Over the last weeks the subject of US lawmakers banning end-to-end encryption has been gaining steam. It all started when Politico reported that senior Trump officials met to discuss the subject of banning encryptions that law enforcement couldn’t break. Then, Zak Doffman at Forbes dove deeper into this by examining it from the point of view of a cybersecurity professional. Since then the subject’s importance in the media has deflated amidst Libra Crypto hearings, Trump tweets, and typical news cycles. However, we wanted to take a minute to highlight the perils of an end-to-end encryption ban and how it would create chain events that will distort the way we live and how we engage with technology.
End-to-end encryption refers to the cyphering of plaintext messages like emails or texts so that they can only be unlocked and read by the sender and its intended recipient. This kind of security has taken decades to develops and it’s what protects our communications and devices from hackers and cybercriminals. Most people don’t realize but they use end-to-end encryption everyday if they use apps such as iMessage and WhatsApp. Email hasn’t caught on as quickly, but Criptext is there to fill the gap with the world’s most secure and private email service. If you’re using Gmail, Outlook or Yahoo, it’s worth you understand why you should be using encrypted email instead.
Let’s start by understanding the premise of the allegations in favor of banning encryption. Lawmakers are afraid that end-to-end encryption will increasingly become an impediment to law enforcement and therefore a threat to national security. One of the prime examples of this is the 2015 San Bernardino attack in which 14 were killed and 22 were seriously injured by a radical islamist terrorist. Upon investigating the incident, the FBI ran into a roadblock when they tried to access the assailant’s iPhone and it was locked (encrypted). Forcefully trying random codes would cause the phone to reset and wipe all the data so the FBI went to Apple for help, but Apple didn’t comply as they expected. The FBI asked apple to give them the code or create a backdoor access to the device. This was an ask of monumental proportions. Not just because FBI wanted Apple to willingly breach a users privacy and security, but because it would create a precedent for Apple and all other tech companies to bypass their own security and create vulnerabilities that hackers could capitalize on. Sure, it was just one iPhone, but the “solution” would affect all iPhones around the world. Complying with this request would destroy Apple’s credibility and the trust that it had built for decades. Indeed Apple’s Tim Cook was in a moral crossroad whether to protect their users’ privacy or comply with law enforcement — damn if you do, damn if you don’t. Ultimately, Apple denied the request.
“Our battle was over whether or not the government could force Apple to create a tool that could put hundreds of millions of people at risk in order to get into a phone — and we said no, the law does not support the government having the authority to do that”— Tim Cook, CEO at Apple
Eventually the FBI got around the iPhone’s sophisticated security by employing the help of an Israeli cybersecurity firm. Nevertheless, the standoff between Apple and FBI created the precedent for today’s discussion on banning end-to-end encryption. The San Bernardino case does exemplify how encryption creates a challenge for law enforcement to do its job. So, intrigued by the moral conundrum that Apple faced, we asked Zak Doffman what would he have done and he wisely replied “I would look for a way not to have to make the decision. If I don’t have the key to the car, I have nothing to give, therefore no decision to make.” We found this response insightful because when we built Criptext as an end-to-end encrypted email service we designed it in a way in which we don’t have the encryption keys, instead the user’s device does. This was done specifically, as Zak says, so that we don’t have to make a decision.
However, hypothetically speaking, if the law existed then the US government could force any US or US-ally tech company to forcefully change its code, push an update and make it so that US law enforcement has the access it needs — a backdoor. The threats of this law go beyond breaching privacy rights. Commerce and innovation would be affected too. Countries like Australia, who have implemented these laws, are starting to pay the price as they’re seeing tech companies leave Australia and its tech industry will falter because of it.
The discussion around the encryption ban comes as no surprise. We predicted it last year when Australia passed a similar law and foretold that USA would follow. This chain reaction happened naturally since both countries belong to the Five Eyes, a coalition of nations that collaborate in sharing intelligence with each other. Five Eyes nations include USA, Australia, UK, New Zealand and Canada.
It’s a tough discussion to be had and one that will unequivocally lead to major divide in congress and the general public if the law gets to the House floor. The Apple-FBI standoff was no different than a movie drama where one must decide whether to destroy a force of good for the sake of saving one life. Nevertheless, when discussing the matter of banning end-to-end encryption we must be able to see beyond today’s conflict and foresee how it could catalyze a future without privacy, with big brother to the Nth power, and with cybercriminals having easier access to cybercrime. End-to-end encryption is a double edged sword: a ban could facilitate law enforcement’s work, but at the same time leave the general public defenseless and unsecured. Bad actors will always find ways to misuse tools (digital or analog) for evil ends, but that’s not to say that the tools are to blame. This is similar to the conversation around gun control: it’s about controlling, not banning altogether. Otherwise, how else would we protect ourselves from these bad actors? Lastly, we must consider the probability that tech companies would flee the US into countries like Ireland and Switzerland in order to bypass these regulatory impediments, just like how it’s happening in Australia. Encryption exists to protect people and so does law enforcement. This is why we must work together to find a middle ground that enables both to fulfill their goals without hindering the privacy or wellbeing of the general public.