Why Outlawing Encryption Is Wrong

Putting data encryption solely into the hands of government employees won't prevent bad things from happening -- and it might encourage wrongdoing.

Jonathan Feldman, CIO, City of Asheville, NC

October 22, 2014

3 Min Read

the ability of citizens and businesses to secure their data in such a way that meets the approval of credible global security experts. That means no back doors.

Slippery slope
As more and more of our life goes digital, those of us who are skilled at translating manual processes into automated ones understand what back-door, automated access to our digital lives would look like.

Your photos will be instantly accessible. Jennifer Lawrence recently had firsthand experience with the risks that all Americans will have: Hackers were able to access (and then distribute) her private photos, created for her boyfriend and placed on Apple's iCloud, because of poor security.

Your love notes, similarly so. Your "private" journal, where you write ugly thoughts that nobody else should ever read -- also accessible.

Where does it end? The answer is that it doesn't. And just as law enforcement doesn't have back-door, automated access to your personal life today, it shouldn't have back-door, automated access to your business life, either.

Criminals favored
Thankfully, open-source encryption software without back doors has existed for a long time. If we outlaw data encryption and replace it with something that has a back door, we basically declare that law-abiding citizens won't have privacy, but criminals and other malcontents will.

The FBI's Comey says unchecked encryption could lead us to a place in which murderers, child abusers, and other criminals roam free. So are we to believe that murderers and child abusers won't use freely available open-source encryption software to cover their tracks if it's against the law to use strong encryption? Please. The only thing that outlawing data encryption will do is take it out of the hands of law-abiding citizens.

I'm sympathetic to the notion that law enforcement officials need a range of tools to catch the bad guys. And they continue to add new tools: DNA analysis, better systems to search fingerprints and perform forensics, predictive intelligence software, geographic information systems, log correlation, metadata… the list goes on.

Adding access to all US-based encrypted data is tantamount to enabling physical searches without warrants. Proponents will say that law enforcement will use due process, but that's not a given. People notice when a police officer walks into their house and reads their journal. It's a lot harder to notice an officer using a back door for nefarious purposes.

There's no reason to assume that law enforcement officials will be less effective simply because they must stick to tools legally at their disposal. And following Comey's call to outlaw encryption will lead to a police state that most law enforcement officials won't be comfortable with, once they realize the true impact on society.

You've done all the right things to defend your organization against cybercrime. Is it time to go on the offensive? Active response must be carefully thought through and even more carefully conducted. This Dark Reading report examines the rising interest in active response and recommends ways to determine whether it's right for your organization. Get the new Identifying And Discouraging Determined Hackers report today (free registration required).

About the Author(s)

Jonathan Feldman

CIO, City of Asheville, NC

Jonathan Feldman is Chief Information Officer for the City of Asheville, North Carolina, where his business background and work as an InformationWeek columnist have helped him to innovate in government through better practices in business technology, process, and human resources management. Asheville is a rapidly growing and popular city; it has been named a Fodor top travel destination, and is the site of many new breweries, including New Belgium's east coast expansion. During Jonathan's leadership, the City has been recognized nationally and internationally (including the International Economic Development Council New Media, Government Innovation Grant, and the GMIS Best Practices awards) for improving services to citizens and reducing expenses through new practices and technology.  He is active in the IT, startup and open data communities, was named a "Top 100 CIO to follow" by the Huffington Post, and is a co-author of Code For America's book, Beyond Transparency. Learn more about Jonathan at Feldman.org.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights