Have you ever felt that politics is completely divorced from reality?
I get this sensation every time Congress attempts to “deal with” encryption. They just can’t understand that winning an election doesn’t mean you get to repeal the laws of mathematics.
The latest boneheaded bill that’s got the tech community so riled up is the “Lawful Access to Encrypted Data Act”, introduced in the Senate last week by Sens. Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn).
I didn’t think things could get worse than the “Clipper Chip” and “Strong crypto can’t be exported” debacles of the 1990s, until I read the EARN IT Act of 2020. (Eliminating Abuse and Rampant Neglect of Interactive Technologies, if you’re curious. Who could possibly be against that?) I thought nothing could be worse than EARN IT, until I read LAED. Who comes up with this garbage?
You might not know much about cryptography, but you use it every day. It’s used to secure credit card numbers when you order something online. If you’ve digitally signed anything, you’re using crypto. More and more apps use it, especially for text messaging. Is your phone locked with a PIN? That’s kept secret with crypto.
“Strong crypto”, as it is commonly known, uses the laws of mathematics to ensure that no one, other than the sender and receiver, can read messages or snoop your video chats. (Computer specialists will know I’m leaving out details, but they don’t change the conclusions below). When I say no one, I mean no one. No law enforcement agency, no nation-state, no megarich corporation, nobody. The knowledge of how to do this is available to the world. The genie is out of the bottle.
This means that billions of people everywhere can communicate securely, protect their intellectual property, and engage in e-commerce. The benefits to society are immeasurable. It also means that terrorists, pedophiles, drug cartels, and criminals of any sort can communicate securely. There is no technological sword that permits the forces of good to smite the wicked but burns the hands of evildoers. And there never will be.
For the past 40 years, ever since strong crypto was developed, people have desperately wanted to believe the opposite. If we just elect the right people to pass the right law, we can have our cryptographic cake and eat it, too. They are wrong. We can’t.
LAED outlaws strong crypto by requiring encryption providers above a certain user threshold to provide a “back door”: A way to break the encryption under certain circumstances. The theory is that these circumstances would arise when a warrant is presented to a judge. In practice, to use terms from mathematical logic, the use of a warrant to open a cryptographic back door is neither necessary nor sufficient to help fight crime.
It’s not sufficient, because there is no magic genie who only issues warrants to wise, apolitical law enforcement officials with solid evidence against child molesters. Thinking this technology will never be used for anything other than benevolent purposes is ridiculously naïve.
For that matter, once American products are known to have back doors, every single government on the planet will demand the keys before permitting their use. That includes China, Russia, Iran, Saudi Arabia and North Korea. This bill will help some of the most repressive regimes on the planet. Is this something we want?
Even worse, the use of a warrant and backdoors is not necessary, because (stay with me on this) the bad guys won’t use broken American products.
The mathematics behind strong cryptography are well known; they don’t disappear because Congress wants them to. Programs that use strong crypto can be written by a bright high school student. Criminals who use encryption aren’t stupid; they will simply “roll their own”. Al Qaida has done this. More will follow.
Yes, it stinks that something used by good people to do good can also be used by bad people to do bad. ‘Twas ever so. LAED stinks, and both parties ought to smell it. It cripples a thriving American economic sector and poses a clear and present danger to civil liberties.
Colorado voters of any and all political stripes: Write Sens. Michael Bennett and Cory Gardner. Urge them to oppose the LAED Act, EARN IT, and any other measures that use backdoor methods to weaken crypto. The crypto genie cannot go back in the bottle. It will simply serve another master.
Barry Fagin is senior fellow in technology policy at the Independence Institute in Denver. He holds a Ph.D. in computer science from Berkeley and has taught and published in the fields of cryptography and information security. His views are his own.