EncryptionReal security requires strong encryption – even if investigators get blocked

By Susan Landau

Published 2 November 2017

The FBI and the U.S. Department of Justice have been fighting against easy, widespread public access to encryption technologies for 25 years. Since the bureau’s dispute with Apple in 2016 over access to the encrypted iPhone of one of the two people who shot 14 victims in San Bernardino, California, this battle has become more pitched. This dispute is not about whether regular people can or should use encryption: The U.S. government is in favor of using encryption to secure data. Rather, it’s about the FBI’s demand that encryption systems include “exceptional access,” enabling police who get a warrant to circumvent the encryption on a device or on an encrypted call. The demand for exceptional access by law enforcement is a broad threat to fundamental parts of American society, and it poses a serious danger to national security as well as individual privacy. As technology changes, the jobs of police and intelligence workers must also change; in some ways, it will be harder, in others, easier. But the basic need for security supports the call for wide use of strong encryption – and without modifications that make it easy for Russians, or others, to break in.

The FBI and the U.S. Department of Justice have been fighting against easy, widespread public access to encryption technologies for 25 years. Since the bureau’s dispute with Apple in 2016 over access to the encrypted iPhone of one of the two people who shot 14 victims in San Bernardino, California, this battle has become more pitched.

This dispute is not about whether regular people can or should use encryption: The U.S. government is in favor of using encryption to secure data. Rather, it’s about the FBI’s demand that encryption systems include “exceptional access,” enabling police who get a warrant to circumvent the encryption on a device or on an encrypted call.

Nearly every element of American society is a potential target for sophisticated hackers. That makes the conflict complicated; giving law enforcement officers a way into secure systems makes breaking in easier for others as well. In 2016, I testified before Congress in support of Apple and against the FBI position; and as I explain in my forthcoming book, “Listening In: Cybersecurity in an Insecure Age,” the FBI’s stance would make people, and society, less secure, not more so.

A new battle in an old war
Today, the American public is engaged in the second round of what have been called the “encryption wars.” During the 1990s, the U.S. had restrictions on encryption software and algorithms, allowing their use within the country, but preventing them from being exported to other countries. As a result, U.S. software companies faced a choice between creating two versions of every program – a strong system for U.S. customers and a weak system for everyone else – or providing only the weak version. Most chose the latter. That limited the availability of encryption software in the U.S., so export control worked well for both the NSA’s intelligence gatherers and the FBI’s investigators.

But in 2000, the two agencies’ interests split. The Clinger-Cohen Act required the U.S. Department of Defense to buy commercially available communications and computer equipment – and the agency wanted encryption built in. To boost the strength of cryptography in the marketplace, the NSA supported loosening the export controls.