In the news, and in Congress lately, there has been a substantial amount of discussion about encryption. From the Apple-FBI scuffle over decrypting iPhones, to WhatsApp’s decision to adopt encryption, to Congress recent bill to end encryption by another name, the Compliance with Court Orders Act of 2016, encryption is a major issue in America today.

But at the end of the day, the encryption issue simply does not have two sides. There is a mathematically justified side, and a side that doesn’t know what they’re talking about. You cannot just refuse to accept mathematical reality and demand a different answer from the universe.

 

What is Encryption?

Put simply, encryption is using a secret piece of information to scramble a message or other piece of information.

Almost everyone has experience with encryption, at some point in their lives, such as writing scrambled messages or coming up with secret codes. We’ve all done word substitutions, letter substitutions, code words, and various other sorts of things. These sorts of casual secret messages are encryption, they’re just not very strong encryption. Very smart experts could figure out these weak codes if they were so inclined.

Strong encryption takes the same basic principles and applies decades of research by large numbers of very gifted people to make it very, very difficult for other very gifted people to figure out.

 

What is a “Backdoor” Anyway?

The danger of having tech policy be decided by tech illiterate people who are scared of what they don’t understand is that they might be seduced by the possibility of a “backdoor.”

There’s no question it is possible to create breakable codes. In fact in most respects this is a lot easier than trying to make an unbreakable code. Deliberately introducing a vulnerability like this is exactly what is being contemplated when people talk about “banning” strong encryption, or requiring that the government be allowed to access encrypted information.

The problem is that any method you might create which allows for the code to be broken can be used by anyone. Just like with our amateur letter substitution codes, a vulnerability is a vulnerability to everyone, not just an intended recipient who might have the required information necessary to read the message.

Hackers, criminals, and anyone else is going to be just as able to break your encryption as the government would be. It’s the functional equivalent of banning the use of locks on doors because it’s too troublesome for the government to open doors with locks.

 

What is “Key Escrow”?

Key escrow is another proposed “solution” to the “problem” of people using real encryption. Essentially, key escrow means that another party (i.e. Google/Microsoft/Apple) must keep your secret encryption key. Then, because they know how to decrypt the message, they have the ability to turn that key over to the government upon their demand.

Key escrow is also fatally flawed, for several reasons. Although it doesn’t instantly render the entire system pointless the way deliberately introducing a backdoor does, it does create the danger of some extremely bad things happening.

The immediate danger is that keys have to be transmitted to where they are going to be stored. Granted, secure key transmission can be done by using strong encryption, but now we’re just begging the question about genuinely secure encryption. Compromised encryption can’t be used to create a firm foundation for another compromised encryption to safely transmit keys. Attackers can potentially get ahold of keys, either during transmission or where they are being stored.

But the real nightmare scenario is much, much worse. Let’s suppose a large tech company like Microsoft were required by the government to keep everyone’s keys. Every prospective black hat hacker in the entire world will then know two things: 1) there exists, out there somewhere, the Holy Grail of hacker targets that would basically give a hacker access to the devices of EVERYONE; and 2) even if it is well-hidden and well-defended, government agencies necessarily know how to access it.

The nightmare scenario in a key escrow system is that some nefarious hacker, maybe several years down the line, lays hands on the Holy Grail of servers and pwns the world to an extent we cannot currently imagine.

 

Conclusion

People have been writing secret messages for thousands of years. The only difference is we’ve gotten a lot better at it very recently. And I see no reason why people should be forced to use intentionally broken security and privacy tools. The disadvantages of this policy clearly outweigh its dubious benefits.

In any case, refusing to allow real encryption is going to cause an exodus of security and privacy-interested individuals and businesses from American tech businesses. Companies in Europe and around the world are going to use encryption they have a reasonable belief isn’t compromised, and if they know for a fact that all American systems are compromised, it’s breaking the kneecaps of American technology internationally.

Worse, it’s never, ever going to accomplish its intended goal of enabling the American security establishment to break the encryption of terrorists and criminals. They’re obviously not going to use a system they are 100% sure is broken. Even creating your own amateur encryption system is going to be more effective than using a system compromised by design.

Moreover, banning encryption is moronic from a civil liberties standpoint. It’s a huge infringement on individual free speech, privacy rights, and even property rights to exercise ownership of devices you own.

This encryption “debate” is a good example of an argument between the knowledgeable and the ignorant. The fact of the matter is that it is totally impossible to do what the tech-illiterate policymakers want to do; to create a method that allows only the government to break an encryption system. And, further, even if it were possible, it would be an incredibly stupid idea to sabotage every American tech company and every American’s privacy and security, for nothing.