Banning Unbreakable Smartphone Encryption is Stupid

At least two states, New York and California, have introduced legislation that would ban smartphones sold in those states if those smartphones could not be searched under request from law enforcement.  This would likely mean no phones would be sold with unbreakable encryption, although I suppose Apple or Samsung could manufacture two types of phones and then just sell all the encrypted ones from New Hampshire or something. These bills are still somewhat controversial, and as it has gotten press coverage, there has been a House bill introduced that would prevent state legislation like those bills introduced in New York and California.

I found out about this through the Security Now podcast (linked in the web directory in the sidebar) where Steve Gibson, a security (and privacy) expert, discussed these bills. Shockingly, he had come out in favor of them one of the only people in the security field to do so.  In the past, Steve has discussed on his show (and agreed with) the excellent paper written by many of the world’s leading security experts on the inherent problems with key escrow.  He saw this new round of legislation as different, since it would simply return to a state of affairs that existed prior to Apple (and then Google) encrypting their phones in a way that could not be broken.  However, after considering the implication that other companies besides Apple would be forced to hold keys that could break users’ encryption (other companies which are not as good at encryption systems), Steve agreed it probably wasn’t worth the risk.

Steve Gibson did make a good point that if we don’t compromise here, it is possible we will be forced by political pressure to give up something much worse, like unbreakable encryption being made completely illegal.  Even if Steve has decided against this position, it seems likely many other still hold it. Assuming the legislation would meet certain standards, creating this system where only Apple could decrypt the phone sounds like a reasonable position to hold, but it is nevertheless incorrect.  Passing these bills would be a mistake, and here are several reasons why.

  1. Just because we were less secure in the past doesn’t make it desirable to be insecure. This is a simple status quo bias. Now that technology has allowed us to easily have unbreakable encryption on our smartphones, we must weigh the costs and benefits of utilizing this new technology, regardless of how things used to be. Both the benefits and costs will come up under other points.
  2. Law enforcement never had 100% access, even with a warrant. Foreign bank accounts, attorney client privilege, even coded messages prior to encryption were not accessible by law enforcement.  And it’s not like Apple invented some new form of encryption; these algorithms have been around for quite some time.  Android phones allowed you to encrypt your disk for a while now (though there were some issues), and OTR messaging is pretty widely available.  Moreover, if you are a bad guy and this new policy was implemented, I’m sure you’d just set up your Android phone to use a third party encryption software and it would be unbreakable. Or you’d use cryptocat, or Signal, or PGP or any of the encrypted messaging applications widely available for years now.  Yes, the default encrypted smartphone changes things, but it is not completely unprecedented.
  3. The government can’t be trusted with warrants; Apple didn’t change the status quo, the NSA did. We are discussing local law enforcement and the big court battle between the FBI and Apple. But this is essentially a byproduct of the reaction we all had to Snowden’s revelations about the mass surveillance performed by the NSA and FBI.  These bills and the FBI make it sound like everything was going fine and then suddenly tech companies dropped this bomb on them; that’s not true. Everything was going fine until it turned out that the NSA was (and still is) using secret courts for general warrants that our own elected representatives could not tell us about or stop, while intelligence officers blatantly lied to the public under oath.  In response to this and the fact that the NSA is collecting tons of internet traffic on all of us, consumers demanded more encryption.  There is no returning to a “better time” when encryption technology was irrelevant, and the solemn choice between privacy and security was determined by an impartial judge issuing a warrant; Pandora’s box was opened. But this is not just because of the pace of technology, it’s because the impartiality of warrants is gone! Since objective warrants are no longer an option, unbreakable encryption is a good second choice.
  4. The legal system has problems beyond warrants: grand juries, too many laws, prosecutorial discretion and more. We need a real safeguard that only unbreakable encryption can bring. If you are targeted by law enforcement, perhaps because of your political positions, or perhaps because police departments want more money, you have essentially no recourse. There are so many crimes on the books that you commit some of them every day. Grand juries provide no oversight to stop prosecutors from getting as many indictments as they wish, and they can use the grand jury process to not only stack charges against defendants, but also impound their assets with impunity. And once you have enough charges stacked against you and your legal mess is too deep, it’s highly likely you will settle for a plea deal even if you have never done anything wrong. In this context, allowing people to have unbreakable encryption seems like the least we could do.
  5. The problems the state is claiming to fix are blown out of proportion. Let’s talk about the benefits of law enforcement being able to break encryption, and be warned: this is going to contain some iconoclasm. The state needs these abilities to fight terrorism, right? Currently we spend anti-terrorism funds with untold billions on the intelligence community, huge chunks of the $100 billion DHS, and billions more on overseas military expenditures in ways that sometimes only stoke more violence. Yet terrorism isn’t really a major problem in the United States. Since 9/11, about 30 Americans have died a year from terrorism, the vast majority not on US soil.  If you include 9/11, that’s about 230 people a year. In contrast, last year, with a significant spotlight on police departments around the country due to high profile cases, police officers still killed over 1000 Americans.  In 2014, there were about 14,000 murders which means you were about 1000x more likely to be murdered by a non terrorist than a terrorist that year. And you might counter that we are only this safe because of secret government surveillance programs, but a White House review panel recommended the metadata collection be terminated since it was “not essential” to national security.  The Department of Justice Inspector General admitted that Patriot Act spying had not helped in any investigation. The Intercept states “the NSA’s mass surveillance programs do not have a track record — before or after Snowden — of identifying or thwarting actual large-scale terrorist plots.” This is a classic case of the tunnel-vision of institutional bureaucracy; the national security establishment’s goal was to stop terrorism, so they did everything that could remotely help, and with no counterbalancing interests, they disregarded civil liberties, practical spending constraints, and common sense.
  6. The other problems the state is claiming to fix are also blown out of proportion.  What about California? That bill is not concerned about terrorism, but rather the threat of human trafficking. Like terrorism, sex trafficking is pretty bad, and also like terrorism, the fear of the crime is far more rampant than the crime itself.  There are plenty of examples of sting operations “catching” sex traffickers, but many don’t turn into convictions; what was billed as the largest sex-trafficking bust in FBI history turned out to be largely made up by 2 inconsistent witnesses.  Many who are arrested for sex trafficking (only about 3000 in the last 10 years) don’t get charged, and those who do are often convicted of other crimes; they are usually found guilty of being involved in the sex industry at all rather than harming anyone within it. Like terrorism, this intense focus on sex trafficking has led to curtailment of rights to privacy, since no one wants to appear to be helping criminals. But the fact is that despite the political pressure to appear tough on sex trafficking, the problem itself is not pervasive; giving up unbreakable encryption to solve a problem that is largely already solved makes no sense
  7. There are problems with making our phones less secure, besides FBI surveillance. Even if only Apple, or only Google, have access to these phones which law enforcement would want decrypted, and the FBI/police never abused this power, there are still costs associated with this policy they would overlook. Namely, it’s a new point of vulnerability that didn’t use to be there. It fundamentally reduces our security, not just from government surveillance by other means (NSA hacking), but also criminals. Assuming this is a system that gets set up within Apple, this would involve a lot of resources and a lot of people. Each person or computer is a new point of vulnerability that could be exploited.  And it’s not just criminals that could use these points to hack into phones, but other foreign security agencies. Cyberspace is a very dangerous place as the NSA has constantly told us; making it less secure has real costs.
  8. There are benefits to having unbreakable encryption!  This is obvious, but not something you will here from the intelligence community, law enforcement, or these bills’ authors. Having an encrypted phone is a significant boon in this highly digitized world. Your life is better if you can have your entire existence digitized on a small portable computer that has strong protections from hacking, theft, and surveillance.  Identity theft is a pretty miserable thing to deal with; protecting against it increases our quality of life.  Even here in the United States, you might not care that the government is watching you (although many of us do), but there are issues with trusting the government to have these powers (John Oliver had an amusing piece on this).  Moreover, there are other governments which are even worse than America’s, and when you force Apple or Google to decrypt phones for our government, you also allow other governments to force tech companies to do the same for them. Allowing unbreakable encryption means you are helping people under oppressive regimes around the world.  The future is also unknowable; what will President Trump do with this sort of power? Who will future presidents target with surveillance? If we have encryption, it matters less when the government misbehaves.

This write up covers the specific argument that we should return to the situation that existed prior to Apple embedding unbreakable encryption directly into their commercial hardware and software because it would be simple, effective, and desirable; in reality, it would provide fewer checks on government power, provide little to no benefit to fighting terrorism and other claimed social ills, and would fundamentally harm American cybersecurity.

This flawed and weak argument is not the only case made against encryption, and it’s important to check out other discussions: John Oliver had an in-depth analysis of the Apple and FBI case, Matt Blaze had a nice interview last year in Politico, and Bruce Schneier, who literally wrote the book on encryption has a very concise and simple post from 2013.