Recently some administration officials have suggested that American companies should, in general, stop offering technological products (think mobile phones, software, etc.) that are made secure for our use with encryption. Some have gone further and suggested that secure products be banned. Their one concession? Companies should be able to offer secure products if they provide a “backdoor,” a planned weakness as a point of entry, or something similar, to allow for the decryption of the user’s data by the government.
Twenty years ago we had a national debate on the very same question, and the result was that Congress did the right thing and stood by our constitutional protections. While the increasing value of technology in our daily lives was apparent to many then, few would have guessed how deeply interwoven it would become just 20 years later—into finance, health, communications, entertainment, transportation, home security, agriculture, education and commerce, to name some of them.
The common denominator in security is robust strong encryption. Encryption refers to the process of securing information such as text, financial numbers, music or any data, by encoding it so that only those who are authorized can read the “plain text.” Encrypted messages can still be obtained but the content of that message is indecipherable—essentially the envelope could be obtained but the message inside still secure. Electronic communications of all sorts rely on this cornerstone of security, including transactions that are limited to machines “talking” to other machines. To forcefully introduce weakness into this ecosystem is at best ill-advised.
But the FBI (and others) would like to move forward with a plan that ironically is contrary to the agency’s very mission. Government-mandated weakened security is a further invitation to criminal elements, foreign adversaries and even the mischievous.
Could we imagine a proposal to ban people from locking their homes, cars or securing information about their children? In the United States part of our security is grounded in the liberty that is inherently ours—we feel secure because of “The right of the people to be secure in their persons, houses, papers, and effects” from the government.
The truth is that this country already faces challenges to the security of its information. And so far government has failed to move legislation to make information security easier and more robust. If we do not adopt the right balance of private security measures along with appropriate federal measures we will end up with a country where no one will trust their home security, health care, finances, and other information because it will be exposed. U.S. “security” tools will be an international joke and the companies developing such will lack customers. If indeed we want U.S. companies to prevail in the global information security marketplace, then mandating weak security products undermines that effort.
The administration's insistence on gathering broad swaths of information is wholly unhealthy, especially because of the current track record of flaunting laws that were supposed to limit the data and the terms under which it could be gathered. We should not be forced to keep our doors unlocked and leave our data and families with no protection, so that government may stroll in at will.