When we are talking about how we should balance privacy and surveillance in the age of encryption, we basically all want the same thing:
Good Guys should be safe from intrusions, from identity theft, from banking fraud, from espionage, from exposure of their private lives that could make them vulnerable to extortion.
Bad Guys should be monitored so that they cannot do bad things, their private lives exposed as needed so that we can put them behind bars preventing further trouble, their plans visible so that we can counter them.
The trouble is that encryption, the technology, itself cannot distinguish between the good and the bad. In fact, our collective understanding of what is good changes over time. So there is no hope of ever achieving such a goal. For Hitler, Stauffenberg1 was terrorist, and when we define any policy of how we are dealing with encryption, we should be careful what the implications are for the Hitlers of our world.
Often people are saying that we should add a backdoor for law enforcement to gain access when needed. This relies on a few key assumptions to work out well:
- the police is fair, and will not abuse this power. This requires strong checks and balances to prevent the few bad apples from abusing their position. On the other hand, there are counties counting on citations to balance their budget: how can we trust them not to peak into people’s private lives to find some fines?
-
the key for the backdoor is kept safe. Again very difficult to believe given the data breaches governments have. Since it would be a universal key that would expose a few hundred million people, the stakes are high. Will we be willing to guard them as well as we do for nuclear launch codes2 now? Can we guarantee that the guardians will do their job when the rewards would justify 100 million dollar bribes?
-
we have seen governments taken over by bad actors. Is any policy we are formulating robust for such a case?
The impact on foreign governments is important to consider: will they be happy that foreigners can access the phones? Will they demand that they get their own backdoor as well? Or will one universal backdoor be too widely know and quickly spread to thieves? Will they have the same regard for political rights as Western Governments? Wouldn’t the lack of universal encryption make it harder to fight for democracy? I believe the negative impact adding backdoors would have in repressive regimes is reason enough not to pursue this option.
Just as Americans accept thousands of gun casualties every year as the price for the right to own a gun, we need to be aware that we cannot achieve perfect security from terror, and that we need to accept somewhat less efficient crime and terror prevention as the price for keeping our data safe from criminals and espionage. And honestly, we cannot prevent people having awful plans. We can only work hard to deny them the tools, guns, bombs which enable them to become actually destructive.
We value our freedom of expression, we celebrate those who fought against injustice and made the world a better place. Privacy is important because it allows experimentation without public condemnation, because it prevents totalitarian oversight, because it keeps you safe from extortion. We must not allow fear to rule us, to cause us to limit the freedoms that have enabled so much progress.