How anti-encryption laws put everyone at risk
California and New York are working on bills that would prohibit (or severely restrict) encryption on phones. Why is encryption so important, and why are encryption laws that prohibit your ability to secure your devices and data such a bad idea?
Back before these United States of America were recognized as a country, we were colonies of Great Britain. Pilgrims to the Americas were typically fleeing governmental or religious oppression, seeking a new start is a far-off land, free from the shackles and scrutiny of over-reaching governments and tyrants. That was a long time ago, and what does it have to do with today’s smartphones, mobile operating systems, and encryption? To answer that we need to take a quick look at some history, and see how it applies to modern tech.
Warrants and Writs of Assistance
Before the American Revolutionary War, the British used an instrument called Writs of Assistance. These papers allowed those authorized to exercise them to enter private homes and businesses to search for evidence of smuggling (and other “crimes”).
“Smuggling”, was essentially a one-size-fits-all crime. Not paying the appropriate taxes on an item, buying an item from an unapproved merchant, failing to have “sufficient documentation”, or any other number of alleged activities could be considered “smuggling”.
These general warrants permitted the holder to search any place they so desired, without naming the place, or what goods they suspected they would find. These writs never expired and were considered a valid substitute for search warrants (which were much more specific in nature).
Searchers could “enter … break locks, bars, and everything in their way; and whether they break through malice or revenge, no man, no court can inquire” (James Otis). Put another way, if you did something that upset a person in power, they could obtain a Writ of Assistance, and use it to ransack your home – destroying anything they wanted to in the process.
Writs of assistance were actually contrary to British legal tradition, but that didn’t stop a vindictive government from using them to terrorize people they disagreed with.
What’s this got to do with me?
Enough with the history lesson.
The take-home message is that governments and people in powerful positions have violated privacy as a weapon against their foes. That’s still happening today!
Last year the IRS was found to have maliciously targeted groups on one side of the political spectrum. The the last few years we’ve learned that backdoors were found in Juniper and Cisco firewalls. The NSA was caught spying on members of Congress, officials in foreign governments, and the general public.
Major stores, online realtors, and even personals sites have been hacked – exposing financial and intimately personal data about customers.
The common thread between all these? Privacy.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. – Fourth Amendment to the Constitution of the United States of America
Since so much of our lives (and personal data) is stored on (or travels through) our smartphones, securing those devices is the modern day version of our “persons, houses, papers, and effects“. Too often, however, law enforcement, state agents, or even just malicious hackers want access to that data.
Malicious hackers shouldn’t be able to access our phones. Strong lockscreens and whole-device encryption are the tools that keep us safe. I don’t think you’ll find any reasonable person who will argue against strong tools to allow us to keep our information private and our devices secure from this type of person.
However, we’ve already seen far too many cases of overreach by law enforcement – at every level. It pains me to say it, but law enforcement has proven that they’re not trustworthy to hold the keys to our privacy. They’ve spied without warrants (and continue to do so). They’ve searched in blatant violation of the Fourth Amendment. They have lost the trust of those they’re tasked with protecting.
People in this country are considered innocent until proven guilty by a jury of their peers. Law enforcement needs to obtain warrants before they search or seize anything – they should not presume guilt and go on witch hunts. That’s where I stand, and you may disagree. If so, that’s fine. We can still be friends and agree to disagree.
However, weakening or eliminating our primary tool for privacy (which is exactly what encryption is), or putting in backdoors or giving keys to various agencies, fundamentally weakens our ability to keep our personal information private from the people that we all agree are “the bad guys”. Anti-encryption laws do just this – and they put everyone at risk.