How Dangerous Is End-to-End Encryption?

Last week, FBI Director James Comey testified before two Senate committees about end-to-end encryption, which prevents anyone from spying on protected conversations. Strong encryption of that sort became attractive to many Americans after NSA contractor Edward Snowden revealed that the government was secretly monitoring the private communications of millions of innocent people. And it’s heartening to think of dissidents in authoritarian countries communicating and collaborating without repressive regimes eavesdropping on them.

But end-to-end encryption will also help protect the communications of aspiring terrorists, child pornographers, and other evil-doers: The FBI and other law enforcement agencies won’t be able to eavesdrop on them, even with a proper warrant.

Thus the question before policymakers: Should technology companies like Apple be allowed to provide end-to-end encryption, such that no one but iPhone users––neither the company nor the government––can access their emails, texts and phone calls? Or should companies be required to build in a “backdoor” for the government, so that with a warrant in hand, the FBI could gain access to their communications?

Federal officials say they need a “backdoor” to protect the public.

Technologists warn that there is no way to build in a “backdoor” just for law enforcement, much as there’s no way to outfit a safe with a backdoor that only the FBI can open. If encryption is weakened so that government can, in theory, access anyone’s data with a warrant, then in practice, everyone’s communications will be vulnerable to Chinese hackers, the Russian government, and NSA employees operating beyond constitutional bounds without individualized warrants.

Over at Lawfare, Benjamin Wittes, who tends to favor increasing rather than circumscribing governmental powers that relate to national security, muses at length on this question. “Would it be a good idea to have a world-wide communications infrastructure that is, as Bruce Schneier has aptly put it, secure from all attackers?” he asks. “That is, if we could snap our fingers and make all device-to-device communications perfectly secure against interception from the Chinese, from hackers, from the FSB but also from the FBI even wielding lawful process, would that be desirable? Or, in the alternative, do we want to create an internet as secure as possible from everyone except government investigators exercising their legal authorities with the understanding that other countries may do the same?”

He finds it useful to consider that question before deciding whether it is even possible to secure the Internet against everyone except lawful government investigators.

For now, let’s play along.

He says that the answer is not a close call.

“The belief in principle in creating a giant world-wide network on which surveillance is technically impossible is really an argument for the creation of the world's largest ungoverned space,” he writes. “I understand why techno-anarchists find this idea so appealing. I can't imagine for moment, however, why anyone else would.”

He goes on to attempt an analogy:

Consider the comparable argument in physical space: the creation of a city in which authorities are entirely dependent on citizen reporting of bad conduct but have no direct visibility onto what happens on the streets and no ability to conduct search warrants (even with court orders) or to patrol parks or street corners. Would you want to live in that city? The idea that ungoverned spaces really suck is not controversial when you're talking about Yemen or Somalia. I see nothing more attractive about the creation of a worldwide architecture in which it is technically impossible to intercept and read ISIS communications with followers or to follow child predators into chatrooms where they go after kids.

Even at this conceptual level, before even considering whether a government-only backdoor is possible and cost-effective, it seems to me that Wittes’s analysis is flawed.

The problem lies in the limits of his analogy.

In an ungoverned territory like Somalia, bad actors can take violent physical actions with impunity––say, seizing a cargo ship, killing the captain, and taking hostages. If authorities were similarly helpless on America’s streets––if gangs could rob or murder pedestrians as they pleased, and police couldn’t see or do a thing––that would, indeed, be dystopian. But when communications are encrypted, the “ungoverned territory” does not encompass actions, violent or otherwise, just thoughts and their expression.

No harm is done within the encrypted space.

To be sure, plots planned inside that space can do terrible damage in the real world––but so can plots hatched by gang members on public streets whispering into one another’s ears, or Tony Soprano out on his boat, having swept it for FBI bugs.

I wonder what Wittes would make of a different analogy.

In the absence of end-to-end encryption––indeed, even if it becomes a universally available tool––the largest ungoverned space in the world won’t be Somalia or the Internet, but the aggregate space between the ears of every human being on planet earth.  

No authority figure can see into my brain, or the brain of Chinese human-rights activist Liu Xiaobo, or the brains of ISIS terrorists, or the brains of Black Lives Matter protestors, or the brains of child pornographers, or the brains of Tea Partiers or progressive activists or whoever it is that champions your political ideals. If government had access to all of our thoughts, events from the American Revolution to the 9/11 terrorist attacks would’ve been impossible. Reflecting on this vast “ungoverned territory,” does Wittes still regard as uncontroversial the notion that  “ungoverned spaces really suck”? More to the point, if it’s ever technically possible, would he prefer a world in which government is afforded a “backdoor” into my brain, yours, and those of the next Osama bin Laden, MLK, and Dylann Storm Roof?

To be clear, I don’t mean to assert that “backdoor” access to digital communications is just like equivalent access to our brains. But say that end-to-end encryption is the norm going forward. Do readers think that America would be more like Somalia? Or more like today’s America, only with greater privacy for thoughts, papers, and personal effects that enables both significant goods and harms?

As in contemporary America––and unlike in Somalia––terrorists, child pornographers, and other serious criminals would have to operate outside “ungoverned spaces” to  harm any innocents. The threats they pose can be adequately addressed there.