Watch (4:38)

Why Encryption is the Answer for Both Individual and National Security

In this presidential campaign cycle in particular, we’ve become overly accustomed to polarization. Issues are often painted as black and white, devoid of nuance or complexity. Given this landscape, it perhaps should come as no surprise that the recent FBI/Apple showdown was frequently portrayed (even by us) as a battle between two opposing forces, privacy and security. Yet the participants in our recent roundtable made an extremely convincing case why privacy—specifically, encryption—is an essential component not only of individual security, but also of national security.

The debate isn’t between privacy and security, said Cindy Cohn, executive director of the Electronic Frontier Foundation. “It’s security versus security.”

We collected the various arguments offered by our participants in favor of strong encryption into the nine points below.

Cybersecurity should be at the forefront of our national security concerns. 

We’ve previously covered the fear-mongering surrounding terrorism, despite the fact that an American’s odds of being killed by a terrorist are exceedingly low (about one in four million). The overhyping of this threat also plays into the debate over the value of encryption. Americans who believe that terrorism is much more common than it actually is may be inclined to let the U.S. government monitor whomever it wants to surveil, with serious consequences for civil liberties.

“A lot of people find this surprising in our post-9/11 world but in 2013 ‘cyber’ bumped ‘terrorism’ out of the top spot on our list of national threats,” said Director of National Intelligence James Clapper at a January speech for the Naval Academy’s Cyber Lecture Series. “And cyber has led our report every year since then.”

Cybersecurity includes everything from protecting against corporate hacks like the one that released Sony employee communications and medical records, to attacks on infrastructure, like the one that left hundreds of thousands of Ukrainians without power in December 2015. The sheer volume of sensitive information stored online—from an individual’s banking information and medical records to national security communications—seems to be in and of itself an argument in favor of strong encryption.

“We’re negating what our own people are telling us is the biggest threat, which is cybersecurity,” Derek Khanna, an intellectual property litigation associate at Fenwick & West, in Reinvent’s recent video conversation. “A lot of the discussion hasn’t been fact-based; it’s been fear-based.”

We’re living in the Golden Age of Surveillance.

Organizations like the NSA and the FBI have more tools at their disposal than they ever have before, thanks to all of our massive, and rapidly expanding, digital footprints.

“When I look at the range of information that’s available to law enforcement and to national security people now, it’s tremendously large,” said Cohn. “We all use technologies now that make a record of who we talk to, when we talk to them. Law enforcement has a lot more information about us at their fingertips than they’ve ever had in the history of this country.” Cohn quoted Professor Peter Swire of the Georgia Institute of Technology, an expert in privacy law, who referred to our current era as the “Golden Age of Surveillance.”

Whistleblowers like Edward Snowden have ensured that the days in which the U.S. government’s surveillance activities went unacknowledged are long gone. “For the last few years, the world has been on notice that the U.S government has been surveilling the world, perhaps even our closest friends,” Behlendorf said. “People around the world, governments as well as individuals, are starting to see the importance of having secure cryptography that even new kinds of threats can’t penetrate.”

If the rest of the world is indeed moving in the direction of cryptography—partly due to the behavior of U.S. security agencies—it seems dangerous to set ourselves as the country with the least secure technology.

The government isn’t united on its views on encryption. 

As our participants pointed out, it’s easy to fall in the habit of saying, “the government thinks this, the government thinks that.” But different agencies within the federal government have different objectives. While the FBI is focused on using forensics to investigate past attacks, Cohn said, the NSA is more focused on preventing future attacks.

According to Jane Fountain, a distinguished professor of political science and public policy at University of Massachusetts Amherst, the FBI and Department of Justice (DOJ) operated independently of the White House in bringing this recent case against Apple.

“Secretary of Defense Ash Carter said he doesn’t think back doors are a good idea,” said Fountain. “The NSA itself is divided about this; Congress is divided about this … What’s complex about this is you don’t have this clear mapping of ‘I’m in this agency, therefore I have this kind of view’.”

Stances on encryption cross party lines.

Opinions on the breadth of power that government agencies should possess don’t necessarily fall neatly into party lines. “I think there are national security hawks both on the left and on the right,” Khanna said. “The real danger is universal surveillance, and it’s not a left or right issue.”

From Martin Luther King, Jr. to suspected communists, the U.S. government’s track record of respecting the civil liberties of activists and suspected dissidents is spotty at best. More recently, individuals as diverse as Black Lives Matter activists and Tea Party members have alleged that they’ve been surveilled by the government.

Now that the government’s powers of surveillance have expanded far beyond intercepting letters and tapping phone land lines, people on both the left and the right are realizing the potential dangers of limitless government oversight. Strong encryption protects activists from the meddling of their governments—not only in the U.S., but around the world.

Encryption curbs the power of regimes like Russia’s and China’s.

Too often, the encryption debate stays focused on what’s happening within U.S. borders. “Americans tend to think of America as the world,” said David Atkins, a journalist who writes frequently for the Washington Monthly. “But even if you open a backdoor to the American government and trust the American government not to abuse that authority, you cannot trust the Chinese government or the Russian government to not horribly abuse that same privilege. Once it’s abused in one case, it’ll be abused elsewhere, and that’s worse for people’s security overall.”

Our experts seemed to universally reject the idea that the FBI could possibly be the only group with access to a hypothetical backdoor. “If we can backdoor into devices, you can be sure that Chinese intelligence could backdoor into devices,” Fountain said. “We are in a hyperconnected, highly interdependent world. We need to be cognizant of European Union standards and practices, and we need to be cognizant of of what authoritarian regimes would like to see us pass in the United States. The stronger we make state surveillance, the more we legitimate authoritarian regimes.”

When it comes to finding terrorists, Big Data isn’t necessarily effective. 

While it may be tempting for the FBI or other governmental agencies to collect an abundance of personal information about U.S. citizens in the hopes of catching future terrorists, this wide net approach to ferreting out terrorists is rarely successful. “The best intelligence, as we discovered after the Iraq War, as we’re discovering with ideologically-driven lone wolves, is on the ground, human intelligence,” Atkins said.

Not all applications of Big Data are created equal. “Most people who understand Big Data analysis will tell you there’s really not enough similarity in how terrorist attacks develop to allow our Big Data techniques—which are really awesome at deciding whether you’re about to buy shoes or not—to tell whether you’re a terrorist,” Cohn said.

“Bad guys” will always have encryption.

It’s impossible to prevent terrorists or international crime syndicates from using encryption, but it is possible to protect the devices of ordinary citizens from being hacked by criminals—and that’s through strong encryption. A study released in February by cryptography expert and Harvard Law School Fellow Bruce Schneier analyzed 800 different encryption programs widely available around the world, and found that over half were created outside the U.S.

“One of the problems the U.S. would face if it were going to try to regulate in this space, or ban strong cryptography, is that it would end up making Americans less safe, because the people who are law-abiding would not have access to this,” Cohn said. “Bad guys are going to have strong encryption. You can bemoan that all you want, but encryption is applied math, and it turns out the Americans don’t have the only knowledge of how to apply math in a digital environment in the world.”

Our devices are going to become more and more embedded into our lives. 

In 5-10 years, Brian Behlendorf argued, we will be even more surrounded by our information technology—perhaps it will even be physically embedded inside us, and encryption will be more important than it is today. “The right to protect against self-incrimination applies to our brains as much as it does our phones,” Behlendorf said.

Not only could strong cryptography help secure our future technology, Derek Khanna argued, but the very emergence of this technology may depend on encryption. “For example, you really can’t have autonomous cars if there’s a legitimate threat of the autonomous car system being compromised and every car being programmed to crash into the median at once,” Khanna said.

America has the opportunity to set the global precedent for strong encryption.

Most Americans don’t want to see our technologists and innovators fall behind global competition, and strong encryption is an essential component of maintaining the edge that has allowed Silicon Valley to innovate so successfully.

“I pretty firmly believe that not only could we make the case to [national security experts] that America’s national security is enhanced by the widespread adoption of strong crypto globally,” Behlendorf said, “not only to protect American military interests but business interests, and human rights worldwide—but that we can also tie this to American exceptionalism, that we can lead the world in saying, this is the norm, this is the way you operate in the 21st century.”