Will 2015 be the year we see a major showdown over encryption? Earlier this week, my colleague, Ariel Rabkin, penned a trenchant critique of proposals by Prime Minister David Cameron to crackvarious encryption methods increasingly employed by US tech firms. Rabkin is confident that the US political class seems more responsiblethan that of the UK, and that they will not follow Camerons bad example. As someone still wrestling with the shifting balance between security and liberty, I have a good deal of sympathy forRabkins discomfort. However, I suspect this issue will prove to be more complicated than Rabkin suggested. In this blog, I would like to add a few additional dimensions and perspectives about the prospects of going darkwith encryption and the forces at play here. <\/p>\n
First, Camerons push must be analyzed against the background of a rapidly changing political and security environment, both in the US and around the world. I have commented several times that the pendulum seemed to be shifting toward prioritizing civil liberty over security, as evidenced by proposals and actions by both the Obama administration and Congress. Anotable high point being an amendment banning all forms of backdoor malware passing the US House of Representatives, on a bipartisan basis, last spring. <\/p>\n
Today, after events in Paris, Belgium, and across Europe, the Sony debacle, the heightened fears of future attacks by cyber-savvy Islamic terrorists, along with the earlier beheading of journalists and the rise of ISIS, the security\/liberty balance is shifting rapidly back toward security. Cameron is certainly not alone is his call for action against plans by Apple, Google, Facebook, WhatsApp and Snapchat to introduce impenetrable encryption in their products and services. While the prime minister may be spearheading this effort, it is also true that he is responding to urgent demands by his security agencies, MI5 and GCHQ. Not far behind, the French government is putting together a package of new cybersecurity proposals, with rumors that it, too, will act to head off going darkby telecoms and Internet companies. Beyond governments, publications such as the Economist (hardly a bastion of hawkish sentiment) have called on tech firms to desist from claiming that their realm is so distinct and inviolate that it can imperil others lives(I)t is far better to agree to some form of standard now, rather than wait for an atrocity plotted behind impenetrable walls to be unleashed. <\/p>\n
Despite Rabkins hope, I also suspect that the American political class,however defined, will respond to recent events by shifting toward support of more stringent security measures. We have already seen Attorney General Eric Holder make common cause with FBI Director James Comey, blasting Apple and Google for placing themselves beyond the law and aiding and abetting terrorists and child molesters. And while Cameron failed to get ringing support in these issues while stateside last week, President Obama has signaled that he could well be moving toward backing Holder and Comey, stating that, [i]f we get into a situation in which the technologies do not allow us at all to track somebody that were confident is a terrorist despite having a phone number, or despite having a social media address or email address that we cant penetrate that, thats a problem. <\/p>\n
While it is too early to see specific legislation, Congress on its own and certainly if the administration recommends it will likely take up the matter and update the existing legal framework that mandates that companies provide means for government officials to carry out wiretap orders to cover email and other Internet content. All of this will set the stage for major conflict with civil libertarians and high tech companies. When asked to respond to Camerons demands, Apple referred reporters to a previous statement by CEO Tim Cook: If law enforcement wants something, they should go to the user and get it. Its not for me to do it. Were not Big Brother. <\/p>\n
All this said, I agree that there are monumental problems associated with combatting encryption. As Rabkin notes, given the structure of the Internet and the growing market for encryption technologies, attempts to block the new security measures may well end up as the proverbial Dutch boys finger in the dyke. Mandated backdoors will likely increase insecurity as they cannot be cabined just to government officials. And how do companies respond to authoritarian governments (read: China) who will demand equal access? <\/p>\n
It is hard to know how all of this will play out. But my money is on an outcome wheregovernments and their cybersecurity agencies will not be deterred from trying to thwart products and services from going dark. <\/p>\n
This post was originally published on TechPolicyDaily. <\/p>\n
<\/p>\n