Reason.com

Free Minds & Free Markets

With Every Call for Encryption Restrictions, Officials Make the Technology’s Case

Of course secure communications frustrate governments. That's the whole idea.

At the Democratic presidential debate that nobody watched, candidate Hillary Clinton called for a "Manhattan-like project" to crack encrypted communications. With those words, she almost certainly spurred the push to develop such technology—and to put it beyond the reach of the likes of U.S. government officials.

When the creators of ProtonMail originally envisioned their encrypted email service, they thought of it as a refuge from the international snooping conducted by the NSA and its counterparts in other countries. They chose Switzerland as the base for the new venture because the country is outside both the United States and the European Union, and has a much less intrusive surveillance regime.

"In the [Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT)], the obligation to provide the technical means for lawful interception is imposed only on Internet access providers, so ProtonMail, as a mere Internet application provider, is completely exempt from the SPTT's scope of application. This means that under Swiss law, ProtonMail CANNOT be compelled to backdoor our secure email system," the company explained last year.

ProtonMail's designers then went a step further and designed their service so that the company had no means to retrieve messages even if ordered to do so. And they used open source encryption so outsiders wouldn't have to trust their promises.

Which is to say, in response to snoopy governments, tech savvy entrepreneurs based themselves in a friendly jurisdiction beyond the reach of the snoops and made available secure services accessible by people anywhere.

Silent Circle, co-founded by Phil Zimmermann, the creator of the PGP encryption standard used by ProtonMail, also went jurisdiction-shopping. "When we moved from the U.S. to Switzerland, Snowden was one of the contributing factors," CEO Bill Conner told Fast Company. He referred, of course, to whistleblower Edward Snowden's revelations about widespread surveillance by the U.S. government and its allies.

Likewise, when the Russian government leaned on Pavel Durov, founder of social network Vkontakte, to surrender user data, he left the country rather than comply. Beyond the reach of Putin's thugs, he promptly created the Telegram encrypted messaging app, which has since become popular around the world.

So when Hillary Clinton, Donald Trump, Senate Intelligence Committee Chairman Richard Burr (R-N.C.), Manhattan District Attorney Cyrus Vance, and President Barack Obama and UK Prime Minister David Cameron declare war on communications privacy, they fail to understand that they are the menace against which the people around them have been armoring their messages to one another. When they demand "sensible statutes that will protect legitimate privacy concerns, while giving law enforcement the ability to access cellphones when necessary to prosecute serious crimes and fight terrorism," in the words of Vance, they fail to grasp that it's exactly such calls which have driven the increasing popularity and sophistication of technology specifically designed, implemented, and dispersed to render such laws unenforceable.

Clinton and Burr may sit up at night sticking pins in their Apple and Google voodoo dolls because of those companies' efforts to secure customer privacy (only to fuel commendable pushback by the likes of Tim Cook), but their endless grumbling and threats have already informed innovators and users alike. Few people would demand full-disk encryption and self-destructing messages if officials weren't so insistent that they have the right to look over everybody's shoulders. Nor would the use of open source code and the basing of new operations outside the borders of the U.S., the E.U., China, and Russia be such marketing wins if end users placed any trust in the officials under whose whims they suffer.

Even if Apple and Google ultimately fall, the demand they seek to satisfy will continue to exist. If American tech giants are legally barred from serving their customers, software developed by companies and independent developers around the world, intentionally designed to thwart U.S. policymakers, will easily fill the gap.

Using such secure products might well be illegal in the future, but it's worth noting that Clinton, Trump, Vance, Burr and company explicitly name criminals and terrorists as the targets of their efforts. "[E]ncryption—encoding messages to protect their content—is enabling murderers, pedophiles, drug dealers and, increasingly, terrorists," insists Burr in calling for restrictions. But these groups are not especially known for their enthusiasm for avoiding the occasional legal violation. And they are very interested in keeping their chats below law enforcement's radar.

"[I]n 2007, al-Qaeda's Global Islamic Media Front (GIMF) released their own encryption software: Asrar al-Mujahedeen," notes British think tank Demos. That effort has since continued and expanded. ISIS first released its own encryption program—Asrar al-Ghurabaa—in 2013, according to threat intelligence company Recorded Future. "The nature of these new crypto products indicates strategy to overlay stronger and broader encryption on Western (mainly US) consumer communication services," the company's analysis points out. It turns out that terrorist organizations aren't willing to leave their fate up to the willingness and ability of consumer-oriented corporations to resist pressure brought by the U.S. government.

Criminal organizations might do the same—or just use one of many freely available products that anybody can download from vendors around the world.

"I think there's no way we solve this en­tire prob­lem," FBI Dir­ect­or James Comey admitted to the U.S. Sen­ate Ju­di­ciary Com­mit­tee earlier this month. "En­cryp­tion is al­ways go­ing to be avail­able to the soph­ist­ic­ated user."

Which is to say, the only people new laws could really prevent from using encryption are people who are so reflexively law abiding they would never use such technology if it was frowned upon by officialdom. That characteristic would also seem to make them unlikely targets for law enforcement or national security agencies. Ultimately, if successful, Clinton, Trump, Burr, Vance, Obama, and Cameron may well hand the security community unfettered access to your maiden aunt's cat pictures.

Of course, such laws would also give governments an excuse for punishing people who do nothing more than keep their communications private. Officials wouldn't need to crack encryption to fine people or throw them in prison. The simple fact that texts and emails are resistant to scrutiny when the state comes prying could be the crime in and of itself.

And that's a problem.

"Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age," a recent United Nations Human Rights report approvingly recognized. The ability of the technology to frustrate snoops is a feature, not a bug, in a world full of thin-skinned officials. Accordingly, the report continued, "States should promote strong encryption and anonymity."

States should, but they won't, because encryption is a defense against them for speech and ideas targeted at them.

Which is why every time creatures like Clinton, Trump, Burr, Vance, and company open their mouths, they prod people to keep encryption and the exchange of ideas it protects beyond governments' reach.

Photo Credit: christiaan_008/flickr

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • Scarecrow & WoodChipper Repair||

    Which is why every time creatures like Clinton, Trump, Burr, Vance, and company open their mouths, they prod people to keep encryption and the exchange of ideas it protects beyond governments' reach.

    See? They re really on the side of liberty, but they can't say so publicly, so they act like they hate liberty so they can better work to enhance liberty from the inside.

    Really, politicians really are on the side of liberty, really. They really do have ou best interests at heart.

  • ant1sthenes||

    Some group of nerds should argue, based on its prior classification as a munition, that encryption is a civilian cyberarm, and should receive 2nd amendment protection. The arguments are mostly the same anyway.

  • dantheserene||

    I like it in principal, but based on the treatment of the 2nd amendment I'm not sure that is a path I would want to follow. Will it be subject to arbitrary local restrictions? Will crossing a state (or even municipal) border with encryption on your phone be subject to jail time?

  • Fredrick Douglas||

    At the very least all of you communications deserve 4th amendment protection - regardless of what server they are on or what form they take.

  • dchang0||

    It would have been nice if the Founding Fathers has specifically named the right to privacy or at least private communications in the Bill of Rights. The 4th isn't protection enough (they can still get a warrant). I agree that the 2nd is a tough model to follow based on the way gov'ts have been treating it so far. It has been abridged in every way possible at the federal, state, and local levels.

  • MC Guru||

    I've said it time and time again on these comment threads: while there is a natural-rights basis for a right to use encryption, there is NO natural rights or any other sort of libertarian basis for a so-called right to privacy on any communication which takes place outside of private property to any degree.

    If you're broadcasting around other people, they have every right to "hear" your encrypted text. And they have every right to do whatever they want with their recording, including trying to decrypt it.

    That does underscore the need for powerful encryption, though

  • rudehost||

    Sure there is. That information is yours. If I leave a motorcycle out in a public place it doesn't make it any less mine. The same argument can be made for an encrypted message.

  • Jickerson||

    That's completely unworkable in the 21st century. Your data will almost certainly go through a third party, and if you lose any privacy protections simply because of that, then there can be no privacy and no democracy. Democracy cannot exist for long if governments are allowed to conduct mass surveillance.

    There is a huge difference between companies snooping and governments conducting mass surveillance on the populace. Governments are far more powerful and dangerous, and they get all of their resources from The People, so it is perfectly reasonable to limit what activities they can engage in, even if that conflicts with your unworkable view of privacy.

  • contrarian||

    Sure, but there is a natural right basis for service providers to refuse to fork over data.

  • contrarian||

    Also electronic communications do fall under the 4th amendment as it has been interpreted (reasonable expectation of privacy is protected), so regardless of whether you think it's a valid natural right, the state is, in theory, prohibited from searching them without a warrant. Note that this does not pertain to private actors.

  • dchang0||

    rudehost's motorcycle argument is a good one. Here's another one:

    If you were to physically write an encrypted note on a piece of paper and hand it directly to the intended recipient, does the gov't or any third party have the right come up and rip that piece of paper right out of the recipient's hand, then try to decrypt it?

    Then, consider the next step: say you hand the piece of paper with encrypted writing on it to a friend to give to the recipient. Does your friend the messenger have the right to decrypt the message?

    How about if you put the message in an envelope--does your friend have the right to steam open the envelope and decrypt the message?

    Then what if you use a hired messenger and not a friend? Do they have the right to open the envelope and decrypt your message?

    Does the hired messenger have the right to hand over the envelope to the gov't, who will steam open the envelope, decrypt it, then give the message back to the messenger to deliver to the recipient?

    All of these questions' answers seem obvious when described in physical terms--taking the envelope is theft, and steaming open the envelope is illegal spying.

  • Bill Door||

    I would cite the fourth amendment, but these crooks are so far gone that it's useless. FYTW is their justification.

  • lovelydestruction||

    I bet Clinton, Trump, Burr, Vance, and co. use encryption.

  • dantheserene||

    Evidence suggests that Hillary is more of a "security through obscurity" kind of person.

  • Dread Pirate Roberts||

    Let's ban locks on our homes while we're at it. It's really inconvenient for the government when they have to bust down your door.

  • macsnafu||

    "If you have nothing to hide..." But wait, why are they even looking? Time and time again it's been shown that law enforcement agencies aren't very good at preventing crime, and legally, they have no *right* to take action against people until an actual crime has been committed. So poking around in peoples' private emails and other private business looking for "criminal intent" is both illegal and unproductive. Proving once again that governments are a greater threat than the criminals.

  • IceTrey||

    This just in, Clinton vows to hold back tide with her bare hands.

  • Fredrick Douglas||

    Even if you lived in a world that could safely assume complete benevolence from its government, it is completely impossible to have secure encryption from a criminal element while allowing the government backdoor access. It is physically and socially impossible to have it both ways with encryption.

  • JdL||

    Of course, such laws would also give governments an excuse for punishing people who do nothing more than keep their communications private. Officials wouldn't need to crack encryption to fine people or throw them in prison. The simple fact that texts and emails are resistant to scrutiny when the state comes prying could be the crime in and of itself.

    Steganography solves that problem. You send a photograph, or music file, or video, and buried inside is your secret message. Not only is the message encrypted, but its very existence is hidden. If asked, you reply "What encryption? What hidden message? This is a video of [whatever], as you can clearly see if you watch it."

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online