sold to marketers,” the New York Times journalist Jim Dwyer wrote in his new book, More
Awesome Than Money. “Together, they amount to nothing less than a full psyche scan,
unobstructed by law or social mores.”
When people like Comey suggest that law enforcement should have a “back door” or
“golden key” that allows cops to easily access all encrypted communication, they
are willfully ignoring the reality shouted to them by the vast majority of the
information technology industry.
“You can’t build a ‘back door’ that only the good guys can walk through,”
cryptographer Bruce Schneier wrote recently. “Encryption protects against cybercriminals,
industrial competitors, the Chinese secret police, and the FBI. You’re either
vulnerable to eavesdropping by any of them, or you’re secure from
eavesdropping from all of them.”
When encryption becomes a campaign issue, that’s going to go on the bumper stickers: You either have real
privacy and security for everyone or for no one.
“The existing ‘back doors’ in network switches, mandated under U.S. laws such as CALEA, have
become the go-to weak-spot for cyberwar and industrial espionage,” author Cory
Doctorow wrote in the Guardian. “It was Google’s lawful interception backdoor that let the Chinese government raid the
Gmail account of dissidents. It was the lawful interception backdoor in Greece’s national telephone switches that let
someone—identity still unknown—listen in on the Greek Parliament and prime minister during a sensitive part of the
2005 Olympic bid (someone did the same thing the next year in Italy).”
If, like many Americans, you say you don’t mind if the U.S. government watches what
you do online, take a step back and consider the bigger picture.
The American government is not the only government—nevermind other
organizations—watching and hacking people on the Internet. China, Russia,
Iran, Israel, the U.K., and every other nation online decided long ago that
cyberspace is a militarized country. All the states with the necessary resources
are doing vast watching and hacking as well.
Encryption proved a crucial help to protesters during the Arab Spring. It helps
Iranian liberals push against their oppressive theocracy. From African free
speech activists to Chinese pro-democracy organizers to American cops
investigating organized crime, strong encryption saves lives, aids law
enforcement (ironic, huh?), protects careers, and helps build a more free and verdant
world. Journalists—citizen and professional alike—depend on encryption to keep
communications and sources private from the people and groups they report on,
making it essential to an independent and free press.
The right to privacy, the right to choose what parts of yourself are exposed to the world, was described over a century ago
by the U.S. Supreme Court and held up as an issue of prime importance last year by U.N. human rights chief Navi Pillay.
It’s something we all need to worry about.
Lacking good law, privacy is best defended by good technology. You cannot truly
talk about online privacy without talking about encryption. That’s why many of
the world’s biggest tech firms such as Google, Apple, and Yahoo are adding strong
encryption to some of their most popular products.
“There is only one way to make the citizens of the digital age secure, and that is
to give them systems designed to lock out everyone except their owners,” Doctorow
wrote. “The police have never had the power to listen in on every conversation, to
spy upon every interaction. No system that can only sustain itself by arrogating
these powers can possibly be called ‘just.’”
In the digital age, encryption is our only guarantee of privacy. Without it, the
ideal of free speech could be lost forever.
1AC — Cybersecurity Module
U.S. government attacks on encryption destroy cybersecurity.
Open Letter 15 — An Open Letter to President Obama co-signed by 36 civil society organizations (including the
American Civil Liberties Union, Electronic Frontier Foundation, Electronic Privacy Information Center, and the Free
Software Foundation), 48 technology companies and trade associations (including Apple, Facebook, Google, Microsoft,
and Yahoo), and 58 security and policy experts (including Jacob Applebaum, Eric Burger, Joan Feigenbaum, and Bruce
Schneier), the full list of signatories is available upon request under the “FYI: Open Letter To Obama” header, 2015 (Open
Letter to Obama, May 19th, Available Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 1)
Strong encryption is the cornerstone of the modern information economy’s
security. Encryption protects billions of people every day against countless
threats—be they street criminals trying to steal our phones and laptops, computer criminals
trying to defraud us, corporate spies trying to obtain our companies’ most valuable trade secrets, repressive
governments trying to stifle dissent, or foreign intelligence agencies trying to compromise our and
our allies’ most sensitive national security secrets.
Encryption thereby protects us from innumerable criminal and national security
threats. This protection would be undermined by the mandatory insertion of any
new vulnerabilities into encrypted devices and services. Whether you call them “front doors”
or “back doors”, introducing intentional vulnerabilities into secure products for the
government’s use will make those products less secure against other attackers.
Every computer security expert that has spoken publicly on this issue agrees on
this point, including the government’s own experts.
Cyber attacks are frequent and devastating. Every attack increases the risk of
existential catastrophe.
Nolan 15 — Andrew Nolan, Legislative Attorney at the Congressional Research Service, former Trial Attorney at the
United States Department of Justice, holds a J.D. from George Washington University, 2015 (“Cybersecurity and
Information Sharing: Legal Challenges and Solutions,” CRS Report to Congress, March 16th, Available Online at
http://fas.org/sgp/crs/intel/R43941.pdf, Accessed 07-05-2015, p. 1-3)
Introduction
Over the course of the last year, a host of cyberattacks1 have been perpetrated on a
number of high profile American companies. In January 2014, Target announced
that hackers, using malware,2 had digitally impersonated one of the retail giant’s
contractors,3 stealing vast amounts of data—including the names, mailing addresses, phone numbers
or email addresses for up to 70 million individuals and the credit card information of 40 million shoppers. 4
Cyberattacks in February and March of 2014 potentially exposed contact and login information of eBay’s customers, prompting the online retailer to ask its more than 200 million users
to change their passwords.5 In September, it was revealed that over the course of five
months cyber-criminals tried to steal the credit card information of more than
fifty million shoppers of the world’s largest home improvement retailer, Home Depot.6 One
month later, J.P. Morgan Chase, the largest U.S. bank by assets, disclosed that
contact information for about 76 million households was captured in a
cyberattack earlier in the year.7 In perhaps the most infamous cyberattack of 2014, in
late November, Sony Pictures Entertainment suffered a “significant system disruption”
as a result of a “brazen cyber attack”8 that resulted in the leaking of the personal
details of thousands of Sony employees.9 And in February of 2015, the health care
provider Anthem Blue Cross Blue Shield [end page 1] disclosed that a “very
sophisticated attack” obtained personal information relating to the company’s
customers and employees.10
The high profile cyberattacks of 2014 and early 2015 appear to be indicative of a
broader trend: the frequency and ferocity of cyberattacks are increasing,11
posing grave threats to the national interests of the United States. Indeed, the attacks
on Target, eBay, Home Depot, J.P. Morgan-Chase, Sony Pictures, and Anthem
were only a few of the many publicly disclosed cyberattacks perpetrated in 2014 and 2105.12
Experts suggest that hundreds of thousands of other entities may have suffered
similar incidents during the same period,13 with one survey indicating that 43% of
firms in the United States had experienced a data breach in the past year.14 Moreover,
just as the cyberattacks of 2013—which included incidents involving companies
like the New York Times, Facebook, Twitter, Apple, and Microsoft15—were
eclipsed by those that occurred in 2014,16 the consensus view is that 2015 and
beyond will witness more frequent and more sophisticated cyber incidents.17 To
the extent that its expected rise outpaces any corresponding rise in the ability to
defend against such attacks, the result could be troubling news for countless
businesses that rely more and more on computers in all aspects of their
operations, as the economic losses resulting from a single cyberattack can be
extremely costly.18 And the resulting effects of a cyberattack can have effects
beyond a single company’s bottom line. As “nations are becoming ever more
dependent on information and information technology,”19 the threat posed by
any one cyberattack [end page 2] can have “devastating collateral and cascading
effects across a wide range of physical, economic and social systems.”20 With
reports that foreign nations—such as Russia, China, Iran, and North Korea—may
be using cyberspace as a new front to wage war,21 fears abound that a cyberattack
could be used to shut down the nation’s electrical grid,22 hijack a commercial
airliner,23 or even launch a nuclear weapon with a single keystroke.24 In short,
the potential exists that the United States could suffer a “cyber Pearl Harbor,” an
attack that would “cause physical destruction and loss of life”25 and expose—in the
words of one prominent cybersecurity expert—“vulnerabilities of staggering proportions.”26
Cybersecurity outweighs terrorism.
CSM 14 — Christian Science Monitor, 2014 (“Feds hacked: Is cybersecurity a bigger threat than terrorism?,” Byline
Harry Bruinius, November 10th, Available Online at http://www.csmonitor.com/USA/2014/1110/Feds-hacked-Iscybersecurity-a-bigger-threat-than-terrorism-video, Accessed 07-06-2015)
While the terrestrial fears of terrorism and Ebola have dominated headlines, American
leaders are fretting about what may be even more serious virtual threats to the
nation’s security.
This year, hundreds of millions of private records have been exposed in an
unprecedented number of cyberattacks on both US businesses and the federal
government.
On Monday, just as President Obama arrived in Beijing to being a week-long summit with regional leaders, Chinese
hackers are suspected to have breached the computer networks of the US Postal Service, leaving the personal data of
more than 800,00 employees and customers compromised, The Washington Post reports.
The data breach, which began as far back as January and lasted through mid-August, potentially exposed 500,000 postal
employees’ most sensitive personal information, including names, dates of birth, and Social Security numbers, the Postal
Service said in a statement Monday. The data of customers who used the Postal Service’s call center from January to
August may have also been exposed.
"The FBI is working with the United States Postal Service to determine the nature and scope of this incident," the federal
law enforcement agency said in a statement Monday. Neither the FBI nor the Postal Service, however, confirmed it was
the work of Chinese hackers.
The breach did not expose customer payment or credit card information, the Postal Service said, but hackers did gain
access to its computer networks at least as far back as January. The FBI informed the Postal Service of the hack in midSeptember.
“It is an unfortunate fact of life these days that every
organization connected to the Internet is a
constant target for cyber intrusion activity,” said Postmaster General Patrick Donahoe in a statement.
“The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the
compromised data and we are taking steps to help our employees protect against any potential misuse of their data.”
But the reported breach comes as both
intelligence officials and cybersecurity experts say
computer hackers now pose a greater threat to national security than terrorists.
Since 2006, cyber-intruders have gained access to the private data of nearly 90 million people in federal networks, the
Associated Press reported in a major investigation published Monday.
Hackers have also accessed 255 million customer records in retail networks during this time, 212 million customer records
in financial and insurance industry servers, as well as 13 million records of those in educational institutions, the AP
reported.
“The
increasing number of cyber-attacks in both the public and private sectors is
unprecedented and poses a clear and present danger to our nation’s security,”
wrote Rep. Elijah Cummings (D) of Maryland, ranking member of the House Committee on Oversight and Government
Reform, in a letter to Postmaster General Donahoe on Monday.
Only strong encryption can preserve cybersecurity.
Kehl et al. 15 — Danielle Kehl, Senior Policy Analyst at the Open Technology Institute at the New America
Foundation, holds a B.A. in History from Yale University, with Andi Wilson, Policy Program Associate at the Open
Technology Institute at the New America Foundation, holds a Master of Global Affairs degree from the Munk School at
the University of Toronto, and Kevin Bankston, Policy Director at the Open Technology Institute at the New America
Foundation, former Senior Counsel and Director of the Free Expression Project at the Center for Democracy &
Technology, former Senior Staff Attorney at the Electronic Frontier Foundation, former Justice William Brennan First
Amendment Fellow at the American Civil Liberties Union, holds a J.D. from the University of Southern California Law
School, 2015 (“Doomed To Repeat History? Lessons From The Crypto Wars of the 1990s,” Report by the Open Technology
Institute at the New America Foundation, June, Available Online at https://static.newamerica.org/attachments/3407-125/Lessons%20From%20the%20Crypto%20Wars%20of%20the%201990s.882d6156dc194187a5fa51b14d55234f.pdf,
Accessed 07-06-2015, p. 19)
Strong Encryption Has Become A Bedrock Technology That Protects The
Security Of The Internet
The evolution of the ecosystem for encrypted communications has also enhanced the
protection of individual communications and improved cybersecurity. Today,
strong encryption is an essential ingredient in the overall security of the modern
network, and adopting technologies like HTTPS is increasingly considered an industry best-practice among major
technology companies.177 Even the report of the President’s Review Group on
Intelligence and Communications Technologies, the panel of experts appointed
by President Barack Obama to review the NSA’s surveillance activities after the 2013 Snowden
leaks, was unequivocal in its emphasis on the importance of strong encryption to
protect data in transit and at rest. The Review Group wrote that:
Encryption is an essential basis for trust on the Internet; without such
trust, valuable communications would not be possible. For the entire
system to work, encryption software itself must be trustworthy. Users of
encryption must be confident, and justifiably confident, that only those people
they designate can decrypt their data…. Indeed, in light of the massive
increase in cyber-crime and intellectual property theft on-line, the use of
encryption should be greatly expanded to protect not only data in transit,
but also data at rest on networks, in storage, and in the cloud.178
The report further recommended that the U.S. government should:
Promote security[] by (1) fully supporting and not undermining efforts to
create encryption standards; (2) making clear that it will not in any way
subvert, undermine, weaken, or make vulnerable generally available
commercial encryption; and (3) supporting efforts to encourage the greater
use of encryption technology for data in transit, at rest, in the cloud, and
in storage.179
1AC — Tech Competitiveness Module
U.S. government attacks on encryption destroy tech industry competitiveness.
Open Letter 15 — An Open Letter to President Obama co-signed by 36 civil society organizations (including the
American Civil Liberties Union, Electronic Frontier Foundation, Electronic Privacy Information Center, and the Free
Software Foundation), 48 technology companies and trade associations (including Apple, Facebook, Google, Microsoft,
and Yahoo), and 58 security and policy experts (including Jacob Applebaum, Eric Burger, Joan Feigenbaum, and Bruce
Schneier), the full list of signatories is available upon request under the “FYI: Open Letter To Obama” header, 2015 (Open
Letter to Obama, May 19th, Available Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 1-2)
In addition to undermining cybersecurity, any kind of vulnerability mandate would
also seriously undermine our economic security. U.S. companies are already
struggling to maintain international trust in the wake of revelations about the
National Security Agency’s surveillance programs. Introducing mandatory
vulnerabilities into American products would further push many customers—be
they domestic or international, [end page 1] individual or institutional—to turn away
from those compromised products and services. Instead, they—and many of the
bad actors whose behavior the government is hoping to impact—will simply rely
on encrypted offerings from foreign providers, or avail themselves of the wide
range of free and open source encryption products that are easily available
online.
Only the plan can restore tech competitiveness. Federal action is needed.
Castro and McQuinn 15 — Daniel Castro, Vice President of the Information Technology and Innovation
Foundation—a nonprofit, non-partisan technology think tank, former IT Analyst at the Government Accountability
Office, holds an M.S. in Information Security Technology and Management from Carnegie Mellon University and a B.S. in
Foreign Service from Georgetown University, and Alan McQuinn, Research Assistant with the Information Technology
and Innovation Foundation, holds a B.S. in Political Communications and Public Relations from the University of TexasAustin, 2015 (“Beyond the USA Freedom Act: How U.S. Surveillance Still Subverts U.S. Competitiveness,” Report by the
Information Technology & Innovation Foundation, June, Available Online at http://www2.itif.org/2015-beyond-usafreedom-act.pdf?_ga=1.61741228.1234666382.1434075923, Accessed 07-05-2015, p. 7)
Conclusion
When historians write about this period in U.S. history it could very well be that one
of the themes will be how the United States lost its global technology leadership to
other nations. And clearly one of the factors they would point to is the long-standing
privileging of U.S. national security interests over U.S. industrial and commercial
interests when it comes to U.S. foreign policy.
This has occurred over the last few years as the U.S. government has done
relatively little to address the rising commercial challenge to U.S. technology
companies, all the while putting intelligence gathering first and foremost. Indeed,
policy decisions by the U.S. intelligence community have reverberated
throughout the global economy. If the U.S. tech industry is to remain the leader
in the global marketplace, then the U.S. government will need to set a new course
that balances economic interests with national security interests. The cost of
inaction is not only short-term economic losses for U.S. companies, but a wave of
protectionist policies that will systematically weaken U.S. technology
competiveness in years to come, with impacts on economic growth, jobs, trade
balance, and national security through a weakened industrial base. Only by
taking decisive steps to reform its digital surveillance activities will the U.S.
government enable its tech industry to effectively compete in the global market.
1AC — Internet Freedom Module
U.S. government attacks undermine global Internet freedom. The plan is key
to bolster U.S. credibility.
Open Letter 15 — An Open Letter to President Obama co-signed by 36 civil society organizations (including the
American Civil Liberties Union, Electronic Frontier Foundation, Electronic Privacy Information Center, and the Free
Software Foundation), 48 technology companies and trade associations (including Apple, Facebook, Google, Microsoft,
and Yahoo), and 58 security and policy experts (including Jacob Applebaum, Eric Burger, Joan Feigenbaum, and Bruce
Schneier), the full list of signatories is available upon request under the “FYI: Open Letter To Obama” header, 2015 (Open
Letter to Obama, May 19th, Available Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 2)
More than undermining every American’s cybersecurity and the nation’s
economic security, introducing new vulnerabilities to weaken encrypted
products in the U.S. would also undermine human rights and information
security around the globe. If American companies maintain the ability to unlock
their customers’ data and devices on request, governments other than the United
States will demand the same access, and will also be emboldened to demand the
same capability from their native companies. The U.S. government, having
made the same demands, will have little room to object. The result will be an
information environment riddled with vulnerabilities that could be exploited by
even the most repressive or dangerous regimes. That’s not a future that the
American people or the people of the world deserve.
Independently, weakening encryption makes global authoritarianism easier.
Sanchez 14 — Julian Sanchez, Senior Fellow specializing in technology, privacy, and civil liberties at the Cato
Institute, former Washington Editor for Ars Technica, holds a B.A. in Philosophy and Political Science from New York
University, 2014 (“Old Technopanic in New iBottles,” Cato at Liberty—a Cato Institute blog, September 23rd, Available
Online at http://www.cato.org/blog/old-technopanic-new-ibottles, Accessed 06-29-2015)
Second, and at the risk of belaboring the obvious, there
are lots of governments out there that no
freedom-loving person would classify as “the good guys.” Let’s pretend—for the sake
of argument, and despite everything the experts tell us—that somehow it were possible to design a
backdoor that would open for Apple or Google without being exploitable by hackers
and criminals. Even then, it would be awfully myopic to forget that our own
government is not the only one that would predictably come to these companies
with legal demands. Yahoo, for instance, was roundly denounced by American legislators
for coughing up data the Chinese government used to convict poet and dissident Shi
Tao, released just last year after nearly a decade in prison. Authoritarian governments, of course, will
do their best to prevent truly secure digital technologies from entering their
countries, but they’ll be hard pressed to do so when secure devices are being
mass-produced for western markets. An iPhone that Apple can’t unlock when
American cops come knocking for good reasons is also an iPhone they can’t
unlock when the Chinese government comes knocking for bad ones. A backdoor
mandate, by contrast, makes life easy for oppressive regimes by guaranteeing that
consumer devices are exploitable by default—presenting U.S. companies with a presence in those
countries with a horrific choice between enabling repression and endangering their foreign employees.
Case Backlines
They Say: “Freedom Act Solves”
The Freedom Act wasn’t enough.
Castro and McQuinn 15 — Daniel Castro, Vice President of the Information Technology and Innovation
Foundation—a nonprofit, non-partisan technology think tank, former IT Analyst at the Government Accountability
Office, holds an M.S. in Information Security Technology and Management from Carnegie Mellon University and a B.S. in
Foreign Service from Georgetown University, and Alan McQuinn, Research Assistant with the Information Technology
and Innovation Foundation, holds a B.S. in Political Communications and Public Relations from the University of TexasAustin, 2015 (“Beyond the USA Freedom Act: How U.S. Surveillance Still Subverts U.S. Competitiveness,” Report by the
Information Technology & Innovation Foundation, June, Available Online at http://www2.itif.org/2015-beyond-usafreedom-act.pdf?_ga=1.61741228.1234666382.1434075923, Accessed 07-05-2015, p. 1)
Almost two
years ago, ITIF described how revelations about pervasive digital
surveillance by the U.S. intelligence community could severely harm the
competitiveness of the United States if foreign customers turned away from U.S.made technology and services.1 Since then, U.S. policymakers have failed to take
sufficient action to address these surveillance concerns; in some cases, they have
even fanned the flames of discontent by championing weak information security
practices.2 In addition, other countries have used anger over U.S. government
surveillance as a cover for implementing a new wave of protectionist policies
specifically targeting information technology. The combined result is a set of
policies both at home and abroad that sacrifices robust competitiveness of the
U.S. tech sector for vague and unconvincing promises of improved national
security.
ITIF estimated in 2013 that even a modest drop in the expected foreign market
share for cloud computing stemming from concerns about U.S. surveillance
could cost the United States between $21.5 billion and $35 billion by 2016.3 Since then, it has
become clear that the U.S. tech industry as a whole, not just the cloud
computing sector, has underperformed as a result of the Snowden revelations.
Therefore, the economic impact of U.S. surveillance practices will likely far
exceed ITIF’s initial $35 billion estimate. This report catalogues a wide range of
specific examples of the economic harm that has been done to U.S. businesses. In
short, foreign customers are shunning U.S. companies. The policy implication of
this is clear: Now that Congress has reformed how the National Security Agency (NSA)
collects bulk domestic phone records and allowed private firms—rather than the
government—to collect and store approved data, it is time to address other
controversial digital surveillance activities by the U.S. intelligence community.4
They Say: “Companies Solve”
Government action is needed — companies can’t do it alone.
Kehl et al. 14 — Danielle Kehl, Senior Policy Analyst at the Open Technology Institute at the New America
Foundation, holds a B.A. in History from Yale University, with Kevin Bankston, Policy Director at the Open Technology
Institute at the New America Foundation, former Senior Counsel and Director of the Free Expression Project at the Center
for Democracy & Technology, former Senior Staff Attorney at the Electronic Frontier Foundation, former Justice William
Brennan First Amendment Fellow at the American Civil Liberties Union, holds a J.D. from the University of Southern
California Law School, Robyn Greene, Policy Counsel specializing in surveillance and cybersecurity at the Open
Technology Institute at the New America Foundation, holds a J.D. from Hofstra University School of Law, and Robert
Morgus, Program Associate with the Cybersecurity Initiative and International Security Program at the New America
Foundation, 2014 (“Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity,” Report by
the Open Technology Institute of the New America Foundation, July, Available Online at
https://static.newamerica.org/attachments/184-surveillance-costs-the-nsas-impact-on-the-economy-internet-freedomand-cybersecurity/Surveilance_Costs_Final.pdf, Accessed 07-05-2015, p. 13)
It is abundantly clear that the NSA
surveillance programs are currently having a serious,
negative impact on the U.S. economy and threatening the future competitiveness
of American technology companies. Not only are U.S. companies losing overseas
sales and getting dropped from contracts with foreign companies and
governments—they are also watching their competitive advantage in fastgrowing industries like cloud computing and webhosting disappear, opening
the door for foreign companies who claim to offer “more secure” alternative
products to poach their business. Industry efforts to increase transparency and
accountability as well as concrete steps to promote better security by adopting
encryption and other best practices are positive signs, but U.S. companies cannot
solve this problem alone. “It’s not blowing over,” said Microsoft General
Counsel Brad Smith at a recent conference. “In June of 2014, it is clear it is getting worse, not
better.”98 Without meaningful government reform and better oversight, concerns
about the breadth of NSA surveillance could lead to permanent shifts in the
global technology market and do lasting damage to the U.S. economy.
They Say: “Alt Causes To Tech Industry”
The plan restores trust in U.S. companies by prohibiting attacks on encryption.
Kehl et al. 14 — Danielle Kehl, Senior Policy Analyst at the Open Technology Institute at the New America
Foundation, holds a B.A. in History from Yale University, with Kevin Bankston, Policy Director at the Open Technology
Institute at the New America Foundation, former Senior Counsel and Director of the Free Expression Project at the Center
for Democracy & Technology, former Senior Staff Attorney at the Electronic Frontier Foundation, former Justice William
Brennan First Amendment Fellow at the American Civil Liberties Union, holds a J.D. from the University of Southern
California Law School, Robyn Greene, Policy Counsel specializing in surveillance and cybersecurity at the Open
Technology Institute at the New America Foundation, holds a J.D. from Hofstra University School of Law, and Robert
Morgus, Program Associate with the Cybersecurity Initiative and International Security Program at the New America
Foundation, 2014 (“Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity,” Report by
the Open Technology Institute of the New America Foundation, July, Available Online at
https://static.newamerica.org/attachments/184-surveillance-costs-the-nsas-impact-on-the-economy-internet-freedomand-cybersecurity/Surveilance_Costs_Final.pdf, Accessed 07-05-2015, p. 40-41)
The U.S. government should not require or request that new surveillance
capabilities or security vulnerabilities be built into communications technologies
and services, even if these are intended only to facilitate lawful surveillance.
There is a great deal of evidence that backdoors fundamentally weaken the
security of hardware and software, regardless of whether only the NSA
purportedly knows about said vulnerabilities, as some of the documents suggest. A policy
statement from the Internet Engineering Task Force in 2000 emphasized that “adding a requirement for wiretapping will
make affected protocol designs considerably more complex. Experience has shown that complexity almost inevitably
jeopardizes the security of communications.”355 More recently, a May 2013 paper from the Center for Democracy and
Technology on the risks of wiretap modifications to endpoints concludes that “deployment of an intercept capability in...
communications services, systems and applications poses serious security risks.”356 The authors add that “on balance
mandating that endpoint software vendors build intercept functionality into their products will be much more costly to
personal, economic and governmental security overall than the risks associated with not being able to wiretap all
communications.”357 While NSA programs such as SIGINT Enabling—much like proposals from domestic
law enforcement agencies to update the Communications Assistance for Law Enforcement Act (CALEA) to require digital
wiretapping capabilities in modern Internet-based communications services358—may
aim to [end page 40]
promote national security and law enforcement by ensuring that federal agencies
have the ability to intercept Internet communications, they do so at a huge cost
to online security overall.
Because of the associated security risks, the U.S. government should not mandate
or request the creation of surveillance backdoors in products, whether through
legislation, court order, or the leveraging industry relationships to convince
companies to voluntarily insert vulnerabilities. As Bellovin et al. explain, complying with
these types of requirements would also hinder innovation and impose a “tax” on
software development in addition to creating a whole new class of
vulnerabilities in hardware and software that undermines the overall security
of the products.359 An amendment offered to the NDAA for Fiscal Year 2015 (H.R. 4435) by Representatives Zoe
Lofgren (D-CA) and Rush Holt (D-NJ) would have prohibited inserting these kinds of vulnerabilities outright.360 The
Lofgren-Holt proposal aimed to prevent “the funding of any intelligence agency,
intelligence program, or intelligence related activity that mandates or requests
that a device manufacturer, software developer, or standards organization build
in a backdoor to circumvent the encryption or privacy protections of its products,
unless there is statutory authority to make such a mandate or request.”361 Although that measure was not adopted as
part of the NDAA, a similar amendment sponsored by Lofgren along with Representatives Jim Sensenbrenner (D-WI) and
Thomas Massie (R-KY), did make it into the House-approved version of the NDAA—with the support of Internet
companies and privacy organizations362—passing on an overwhelming vote of 293 to 123.363 Like Representative
Grayson’s amendment on NSA’s consultations with NIST around encryption, it remains to be seen whether this
amendment will end up in the final appropriations bill that the President signs. Nonetheless, these legislative
efforts are a heartening sign and are consistent with recommendations from the
President’s Review Group that the U.S. government should not attempt to
deliberately weaken the security of commercial encryption products. Such
mandated vulnerabilities, whether required under statute or by court order or
inserted simply by request, unduly threaten innovation in secure Internet
technologies while introducing security flaws that may be exploited by a variety
of bad actors. A clear policy against such vulnerability mandates is necessary to
restore international trust in U.S. companies and technologies.
The plan restores confidence in the U.S. tech industry.
Sensenbrenner et al. 15 — Jim Sensenbrenner, Member of the United States House of Representatives (R-WI),
with Thomas Massie, Member of the United States House of Representatives (R-KY), and Zoe Lofgren, Member of the
United States House of Representatives (D-CA), 2015 (“Sensenbrenner, Massie & Lofgren Introduce Secure Data Act,”
Press Release, February 4th, Available Online at
https://lofgren.house.gov/news/documentsingle.aspx?DocumentID=397873, Accessed 06-30-2015)
These "backdoors" can also be detrimental to American jobs. Other countries buy
less American hardware and software and favor their domestic suppliers in
order to avoid compromised American products.
The Secure Data Act fixes this by prohibiting any agency from requesting or
compelling backdoors in services and products to assist with electronic
surveillance.
They Say: “Other Threats To Privacy”
Encryption is the lynchpin of freedom of opinion and expression. Without it,
intellectual privacy is impossible.
Fulton quoting Kaye 15 — Deirdre Fulton, Staff Writer for Common Dreams, quoting David Kaye, UN Special
Rapporteur and author of a report about encryption released by the United Nations Office of the High Commissioner for
Human Rights, 2015 (“No Backdoors: Online 'Zone of Privacy' is a Basic Human Right,” Common Dreams, May 29th,
Available Online at http://www.commondreams.org/news/2015/05/29/no-backdoors-online-zone-privacy-basichuman-right, Accessed 06-29-2015)
Encryption and anonymity tools, which help protect individuals' private data and
communications, are essential to basic human rights, according to a report released
Friday by the United Nations Office of the High Commissioner for Human Rights.
Issued while U.S. lawmakers are engaged in heated debates over online privacy, data collection, and so-called 'back-door'
surveillance methods, the
document recommends holding proposed limits on
encryption and anonymity to a strict standard: "If they interfere with the right to
hold opinions, restrictions must not be adopted."
The report, written by UN Special Rapporteur David Kaye, is based on questionnaire responses submitted by 16
countries, opinions submitted by 30 non-government stakeholders, and statements made at a meeting of experts in
Geneva in March.
The document reads, in part: "Encryption and anonymity, today’s leading vehicles for online
security, provide individuals with a means to protect their privacy, empowering
them to browse, read, develop and share opinions and information without
interference and enabling journalists, civil society organizations, members of
ethnic or religious groups, those persecuted because of their sexual orientation or
gender identity, activists, scholars, artists and others to exercise the rights to
freedom of opinion and expression."
Kaye makes specific mention of tech tools such as Tor, a free software that directs Internet
traffic through a free, worldwide, volunteer network consisting of more than 6,000 servers to conceal users' location and
usage from anyone conducting online surveillance.
Such tools, the report continues, "create a zone of privacy to protect opinion and belief.
The ability to search the web, develop ideas and communicate securely may be
the only way in which many can explore basic aspects of identity, such as one’s
gender, religion, ethnicity, national origin or sexuality."
Among its many recommendations for states and corporations, the document advises that
governments "avoid all measures that weaken the security that individuals may
enjoy online."
It cites "broadly intrusive measures" such as the back-doors that tech companies
build into their products in order to facilitate law enforcement access to
encrypted content. In the U.S., FBI Director James Comey and NSA chief Adm. Michael Rogers have both
expressed support for backdoors and other restrictions on encryption.
The problem with all of those approaches is that they "inject a basic vulnerability
into secure systems," Kaye told the Washington Post. "It results in insecurity for everyone
even if intended to be for criminal law enforcement purposes."
FYI: Open Letter To Obama
Civil society organizations that signed the Open Letter to Obama include:
Access
Advocacy for Principled Action in Government
American-Arab Anti-Discrimination Committee (ADC)
American Civil Liberties Union
American Library Association
Benetech
Bill of Rights Defense Committee
Center for Democracy & Technology
Committee to Protect Journalists
The Constitution Project
Constitutional Alliance
Council on American-Islamic Relations
Demand Progress
Defending Dissent Foundation
DownsizeDC.org, Inc.
Electronic Frontier Foundation
Electronic Privacy Information Center (EPIC)
Engine
Fight for the Future
Free Press
Free Software Foundation
Freedom of the Press Foundation
GNOME Foundation
Human Rights Watch
The Media Consortium
New America's Open Technology Institute
Niskanen Center
Open Source Initiative
PEN American Center
Project Censored/Media Freedom Foundation
R Street
Reporters Committee for Freedom of the Press
TechFreedom
The Tor Project
U.S. Public Policy Council of Association for Computing Machinery World Privacy Forum
X-Lab
Companies and trade associations that signed the Open Letter to Obama
include:
ACT | The App Association
Adobe
Apple Inc.
The Application Developers Alliance
Automattic
Blockstream
Cisco Systems
Coinbase
Cloud Linux Inc.
CloudFlare
Computer & Communications Industry Association
Consumer Electronics Association (CEA)
Context Relevant
The Copia Institute
CREDO Mobile
Data Foundry
Dropbox
Evernote
Facebook
Gandi.net
Golden Frog
Google
HackerOne
Hackers/Founders
Hewlett-Packard Company
Internet Archive
Internet Association
Internet Infrastructure Coalition (i2Coalition)
Level 3 Communications
LinkedIn
Microsoft
Misk.com
Mozilla
Open Spectrum Inc.
Rackspace
Rapid7
Reform Government Surveillance
Sonic
ServInt
Silent Circle
Slack Technologies, Inc.
Symantec
Tech Assets Inc.
TechNet
Tumblr
Twitter
Wikimedia Foundation
Yahoo
Security and policy experts that signed the Open Letter to Obama include:
Hal Abelson, Professor of Computer Science and Engineering, Massachusetts Institute of Technology
Ben Adida, VP Engineering, Clever Inc.
Jacob Appelbaum, The Tor Project
Adam Back, PhD, Inventor, HashCash, Co-Founder & President, Blockstream
Alvaro Bedoya, Executive Director, Center on Privacy & Technology at Georgetown Law
Brian Behlendorf, Open Source software pioneer
Steven M. Bellovin, Percy K. and Vida L.W. Hudson Professor of Computer Science, Columbia University
Matt Bishop, Professor of Computer Science, University of California at Davis
Matthew Blaze, Director, Distributed Systems Laboratory, University of Pennsylvania
Dan Boneh, Professor of Computer Science and Electrical Engineering at Stanford University
Eric Burger, Research Professor of Computer Science and Director, Security and Software Engineering Research Center
(Georgetown), Georgetown University
Jon Callas, CTO, Silent Circle
L. Jean Camp, Professor of Informatics, Indiana University
Richard A. Clarke, Chairman, Good Harbor Security Risk Management
Gabriella Coleman, Wolfe Chair in Scientific and Technological Literacy, McGill University
Whitfield Diffie, Dr. sc. techn., Center for International Security and Cooperation, Stanford University
David Evans, Professor of Computer Science, University of Virginia
David J. Farber, Alfred Filter Moore Professor Emeritus of Telecommunications, University of Pennsylvania
Dan Farmer, Security Consultant and Researcher, Vicious Fishes Consulting
Rik Farrow, Internet Security
Joan Feigenbaum, Department Chair and Grace Murray Hopper Professor of Computer Science, Yale University
Richard Forno, Jr. Affiliate Scholar, Stanford Law School Center for Internet and Society
Alex Fowler, Co-Founder & SVP, Blockstream
Jim Fruchterman, Founder and CEO, Benetech
Daniel Kahn Gillmor, ACLU Staff Technologist
Robert Graham, creator of BlackICE, sidejacking, and masscan
Jennifer Stisa Granick, Director of Civil Liberties, Stanford Center for Internet and Society
Matthew D. Green, Assistant Research Professor, Johns Hopkins University Information Security Institute
Robert Hansen, Vice President of Labs at WhiteHat Security
Lance Hoffman, Director, George Washington University, Cyber Security Policy and Research Institute
Marcia Hofmann, Law Office of Marcia Hofmann
Nadim Kobeissi, PhD Researcher, INRIA
Joseph Lorenzo Hall, Chief Technologist, Center for Democracy & Technology
Nadia Heninger, Assistant Professor, Department of Computer and Information Science, University of Pennsylvania
David S. Isenberg, Producer, Freedom 2 Connect
Douglas W. Jones, Department of Computer Science, University of Iowa
Susan Landau, Worcester Polytechnic Institute
Gordon Fyodor Lyon, Founder, Nmap Security Scanner Project
Aaron Massey, Postdoctoral Fellow, School of Interactive Computing, Georgia Institute of Technology
Jonathan Mayer, Graduate Fellow, Stanford University
Jeff Moss, Founder, DEF CON and Black Hat security conferences
Peter G. Neumann, Senior Principal Scientist, SRI International Computer Science Lab, Moderator of the ACM Risks
Forum
Ken Pfeil, former CISO at Pioneer Investments
Ronald L. Rivest, Vannevar Bush Professor, Massachusetts Institute of Technology
Paul Rosenzweig, Professorial Lecturer in Law, George Washington University School of Law
Jeffrey I. Schiller, Area Director for Security, Internet Engineering Task Force (1994-2003), Massachusetts Institute of
Technology
Bruce Schneier, Fellow, Berkman Center for Internet and Society, Harvard Law School
Micah Sherr, Assistant Professor of Computer Science, Georgetown University
Adam Shostack, author, “Threat Modeling: Designing for Security”
Eugene H. Spafford, CERIAS Executive Director, Purdue University
Alex Stamos, CISO, Yahoo
Geoffrey R. Stone, Edward H. Levi Distinguished Service Professor of Law, The University of Chicago
Peter Swire, Huang Professor of Law and Ethics, Scheller College of Business, Georgia Institute of Technology
C. Thomas (Space Rogue), Security Strategist, Tenable Network Security
Dan S. Wallach, Professor, Department of Computer Science and Rice Scholar, Baker Institute of Public Policy
Nicholas Weaver, Researcher, International Computer Science Institute
Chris Wysopal, Co-Founder and CTO, Veracode, Inc.
Philip Zimmermann, Chief Scientist and Co-Founder, Silent Circle
CPs
CISA CP
CISA doesn’t solve cybersecurity.
Greenberg 15 — Andy Greenberg, Senior Writer at Wired covering security, privacy, information freedom, and
hacker culture, 2015 (“CISA Security Bill: An F for Security But an A+ for Spying,” Wired, March 20th, Available Online at
http://www.wired.com/2015/03/cisa-security-bill-gets-f-security-spying/, Accessed 07-06-2015)
More False Warnings Than Real Threats
For those who value security over privacy, CISA’s surveillance compromises might seem acceptable. But questions
persist about whether CISA would even do much to improve security. Robert
Graham, a security researcher and an early inventor of intrusion prevention systems, says CISA
will lead to sharing of more false positives than real threat information. Skilled
hackers, he says, know how to evade intrusion prevention systems, intrusion
detection systems, firewalls, and antivirus software. Meanwhile, most data alerts
from systems shared under CISA will be false alarms. “If we had seen the
information from the Sony hackers ahead of time, we still wouldn’t have been
able to pick it out from the other information we were getting,” Graham says, in reference
to the epic hack of Sony Pictures Entertainment late last year. “The reality is that even if you have the
information ahead of time, you really can’t pick the needle from the haystack.”
Graham points to the more informal information sharing that already occurs in
the private sector thanks to companies that manage the security large client
bases. “Companies like IBM and Dell SecureWorks already have massive
‘cybersecurity information sharing’ systems where they hoover up large
quantities of threat information from their customers,” Graham wrote in a blog post
Wednesday. “This rarely allows them to prevent attacks as the CISA bill promises. In
other words, we’ve tried the CISA experiment, and we know it doesn’t really work.”
In his statement excoriating CISA last week, Senator Ron Wyden—the only member of the
intelligence committee to vote against the bill—agreed. He wrote that CISA not only lacks privacy protections,
but that “it will have a limited impact on US cybersecurity.”
But Wyden went further than calling CISA ineffective. Citing its privacy loopholes, he questioned the
fundamental intention of the legislation as it’s currently written. “If information-sharing legislation
does not include adequate privacy protections then that’s not a cybersecurity bill,” he wrote. “ It’s a surveillance
bill by another name.”
CISA is a net-negative for cybersecurity.
Granick 15 — Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society, former
Civil Liberties Director at the Electronic Frontier Foundation, holds a J.D. from the University of California Hastings
College of the Law, 2015 (“Sloppy Cyber Threat Sharing Is Surveillance by Another Name,” Just Security, June 29th,
Available Online at http://justsecurity.org/24261/sloppy-cyber-threat-sharing-surveillance/, Accessed 07-07-2015)
Normally, your email provider wouldn’t be allowed to give this information over without your consent or a search
warrant. But that could soon change. The
Senate may soon make another attempt at passing the
Cybersecurity Information Sharing Act, a bill that would waive privacy laws in the name of
cybersecurity. In April, the US House of Representatives passed by strong majorities two similar “cyber threat”
information sharing bills. These bills grant companies immunity for giving DHS information about network attacks,
attackers, and online crimes.
Sharing information about security vulnerabilities is a good idea. Shared vulnerability
data empowers other system operators to check and see if they, too, have been attacked, and also to guard against being
similarly attacked in the future. I’ve spent most of my career fighting for researchers’ rights to share this kind of
information against threats from companies that didn’t want their customers to know their products were flawed.
But, these bills gut legal protections against government fishing expeditions
exactly at a time when individuals and Internet companies need privacy laws to
get stronger, not weaker.
Worse, the bills aren’t needed. Private companies share threat data with each other,
and even with the government, all the time. The threat data that security
professionals use to protect networks from future attacks is a far more narrow
category of information than those included in the bills being considered by
Congress, and will only rarely contain private information.
And none of the recent cyberattacks — not Sony, not Target, and not the devastating grab
of sensitive background check interviews on government employees at the Office of Personnel Management —
would have been mitigated by these bills.
None of this has stopped private companies from crowing about their need for corporate immunity, but it should stop
Congress from giving it to them. We
don’t need to pass laws gutting privacy rights to save
cybersecurity.
These bills aren’t needed and aren’t designed to encourage sharing the right
kind of information. These are surveillance bills masquerading as security bills.
Instead of removing (non-existent) barriers to sharing — and undermining American privacy in the process — Congress
should consider how to make sharing worthwhile. I’ve been told by many entities, corporate and academic, that they
don’t share with the government because the government doesn’t share back. Silicon Valley engineers have wondered
aloud what value DHS has to offer in their efforts to secure their employer’s services. It’s not like DHS is setting a great
security example for anyone to follow. OPM’s Inspector General warned the government about security problems that,
left unaddressed, led to the OPM breach.
And there’s a very serious trust issue. We recently learned that the NSA is sitting on the domestic Internet backbone,
searching for foreign cyberthreats, helping the FBI and thinking about how to get authority to scan more widely. You can
see the lifecycle now. Vulnerable company reports a threat to DHS, NSA programs its computers to search for that threat,
vulnerable company’s proprietary data gets sucked in by FBI. Any company has to think at least twice about sharing how
they are vulnerable with a government that hoards security vulnerabilities and exploits them to conduct massive
surveillance.
Cybersecurity is a serious problem, but it’s not going to get better with Congress doing
whatever it politically can instead of doing what it should. It’s not going to get better by neutering the few
privacy protections we have. Good security is supposed to keep your
information safe. But these laws will make your private emails and information
vulnerable. Lawmakers have got to start listening to experts, and experts are saying the same
thing. Don’t just do something, do the right thing. And if you can’t do the right
thing, then don’t do anything at all.
Terrorism/Crime DA
They Say: “Statistics/Anecdotes”
Empirically, strong encryption doesn’t foil law enforcement. Their evidence is
baseless fearmongering.
Schneier 14 — Bruce Schneier, Chief Technology Officer for Counterpane Internet Security, Fellow at the Berkman
Center for Internet and Society at Harvard Law School, Program Fellow at the New America Foundation's Open
Technology Institute, Board Member of the Electronic Frontier Foundation, Advisory Board Member of the Electronic
Privacy Information Center, 2014 (“Stop the hysteria over Apple encryption,” CNN, October 31st, Available Online at
http://www.cnn.com/2014/10/03/opinion/schneier-apple-encryption-hysteria/index.html, Accessed 06-29-2015)
Last week Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's
encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.
From now on, all the phone's data is protected. It can no longer be accessed by criminals, governments, or rogue
employees. Access to it can no longer be demanded by totalitarian governments. A user's iPhone data is now more secure.
To hear U.S. law enforcement respond, you'd think Apple's move heralded an
unstoppable crime wave. See, the FBI had been using that vulnerability to get into peoples' iPhones. In the
words of cyberlaw professor Orin Kerr, "How is the public interest served by a policy that only thwarts lawful search
warrants?"
Ah, but that's the thing: You
can't build a "back door" that only the good guys can walk
through. Encryption protects against cybercriminals, industrial competitors, the
Chinese secret police and the FBI. You're either vulnerable to eavesdropping by
any of them, or you're secure from eavesdropping from all of them.
Back-door access built for the good guys is routinely used by the bad guys. In 2005,
some unknown group surreptitiously used the lawful-intercept capabilities built into the Greek cell phone system. The
same thing happened in Italy in 2006.
In 2010, Chinese hackers subverted an intercept system Google had put into Gmail to comply with U.S. government
surveillance requests. Back doors in our cell phone system are currently being exploited by the FBI and unknown others.
This doesn't stop the FBI and Justice Department from pumping up the fear.
Attorney General Eric Holder threatened us with kidnappers and sexual predators.
The former head of the FBI's criminal investigative division went even further,
conjuring up kidnappers who are also sexual predators. And, of course, terrorists.
FBI Director James Comey claimed that Apple's move allows people to place themselves beyond the law" and also
invoked that now overworked "child kidnapper." John J. Escalante, chief of detectives for the Chicago police department
now holds the title of most hysterical: "Apple will become the phone of choice for the pedophile."
It's all bluster. Of the 3,576 major offenses for which warrants were granted for
communications interception in 2013, exactly one involved kidnapping. And, more
importantly, there's no evidence that encryption hampers criminal investigations in
any serious way. In 2013, encryption foiled the police nine times, up from four
in 2012 – and the investigations proceeded in some other way.
This is why the FBI's scare stories tend to wither after public scrutiny. A former
FBI assistant director wrote about a kidnapped man who would never have been
found without the ability of the FBI to decrypt an iPhone, only to retract the
point hours later because it wasn't true.
We've seen this game before. During the crypto wars of the 1990s, FBI Director Louis
Freeh and others would repeatedly use the example of mobster John Gotti to illustrate
why the ability to tap telephones was so vital. But the Gotti evidence was
collected using a room bug, not a telephone tap. And those same scary criminal
tropes were trotted out then, too. Back then we called them the Four Horsemen
of the Infocalypse: pedophiles, kidnappers, drug dealers, and terrorists. Nothing
has changed.
Law enforcement can still get a warrant — no link.
Cohn et al. 14 — Cindy Cohn, Executive Director and former Legal Director and General Counsel of the Electronic
Frontier Foundation, holds a J.D. from the University of Michigan Law School, with Jeremy Gillula, Staff Technologist at
the Electronic Frontier Foundation, holds a Ph.D. in Computer Science from Stanford University, and Seth Schoen, Senior
Staff Technologist at the Electronic Frontier Foundation, 2014 (“What Default Phone Encryption Really Means For Law
Enforcement,” Vice News, October 8th, Available Online at https://news.vice.com/article/what-default-phoneencryption-really-means-for-law-enforcement, Accessed 07-05-2015)
The common misconception among the hysteria is that this decision will put vital
evidence outside the reach of law enforcement. But nothing in this encryption change
will stop law enforcement from seeking a warrant for the contents of a phone,
just as they seek warrants for the contents of a laptop or desktop computer.
Whether or not a person can be required to unlock the device is a complicated
question — intertwined with the right of due process and the right to avoid selfincrimination — that ought to be carefully considered by a court in the context of
each individual situation.
Strong encryption decreases crime.
Kehl et al. 15 — Danielle Kehl, Senior Policy Analyst at the Open Technology Institute at the New America
Foundation, holds a B.A. in History from Yale University, with Andi Wilson, Policy Program Associate at the Open
Technology Institute at the New America Foundation, holds a Master of Global Affairs degree from the Munk School at
the University of Toronto, and Kevin Bankston, Policy Director at the Open Technology Institute at the New America
Foundation, former Senior Counsel and Director of the Free Expression Project at the Center for Democracy &
Technology, former Senior Staff Attorney at the Electronic Frontier Foundation, former Justice William Brennan First
Amendment Fellow at the American Civil Liberties Union, holds a J.D. from the University of Southern California Law
School, 2015 (“Doomed To Repeat History? Lessons From The Crypto Wars of the 1990s,” Report by the Open Technology
Institute at the New America Foundation, June, Available Online at https://static.newamerica.org/attachments/3407-125/Lessons%20From%20the%20Crypto%20Wars%20of%20the%201990s.882d6156dc194187a5fa51b14d55234f.pdf,
Accessed 07-06-2015, p. 19)
Moreover, there
is now a significant body of evidence that, as Bob Goodlatte argued back in
1997, “Strong encryption prevents crime.”180 This has become particularly true as
smartphones and other personal devices that store vast amount of user data have
risen in popularity over the past decade. Encryption can stop or mitigate the
damage from crimes like identity theft and fraud targeted at smartphone users.181
They Say: “Going Dark”
No “going dark” link — it is just rhetoric.
Kerry 14 — Cameron F. Kerry, Distinguished Fellow in Governance Studies at the Center for Technology Innovation
at the Brookings Institution, former Visiting Scholar with the MIT Media Lab, former General Counsel and Acting
Secretary of the United States Department of Commerce, holds a J.D. from Boston College Law School, 2014 (“The Law
Needs To Keep Up With Technology But Not At The Expense Of Civil Liberties,” Forbes, November 6th, Available Online
at http://www.forbes.com/sites/realspin/2014/11/06/the-law-needs-to-keep-up-with-technology-but-not-at-theexpense-of-civil-liberties/2/, Accessed 07-05-2015)
“Going dark” makes a good sound bite. But the neat phrase ignores the
fundamental reality that law enforcement and intelligence agencies have been
“going bright.” The digital era provides troves of evidence that never existed
before. IBM has estimated that 90% of the data in the world has been created in
the last two to three years and EMC projects this volume will increase sevenfoldfold by 2020. This vast flood of information—emails, surveillance and traffic
cameras, transactions, mobile phone location data, and many other sources—
provides law enforcement with digital trails everywhere all the time. Expanded
use of encryption may obscure a portion of such data, but that still leaves
exabytes of information from which to seek evidence.
Fears that encryption will cause agencies to “go dark” are wrong and explained
by loss aversion and the endowment effect.
Swire and Ahmad 11 — Peter Swire, C. William O’Neill Professor of Law at the Moritz College of Law of the
Ohio State University, served as the Chief Counselor for Privacy in the Office of Management and Budget during the
Clinton Administration, holds a J.D. from Yale Law School, and Kenesa Ahmad, Legal and Policy Associate with the
Future of Privacy Forum, holds a J.D. from the Moritz College of Law of the Ohio State University, 2011 (“‘Going Dark’
Versus a ‘Golden Age for Surveillance’,” Center for Democracy & Technology, November 28th, Available Online at
https://cdt.org/blog/%E2%80%98going-dark%E2%80%99-versus-a-%E2%80%98golden-age-forsurveillance%E2%80%99/, Accessed 06-24-2015)
What explains the agencies’ sense of loss when the use of wiretaps has expanded,
encryption has not been an important obstacle, and agencies have gained new
location, contact, and other information? One answer comes from behavioral economics
and psychology, which has drawn academic attention to concepts such as “loss
aversion” and the “endowment effect.” “Loss aversion” refers to the tendency to
prefer avoiding losses to acquiring gains of similar value. This concept also helps
explain the “endowment effect” – the theory that people place higher value on
goods they own versus comparable goods they do not own. Applied to
surveillance, the idea is that agencies feel the loss of one technique more than
they feel an equal-sized gain from other techniques. Whether based on the
language of behavioral economics or simply on common sense, we are familiar
with the human tendency to “pocket our gains” – assume we deserve the good
things that come our way, but complain about the bad things, even if the good
things are more important.
A simple test can help the reader decide between the “going dark” and “golden age
of surveillance” hypotheses. Suppose the agencies had a choice of a 1990-era
package or a 2011-era package. The first package would include the wiretap
authorities as they existed pre-encryption, but would lack the new techniques for
location tracking, confederate identification, access to multiple databases, and
data mining. The second package would match current capabilities: some
encryption-related obstacles, but increased use of wiretaps, as well as the
capabilities for location tracking, confederate tracking and data mining. The
second package is clearly superior – the new surveillance tools assist a vast range
of investigations, whereas wiretaps apply only to a small subset of key
investigations. The new tools are used far more frequently and provide granular
data to assist investigators.
Conclusion
This post casts new light on government agency claims that we are “going dark.” Due
to changing
technology, there are indeed specific ways that law enforcement and national
security agencies lose specific previous capabilities. These specific losses,
however, are more than offset by massive gains. Public debates should
recognize that we are truly in a golden age of surveillance. By understanding
that, we can reject calls for bad encryption policy. More generally, we should
critically assess a wide range of proposals, and build a more secure computing
and communications infrastructure.
Encryption won’t make law enforcement “go dark.” We’re in a Golden Age of
Surveillance.
Sanchez 14 — Julian Sanchez, Senior Fellow specializing in technology, privacy, and civil liberties at the Cato
Institute, former Washington Editor for Ars Technica, holds a B.A. in Philosophy and Political Science from New York
University, 2014 (“Old Technopanic in New iBottles,” Cato at Liberty—a Cato Institute blog, September 23rd, Available
Online at http://www.cato.org/blog/old-technopanic-new-ibottles, Accessed 06-29-2015)
Fourth and finally, we
should step back and maintain a little perspective about the supposedly
dire position of 21st century law enforcement. In his latest post in the Apple series, Kerr
invokes his influential “equilibrium adjustment theory” of Fourth Amendment law.
The upshot of Kerr’s theory, radically oversimplified, is that technological changes over time can confer advantages on
both police investigators and criminals seeking to avoid surveillance, and the law adjusts over time to preserve a balance
between the ability of citizens to protect their privacy and the ability of law enforcement to invade it with sufficiently
good reason. As I hope some of my arguments above illustrate, technology
does not necessarily
provide us with easy Goldilocks policy options: Sometimes there is just no good
way to preserve capabilities to which police have grown accustomed without
imposing radical restrictions on technologies used lawfully by millions of
people—restrictions which are likely to as prove futile in the long run as they are
costly. But this hardly means that evolving technology is bad for law
enforcement on net.
On the contrary, even if we focus narrowly on the iPhone, it seems clear that what Apple taketh away
from police with one hand, it giveth with the other: The company’s ecosystem
considered as a whole provides a vast treasure trove of data for police even if
that trove does not include backdoor access to physical devices. The ordinary,
unsophisticated criminal may be more able to protect locally stored files than he was a decade ago, but in a thousand
other ways, he can expect to be far more minutely tracked in both his online and offline activities. An encrypted text
messaging system may be worse from the perspective of police than an unencrypted one, but it is it really any worse than
a system of pay phones that allow criminals to communicate without leaving any record for police to sift through after the
fact? Meanwhile activities
that would once have left no permanent trace by default—
from looking up information to moving around in the physical world to making
a purchase—now leave a trail of digital breadcrumbs that would have sounded
like a utopian fantasy to an FBI agent in the 1960s. Law enforcement may moan
that they are “going dark” when some particular innovation makes their jobs
more difficult (while improving the security of law-abiding people’s private data), but when we
consider the bigger picture, it is far easier to agree with the experts who have
dubbed our era the Golden Age of Surveillance. Year after year, technology opens a thousand
new windows to our government monitors. If we aim to preserve an “equilibrium” between government power and
citizen privacy, we should accept that it will occasionally close one as well.
Encryption won’t jeopardize law enforcement.
Schneier 14 — Bruce Schneier, Chief Technology Officer for Counterpane Internet Security, Fellow at the Berkman
Center for Internet and Society at Harvard Law School, Program Fellow at the New America Foundation's Open
Technology Institute, Board Member of the Electronic Frontier Foundation, Advisory Board Member of the Electronic
Privacy Information Center, 2014 (“Stop the hysteria over Apple encryption,” CNN, October 31st, Available Online at
http://www.cnn.com/2014/10/03/opinion/schneier-apple-encryption-hysteria/index.html, Accessed 06-29-2015)
As for law enforcement? The recent
decades have given them an unprecedented ability to
put us under surveillance and access our data. Our cell phones provide them with a
detailed history of our movements. Our call records, email history, buddy lists,
and Facebook pages tell them who we associate with. The hundreds of
companies that track us on the Internet tell them what we're thinking about.
Ubiquitous cameras capture our faces everywhere. And most of us back up our
iPhone data on iCloud, which the FBI can still get a warrant for. It truly is the
golden age of surveillance.
After considering the issue, Orin Kerr rethought his position, looking at this in terms of a technological-legal trade-off. I
think he's right.
Given everything that has made it easier for governments and others to intrude
on our private lives, we need both technological security and legal restrictions to
restore the traditional balance between government access and our
security/privacy. More companies should follow Apple's lead and make encryption the easy-to-use default. And
let's wait for some actual evidence of harm before we acquiesce to police
demands for reduced security.
They Say: “Golden Key”
Backdoors necessarily make systems insecure and increase the risk of crime.
Sanchez 14 — Julian Sanchez, Senior Fellow specializing in technology, privacy, and civil liberties at the Cato
Institute, former Washington Editor for Ars Technica, holds a B.A. in Philosophy and Political Science from New York
University, 2014 (“Old Technopanic in New iBottles,” Cato at Liberty—a Cato Institute blog, September 23rd, Available
Online at http://www.cato.org/blog/old-technopanic-new-ibottles, Accessed 06-29-2015)
First, as Kerr belatedly acknowledges in a follow-up post, there
are excellent security reasons not to
mandate backdoors. Indeed, had he looked to the original Crypto Wars of the 90s, he would have seen that this
was one of the primary reasons similar schemes were almost uniformly rejected by technologists and security experts.
More or less by definition, a backdoor for law enforcement is a deliberately
introduced security vulnerability, a form of architected breach: It requires a
system to be designed to permit access to a user’s data against the user’s wishes,
and such a system is necessarily less secure than one designed without such a
feature. As computer scientist Matthew Green explains in a recent Slate column (and, with several
eminent colleagues, in a longer 2013 paper) it is damn near impossible to create a security
vulnerability that can only be exploited by “the good guys.” Activist Eva Galperin puts the
point pithily: “Once you build a back door, you rarely get to decide who walks
through it.” Even if your noble intention is only to make criminals more
vulnerable to police, the unavoidable cost of doing so in practice is making the
overwhelming majority of law-abiding users more vulnerable to criminals.
It is impossible to build a “law enforcement only” backdoor. Attacks on
encryption make crime easier, not harder.
Cohn 14 — Cindy Cohn, Executive Director and former Legal Director and General Counsel of the Electronic Frontier
Foundation, holds a J.D. from the University of Michigan Law School, 2014 (“EFF Response to FBI Director Comey's
Speech on Encryption,” Electronic Frontier Foundation, October 17th, Available Online at
https://www.eff.org/deeplinks/2014/10/eff-response-fbi-director-comeys-speech-encryption, Accessed 06-24-2015)
FBI Director James Comey
gave a speech yesterday reiterating the FBI's nearly twenty-yearold talking points about why it wants to reduce the security in your devices,
rather than help you increase it. Here's EFF's response:
The FBI should not be in the business of trying to convince companies to offer
less security to their customers. It should be doing just the opposite. But that's
what Comey is proposing—undoing a clear legal protection we fought hard for in the 1990s.1 The law
specifically ensures that a company is not required to essentially become an
agent of the FBI rather than serving your security and privacy interests. Congress
rightly decided that companies (and free and open source projects and anyone else
building our tools) should be allowed to provide us with the tools to lock our digital
information up just as strongly as we can lock up our physical goods. That's
what Comey wants to undo.
It's telling that his remarks echo so closely the arguments of that era. Compare them, for example, with this comment
from former FBI Director Louis Freeh in May of 1995, now nearly twenty years ago:
[W]e're in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want
to make sure we have a trap door and key under some judge's authority where we can get there if somebody is
planning a crime.
Now just as then, the
FBI is trying to convince the world that some fantasy version of
security is possible—where "good guys" can have a back door or extra key to
your home but bad guys could never use it. Anyone with even a rudimentary
understanding of security can tell you that's just not true. So the "debate" Comey
calls for is phony, and we suspect he knows it. Instead, Comey wants everybody to have
weak security, so that when the FBI decides somebody is a "bad guy," it has no
problem collecting personal data.
That's bad science, it's bad law, it's bad for companies serving a global
marketplace that may not think the FBI is always a "good guy," and it's bad for
every person who wants to be sure that their data is as protected as possible—
whether from ordinary criminals hacking into their email provider, rogue
governments tracking them for politically organizing, or competing companies
looking for their trade secrets.
Perhaps Comey's speech is saber rattling. Maybe it's an attempt to persuade the American people that we've undertaken
significant reforms in light of the Snowden revelations—the U.S. government has not—and that it's time for the
"pendulum" to swing back. Or maybe by putting this issue in play, the FBI may hope to draw our eyes away from, say, its
attempt to water down the National Security Letter reform that Congress is considering. It's difficult to tell.
But if
the FBI gets its way and convinces Congress to change the law, or even if it
convinces companies like Apple that make our tools and hold our data to weaken the security they offer to us, we'll
all end up less secure and enjoying less privacy. Or as the Fourth Amendment puts it: we'll be be
less "secure in our papers and effects."
For more on EFF's coverage of the "new" Crypto Wars, read this article focusing on the security issues we wrote last week
in Vice. And going back even earlier, a broader update to a piece we wrote in 2010, which itself was was based on our
fights in the 90s. If the FBI wants to try to resurrect this old debate, EFF will be in strong opposition, just as we were 20
years ago. That's because—just like 20 years ago—the
Internet needs more, not less, strong
encryption.
The President’s Review Group votes aff.
Open Letter 15 — An Open Letter to President Obama co-signed by 36 civil society organizations (including the
American Civil Liberties Union, Electronic Frontier Foundation, Electronic Privacy Information Center, and the Free
Software Foundation), 48 technology companies and trade associations (including Apple, Facebook, Google, Microsoft,
and Yahoo), and 58 security and policy experts (including Jacob Applebaum, Eric Burger, Joan Feigenbaum, and Bruce
Schneier), the full list of signatories is available upon request under the “FYI: Open Letter To Obama” header, 2015 (Open
Letter to Obama, May 19th, Available Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 2)
The Administration faces a critical choice: will it adopt policies that foster a
global digital ecosystem that is more secure, or less? That choice may well define
the future of the Internet in the 21st century. When faced with a similar choice at
the end of the last century, during the so-called “Crypto Wars”, U.S. policymakers
weighed many of the same concerns and arguments that have been raised in the current debate,
and correctly concluded that the serious costs of undermining encryption
technology outweighed the purported benefits. So too did the President’s Review
Group on Intelligence and Communications Technologies, who unanimously
recommended in their December 2013 report that the US Government should “(1) fully
support and not undermine efforts to create encryption standards; (2) not in any
way subvert, undermine, weaken, or make vulnerable generally available
commercial software; and (3) increase the use of encryption and urge US
companies to do so, in order to better protect data in transit, at rest, in the cloud,
and in other storage.”
We urge the Administration to follow the Review Group’s recommendation and
adopt policies that promote rather than undermine the widespread adoption of
strong encryption technologies, and by doing so help lead the way to a more
secure, prosperous, and rights-respecting future for America and for the world.
They Say: “Above The Law”
No “above the law” link — bad argument.
Masnick 14 — Mike Masnick, Founder and Chief Executive Officer of Floor64—a software company, Founder and
Editor of Techdirt, 2014 (“FBI Director Angry At Homebuilders For Putting Up Walls That Hide Any Crimes Therein,”
Techdirt, September 26th, Available Online at https://www.techdirt.com/articles/20140925/17303928647/fbi-directorangry-homebuilders-putting-up-walls-that-hide-any-crimes-therein.shtml, Accessed 07-05-2015)
On Thursday, FBI boss James Comey
displayed not only a weak understanding of privacy
and encryption, but also what the phrase "above the law" means, in slamming Apple and
Google for making encryption a default:
"I am a huge believer in the rule of law, but I am also a believer that no one in this country is above the law,"
Comey told reporters at FBI headquarters in Washington. "What concerns me about this is companies
marketing something expressly to allow people to place themselves above the law."
[....]
"There will come a day -- well it comes every day in this business -- when it will matter a great, great deal to the
lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper's or a
terrorist or a criminal's device. I just want to make sure we have a good conversation in this country before that
day comes. I'd hate to have people look at me and say, 'Well how come you can't save this kid,' 'how come you
can't do this thing.'"
First of all, nothing in what either Apple
or Google is doing puts anyone "above the law."
It just says that those companies are better protecting the privacy of their users.
There are lots of things that make law enforcement's job harder that also better
protect everyone's privacy. That includes walls. If only there were no walls, it
would be much easier to spot crimes being committed. And I'm sure some crimes
happen behind walls that make it difficult for the FBI to track down what
happened. But we don't see James Comey claiming that homebuilders are allowing
people to be "above the law" by building houses with walls.
"I get that the post-Snowden world has started an understandable pendulum swing," he said. "What I'm worried about is,
this is an indication to us as a country and as a people that, boy, maybe that pendulum swung too far."
Wait, what? The
"pendulum" hasn't swung at all. To date, there has been no legal
change in the surveillance laws post-Snowden. The pendulum is just as far over
towards the extreme surveillance state as it has been since Snowden first came on
the scene. This isn't the pendulum "swinging too far." It's not even the pendulum
swinging. This is just Apple and Google making a tiny shift to better protect
privacy.
As Christopher Soghoian points out, why isn't Comey screaming about the manufacturers of
paper shredders, which similarly allow their customers to hide papers from
"lawful surveillance?"
They Say: “Only For Criminals”
Not “only for criminals” — ridiculous argument.
Masnick 14 — Mike Masnick, Founder and Chief Executive Officer of Floor64—a software company, Founder and
Editor of Techdirt, 2014 (“FBI Director Angry At Homebuilders For Putting Up Walls That Hide Any Crimes Therein,”
Techdirt, September 26th, Available Online at https://www.techdirt.com/articles/20140925/17303928647/fbi-directorangry-homebuilders-putting-up-walls-that-hide-any-crimes-therein.shtml, Accessed 07-05-2015)
But, of course, the freaking out continues. Over in the Washington Post, there's this bit of insanity:
“Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for
Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple
phone.”
Um. No. That's just ridiculous. Frankly, if pedophiles are even thinking about encryption, it's likely that they already are
using one of the many encryption products already on the market. And, again, this demonizing
of
encryption as if it's only a tool of pedophiles and criminals is just ridiculous.
Regular everyday people use encryption every single day. You're using it if you visit this
very website. And it's increasingly becoming the standard, because that's just good
security.
They Say: “Terrorism/ISIS”
No, encryption isn’t needed to stop ISIS. But it is vital to U.S. cybersecurity.
Landau 15 — Susan Landau, Professor of Cybersecurity Policy in the Department of Social Science and Policy
Studies at Worcester Polytechnic Institute, serves on the Computer Science Telecommunications Board of the National
Research Council, former Senior Staff Privacy Analyst at Google, former Distinguished Engineer at Sun Microsystems,
former faculty member at the University of Massachusetts at Amherst and at Wesleyan University, has held visiting
positions at Harvard, Cornell, Yale, and the Mathematical Sciences Research Institute, holds a Ph.D. in Mathematics from
the Massachusetts Institute of Technology, 2015 (“Director Comey and the Real Threats,” Lawfare, July 3rd, Available
Online at http://www.lawfareblog.com/director-comey-and-real-threats, Accessed 07-06-2015)
Conflation obscures issues. That's what's happening now with FBI Director Comey's
arguments regarding ISIS, Going Dark, and device encryption. On Wednesday, Ben,
quoting the director, discussed how the changes resulting from ISIS means we ought to reexamine the whole encryption
issue. "Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-toend encryption," Comey said. "This is the 'going dark' problem in high definition."
Nope. Comey is looking at the right issue but in the wrong way. The
possibility of ISIS attacks on US
soil is very frightening. But as the New York Times reports, though the organization
inspires lone wolf terrorists, it doesn't organize them to conduct their nefarious
acts.
Encryption is not the difficulty in determining who the attackers might be and
where their intentions lie. But encryption is important in combating our most
serious national security concerns. I've quoted William Lynn here before, but the point he made is
directly relevant, and it bears repeating. The Deputy Director of Defense wrote, "the threat to intellectual
property is less dramatic than the threat to critical national infrastructure, [but] it
may be the most significant cyberthreat that the United States will face over the long
term."
The way you protect against such threats is communications and computer
security everywhere. This translates to end-to-end encryption for
communications, securing communications devices, etc. This is why, for example, NSA has
supported technological efforts to secure devices, communications, and networks in the private sector.
Thoughts of an armed thug wielding a machete or shooting a semiautomatic rifle
at a Fourth of July parade or picnic are terrifying. But one thing we expect out of
government officials is rational thought and a sense of priorities. Tackling ISIS
domestically is difficult, but there is no evidence that being able to listen to
communications would have helped prevent the attacks on Charlie Hebdo, in
Tunisia, or other ISIS-inspired efforts. Meanwhile there is plenty of evidence that
securing our communications and devices would have prevented the breaches at
Anthem, OPM, and elsewhere. The latter are serious long-term national security
threats.
Securing the US means more than protecting against a knife-wielding fanatic; it
includes securing the economy and developing the infrastructure that protects
against long-term threats. We expect our leaders to prioritize, putting resources
to the most important threats and making the choices that genuinely secure our
nation. Director Comey's comments mixing ISIS with discussions about
communications security and encryption do not rise to that level.
They Say: “Cyrus Vance”
Vance is wrong.
O’Connor 14 — Nuala O’Connor, President and Chief Executive of the Center for Democracy & Technology,
former Global Privacy Leader at General Electric, former Vice President of Compliance & Consumer Trust and Associate
General Counsel for Data & Privacy Protection at Amazon.com, former Deputy Director of the Office of Policy & Strategic
Planning, Chief Privacy Officer, and Chief Counsel for Technology at the United States Department of Commerce, former
Chief Privacy Officer at the Department of Homeland Security, holds a J.D. from Georgetown University Law Center,
2014 (“Apple and Google are helping to protect our privacy,” Letter To The Editor — Washington Post, October 2nd,
Available Online at http://www.washingtonpost.com/opinions/apple-and-google-are-helping-to-protect-ourprivacy/2014/10/02/ea35524a-4824-11e4-a4bf-794ab74e90f0_story.html, Accessed 07-05-2015)
When law enforcement officials ask technology companies to make technology
less secure in the name of public safety, they are asking for weakened privacy
protections that leave citizens open to hacking and fraud.
In his Sept. 28 Sunday Opinion piece, “Can you catch me now? Good,” Cyrus R. Vance Jr., the district attorney of
Manhattan, argued that Apple and Google are preventing law enforcement from
obtaining critical evidence stored on smartphones as a result of the companies’ new encryptionby-default approach. This is not true. Law enforcement, with a warrant, can access
phone backups stored on a hard drive or in the “cloud.” Law enforcement also
can access with a warrant any data stored by a company on behalf of a user.
Further, a court can order a person to unlock his or her phone.
People are aware of threats to privacy and personal information stored
electronically, including from unscrupulous hackers and thieves and invasive
government surveillance. We should encourage stronger device security to
reduce crime, rather than support weaker standards that open people to outside
attacks.
Apple and Google deserve kudos for stepping up to better secure and protect our
personal communications and privacy.
They Say: “Ronald Hosko”
Hosko is wrong.
Lee 14 — Timothy B. Lee, Senior Editor covering technology at Vox, previously covered technology policy for the
Washington Post and Ars Technica, former Adjunct Scholar at the Cato Institute, holds a Master’s in Computer Science from
Princeton University, 2014 (“The government says iPhone encryption helps criminals. They're wrong.,” Vox, September
29th, Available Online at https://www.vox.com/2014/9/29/6854679/iphone-encryption-james-comey-governmentbackdoor, Accessed 07-05-2015)
Comey suggested that law enforcement access to the contents of smartphones would be
essential to savings lives in terrorism and kidnapping cases. But his speech was short
on specific examples where encryption actually thwarted — or would have thwarted — a
major police investigation.
Last week, former FBI official Ronald Hosko wrote an op-ed in the Washington Post offering a
concrete example of a case where smartphone encryption would have thwarted a law
enforcement investigation and cost lives. "Had this technology been in place," Hosko wrote, "we
wouldn’t have been able to quickly identify which phone lines to tap. That delay would have cost us our victim his life."
There's just one problem: Hosko was wrong. In the case he cited, the police had
not used information gleaned from a seized smartphone. Instead, they used
wiretaps and telephone calling records — methods that would have been
unaffected by Apple's new encryption feature. The Washington Post was forced
to issue a correction.
Indeed, while law enforcement groups love to complain about ways that encryption
and other technologies have made their jobs harder, technology has also provided the
police with vast new troves of information to draw upon in their investigations. With the assistance
of cell phone providers, law enforcement can obtain detailed records of a suspect's every move. And consumers
increasingly use cloud-computing services that store emails, photographs, and other private information on servers where
they can be sought by investigators.
So while smartphone encryption could make police investigations a bit more
difficult, the broader trend has been in the other direction: there are more and
more ways for law enforcement to gain information about suspects. There's no
reason to think smartphone encryption will be a serious impediment to solving
crimes.
They Say: “Washington Post”
The Washington Post is wrong.
Cohn et al. 14 — Cindy Cohn, Executive Director and former Legal Director and General Counsel of the Electronic
Frontier Foundation, holds a J.D. from the University of Michigan Law School, with Jeremy Gillula, Staff Technologist at
the Electronic Frontier Foundation, holds a Ph.D. in Computer Science from Stanford University, and Seth Schoen, Senior
Staff Technologist at the Electronic Frontier Foundation, 2014 (“What Default Phone Encryption Really Means For Law
Enforcement,” Vice News, October 8th, Available Online at https://news.vice.com/article/what-default-phoneencryption-really-means-for-law-enforcement, Accessed 07-05-2015)
Unfortunately, that hasn't stopped law enforcement from twisting the nature of the Apple and Google announcements in
order to convince the public that default encryption on mobile devices will bring about a doomsday scenario of criminals
using "technological fortresses" to hide from the law. And sadly, some people seem to be buying this propaganda. Last
week, the
Washington Post published an editorial calling for Apple and Google to use "their
wizardry" to "invent a kind of secure golden key they would retain and use only when a court has
approved a search warrant."
While the Post's Editorial Board may think technologists can bend cryptography
to their every whim, it isn't so. Cryptography is about math, and math is made
up of fundamental laws that nobody, not even the geniuses at Apple and Google, can break.
One of those laws is that any key, even a golden one, can be stolen by ne'er-dowells. Simply put, there is no such thing as a key that only law enforcement can use
— any key creates a new backdoor that becomes a target for criminals, industrial
spies, or foreign adversaries.
The “Golden Key” is impossible.
Poulsen 14 — Kevin Poulsen, Senior Editor at Wired, former hacker who developed SecureDrop, 2014 (“Apple’s
iPhone Encryption Is a Godsend, Even if Cops Hate It,” Wired, October 8th, Available Online at
http://www.wired.com/2014/10/golden-key/, Accessed 07-05-2015)
However it got there, Apple has come to the right place. It’s a basic axiom of information security that “data at rest”
should be encrypted. Apple should be lauded for reaching that state with the iPhone. Google should be praised for
announcing it will follow suit in a future Android release.
And yet, the argument for encryption backdoors has risen like the undead. In
a much-discussed editorial
that ran Friday, The Washington Post sided with law enforcement. Bizarrely, the Post
acknowledges backdoors are a bad idea—“a back door can and will be exploited by bad guys, too”—
and then proposes one in the very next sentence: Apple and Google, the paper says, should invent
a “secure golden key” that would let police decrypt a smartphone with a warrant.
The paper doesn’t explain why this “golden key” would be less vulnerable to
abuse than any other backdoor. Maybe it’s the name, which seems a product of the same
branding workshop that led the Chinese government to name its Internet censorship system the “golden shield.” What’s
not to like? Everyone loves gold!
Implicit in the Post’s argument is the notion that the existence of the search
warrant as a legal instrument obliges Americans to make their data accessible:
that weakening your crypto is a civic responsibility akin to jury duty or paying
taxes. “Smartphone users must accept that they cannot be above the law if there is a valid search warrant,” writes the
Post.
This talking point, adapted from Comey’s press conference, is an insult to anyone savvy
enough to use encryption. Both Windows and OS X already support strong full-disk crypto, and using it is a
de facto regulatory requirement for anyone handling sensitive consumer or medical data. For the rest of us, it’s
common sense, not an unpatriotic slap to the face of law and order.
This argument also misunderstands the role of the search warrant. A search
warrant allows police, with a judge’s approval, to do something they’re not
normally allowed to do. It’s an instrument of permission, not compulsion. If the
cops get a warrant to search your house, you’re obliged to do nothing except stay
out of their way. You’re not compelled to dump your underwear drawers onto
your dining room table and slash open your mattress for them. And you’re not
placing yourself “above the law” if you have a steel-reinforced door that doesn’t
yield to a battering ram.
They Say: “Stewart Baker”
Baker is wrong.
Cohn et al. 14 — Cindy Cohn, Executive Director and former Legal Director and General Counsel of the Electronic
Frontier Foundation, holds a J.D. from the University of Michigan Law School, with Jeremy Gillula, Staff Technologist at
the Electronic Frontier Foundation, holds a Ph.D. in Computer Science from Stanford University, and Seth Schoen, Senior
Staff Technologist at the Electronic Frontier Foundation, 2014 (“What Default Phone Encryption Really Means For Law
Enforcement,” Vice News, October 8th, Available Online at https://news.vice.com/article/what-default-phoneencryption-really-means-for-law-enforcement, Accessed 07-05-2015)
After Apple announced it was expanding the scope of what types of data would be encrypted on devices running iOS 8,
the law enforcement community was set ablaze with indignation. When Google followed suit and announced that
Android L would also come with encryption on by default, it added fuel to the fire.
Law enforcement officials have angrily decried Apple and Google's decisions,
using all sorts of arguments against the idea of default encryption (including the classic
"Think of the children!" line of reasoning). One former NSA and Department of Homeland Security
official even suggested that because China might forbid Apple from selling a
device with default encryption, the US should forbid Apple from doing so here.
A former high-ranking American security official claiming the US should match
China in restricting the use of privacy-enhancing technology is disconcerting, to
put it mildly.