With Every Call for Encryption Restrictions, Officials Make the Technology's Case
Of course secure communications frustrate governments. That's the whole idea.
At the Democratic presidential debate that nobody watched, candidate Hillary Clinton called for a "Manhattan-like project" to crack encrypted communications. With those words, she almost certainly spurred the push to develop such technology—and to put it beyond the reach of the likes of U.S. government officials.
When the creators of ProtonMail originally envisioned their encrypted email service, they thought of it as a refuge from the international snooping conducted by the NSA and its counterparts in other countries. They chose Switzerland as the base for the new venture because the country is outside both the United States and the European Union, and has a much less intrusive surveillance regime.
"In the [Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT)], the obligation to provide the technical means for lawful interception is imposed only on Internet access providers, so ProtonMail, as a mere Internet application provider, is completely exempt from the SPTT's scope of application. This means that under Swiss law, ProtonMail CANNOT be compelled to backdoor our secure email system," the company explained last year.
ProtonMail's designers then went a step further and designed their service so that the company had no means to retrieve messages even if ordered to do so. And they used open source encryption so outsiders wouldn't have to trust their promises.
Which is to say, in response to snoopy governments, tech savvy entrepreneurs based themselves in a friendly jurisdiction beyond the reach of the snoops and made available secure services accessible by people anywhere.
Silent Circle, co-founded by Phil Zimmermann, the creator of the PGP encryption standard used by ProtonMail, also went jurisdiction-shopping. "When we moved from the U.S. to Switzerland, Snowden was one of the contributing factors," CEO Bill Conner told Fast Company. He referred, of course, to whistleblower Edward Snowden's revelations about widespread surveillance by the U.S. government and its allies.
Likewise, when the Russian government leaned on Pavel Durov, founder of social network Vkontakte, to surrender user data, he left the country rather than comply. Beyond the reach of Putin's thugs, he promptly created the Telegram encrypted messaging app, which has since become popular around the world.
So when Hillary Clinton, Donald Trump, Senate Intelligence Committee Chairman Richard Burr (R-N.C.), Manhattan District Attorney Cyrus Vance, and President Barack Obama and UK Prime Minister David Cameron declare war on communications privacy, they fail to understand that they are the menace against which the people around them have been armoring their messages to one another. When they demand "sensible statutes that will protect legitimate privacy concerns, while giving law enforcement the ability to access cellphones when necessary to prosecute serious crimes and fight terrorism," in the words of Vance, they fail to grasp that it's exactly such calls which have driven the increasing popularity and sophistication of technology specifically designed, implemented, and dispersed to render such laws unenforceable.
Clinton and Burr may sit up at night sticking pins in their Apple and Google voodoo dolls because of those companies' efforts to secure customer privacy (only to fuel commendable pushback by the likes of Tim Cook), but their endless grumbling and threats have already informed innovators and users alike. Few people would demand full-disk encryption and self-destructing messages if officials weren't so insistent that they have the right to look over everybody's shoulders. Nor would the use of open source code and the basing of new operations outside the borders of the U.S., the E.U., China, and Russia be such marketing wins if end users placed any trust in the officials under whose whims they suffer.
Even if Apple and Google ultimately fall, the demand they seek to satisfy will continue to exist. If American tech giants are legally barred from serving their customers, software developed by companies and independent developers around the world, intentionally designed to thwart U.S. policymakers, will easily fill the gap.
Using such secure products might well be illegal in the future, but it's worth noting that Clinton, Trump, Vance, Burr and company explicitly name criminals and terrorists as the targets of their efforts. "[E]ncryption—encoding messages to protect their content—is enabling murderers, pedophiles, drug dealers and, increasingly, terrorists," insists Burr in calling for restrictions. But these groups are not especially known for their enthusiasm for avoiding the occasional legal violation. And they are very interested in keeping their chats below law enforcement's radar.
"[I]n 2007, al-Qaeda's Global Islamic Media Front (GIMF) released their own encryption software: Asrar al-Mujahedeen," notes British think tank Demos. That effort has since continued and expanded. ISIS first released its own encryption program—Asrar al-Ghurabaa—in 2013, according to threat intelligence company Recorded Future. "The nature of these new crypto products indicates strategy to overlay stronger and broader encryption on Western (mainly US) consumer communication services," the company's analysis points out. It turns out that terrorist organizations aren't willing to leave their fate up to the willingness and ability of consumer-oriented corporations to resist pressure brought by the U.S. government.
Criminal organizations might do the same—or just use one of many freely available products that anybody can download from vendors around the world.
"I think there's no way we solve this entire problem," FBI Director James Comey admitted to the U.S. Senate Judiciary Committee earlier this month. "Encryption is always going to be available to the sophisticated user."
Which is to say, the only people new laws could really prevent from using encryption are people who are so reflexively law abiding they would never use such technology if it was frowned upon by officialdom. That characteristic would also seem to make them unlikely targets for law enforcement or national security agencies. Ultimately, if successful, Clinton, Trump, Burr, Vance, Obama, and Cameron may well hand the security community unfettered access to your maiden aunt's cat pictures.
Of course, such laws would also give governments an excuse for punishing people who do nothing more than keep their communications private. Officials wouldn't need to crack encryption to fine people or throw them in prison. The simple fact that texts and emails are resistant to scrutiny when the state comes prying could be the crime in and of itself.
And that's a problem.
"Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age," a recent United Nations Human Rights report approvingly recognized. The ability of the technology to frustrate snoops is a feature, not a bug, in a world full of thin-skinned officials. Accordingly, the report continued, "States should promote strong encryption and anonymity."
States should, but they won't, because encryption is a defense against them for speech and ideas targeted at them.
Which is why every time creatures like Clinton, Trump, Burr, Vance, and company open their mouths, they prod people to keep encryption and the exchange of ideas it protects beyond governments' reach.