Why FBI Is Wrong On Encryption Workaround

Such a measure would invade privacy, extend government overreach, and hurt US tech companies.

Daniel Castro, Senior Analyst, Information Technology and Innovation Foundation

December 3, 2014

5 Min Read
FBI director James Comey

7 Important Tech Regulatory Issues In 2015

7 Important Tech Regulatory Issues In 2015

7 Important Tech Regulatory Issues In 2015 (Click image for larger view and slideshow.)

FBI director James Comey reignited a long-running controversy recently when he argued that the encryption US technology companies such as Apple and Google use on their devices could impede law enforcement's ability "to prosecute crime and prevent terrorism." Comey wants US tech companies to design a way for law enforcement officials to access the data stored on those devices. Of course, Comey conveniently ignores the fact that one reason some companies are working so hard to secure their customer data is because of past overreach by the US government.

In addition to raising the obvious privacy and government overreach issues, this proposal would also weaken the security and global competitiveness of US tech products. If the government pursues this path of demanding backdoor access to accounts and devices, not only will other countries insist on similar capabilities, but US companies will be fundamentally disadvantaged in the global marketplace.

It's surprising that the FBI is advocating such a position, given the Clipper chip fiasco during the Crypto Wars of the 1990s. Back then, the US government tried to push out an encryption standard that would give it backdoor access to every secure phone in the country. Perhaps sensitive to this history, the FBI has been trying to claim that it's not asking for backdoor access. Director Comey argued in recent remarks that the FBI wants "to use the front door with clarity and transparency," a dubious claim given recent Justice Department revelations of law enforcement officials impersonating reporters, creating fake Facebook profiles, and pushing for expanded hacking authority.

[It's no wonder: Americans Doubt They Can Protect Their Privacy.]

Regardless of what the FBI wants to call it, the fact of the matter is that by creating opportunities to circumvent security features in computing devices, the FBI would fundamentally make them less secure. Keys can be stolen, and the federal government hasn't been immune to data breaches.

There are at least two likely consequences of pursuing this course.

First, in a market where security is king, products and services with weaker security are less competitive. In the wake of the Edward Snowden revelations, the US tech sector already has begun to lose out to European and Asian competitors that promise better security from the prying eyes of the government. The Information Technology and Innovation Foundation estimated last year that Snowden's NSA disclosures may cost the US cloud computing industry alone between $22 billion and $35 billion over the next several years by shattering confidence in the security of US companies.

Indeed, a number of countries are pushing "buy domestic" rules and labels for technology products to reduce intrusion from US surveillance while conveniently favoring their domestic suppliers. Under these circumstances, how popular will an "FBI-ready" phone really be on the global market? If US companies such as Google and Apple are prohibited from producing the most secure technology, then companies in other countries will meet that market need. Competitors such as ZTE in China and even BlackBerry in Canada could emerge/re-emerge as new global leaders.

Second, if the US pursues these policies, there will be nothing to stop other countries from demanding similar levels of unfettered access to encrypted data and communications. Other countries tried to push for this access in the past, but they didn't have the market power. For example, United Arab Emirates and Saudi Arabia threatened in 2010 to ban BlackBerry mobile phones in their countries because they were unable to monitor certain communications. If the US manages to tip this balance, countries like Russia and China are sure to follow.

It's understandable that law enforcement agencies, used to a world where they can open mail and monitor phone calls easily, are nervous about unbreakable encryption. However, these agencies must accept the premise that some communication networks, especially those used by the most elite criminals and terrorists, will inevitability "go dark." If the US government insists on backdoors in domestic products, those criminals and terrorists intent on avoiding surveillance will simply use devices made in countries that allow less vulnerable encryption. Rather than fight the tide of progress, law enforcement officials should work to find viable alternatives, such as analysis of other data sources and metadata, to solve and prevent crimes.

While the Crypto Wars of the '90s may be over, more battles lie ahead. As law enforcement agencies push for more access to emerging technologies, from autonomous vehicles to crypto currencies, policymakers need to decide if future technology sold in the US will be designed for government control or individual freedom. These decisions will ultimately affect not just the quality of products available in this country, but the competitiveness of the US tech industry in the global market.

Alan McQuinn contributed to this story.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

About the Author(s)

Daniel Castro

Senior Analyst, Information Technology and Innovation Foundation

Daniel Castro is a senior analyst with the Information Technology and Innovation Foundation and director of the Center for Data Innovation. Castro writes and speaks on a variety of issues related to information technology and Internet policy, including privacy, security, intellectual property, Internet governance, e-government, and accessibility for people with disabilities. 

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights