In most cases, two plus two equals four. It’s simple math. The same is true of encryption. Devices and services are either protected by strong encryption or they’re not. There is no in-between.
In spite of that, the UK Home Secretary, Priti Patel, joined U.S. Attorney General William Barr and Australian Home Affairs Minister Peter Dutton in an open letter urging Facebook to essentially create a backdoor in their end-to-end encryption.
On the one hand, the government officials offer lip service to the need for strong encryption:
“We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications. We also respect promises made by technology companies to protect users’ data. Law abiding citizens have a legitimate expectation that their privacy will be protected.”
However, those statements are undermined by what follows:
“Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes.”
Unfortunately these statements, and others like them, demonstrate a dangerous lack of understanding about how encryption works or, for that matter, how basic math—the foundation of all encryption—works. Experts the world over have warned about the catastrophic dangers of creating backdoors in encryption here, and here, and here, and here, and here, and here and here (PDF).
The last one was an open letter to the White House by civil organizations, companies, trade associations and a myriad of security and policy experts. These are individuals from such varied backgrounds that they rarely agree on anything. Yet the one thing they all agree on is that there is simply no way to create backdoors in encryption without fundamentally weakening said encryption. It simply can’t be done. There is no way to create a backdoor for the “good guys” to get into the phones, computers and tablets of the “bad guys” without the “bad guys” using those same backdoors to get into the devices of the “good guys.”
At this point in the debate, people who want backdoors usually fall back to complaining about how strong encryption is making it possible for bad actors to “go dark,” using encryption to protect their activities from prying eyes. Therefore, the argument goes, the tech companies should be forced to make a backdoor in the interest of the greater good.
By that logic, however, safe makers should be required to create a backdoor to every safe they manufacture in the event that whoever purchases it tries using it for nefarious purposes. Similarly, paper shredder makers should be forced to make shredders that can take the strips of shredded paper and recombine them into their original form. Otherwise, someone might use a shredder to destroy documents to cover illegal activity.
What’s interesting about both of those examples is that, even without the manufacturers’ assistance, it’s possible to crack into a safe, as well as sort through strips of shredded paper and reconstruct documents. Is it a pleasant experience? No—but it’s possible.
Similarly, even without backdoors in encryption, with enough computing power it is possible to break encryption or find ways to circumvent it. In the wake of the San Bernardino case, after the FBI tried to force Apple to unlock the perpetrator’s iPhone, the FBI was able to find a company that succeeded in unlocking the phone. Was it pleasant? No—but it was possible.
Sometimes convenience for a few—in this case law enforcement—must take a back seat to the safety of the many. In other words, two plus two must equal four, unless a person doesn’t believe in basic math principles. Then two plus two equals five, or 13, or 127,309 or…
