Rethinking Encryption

A really interesting article on the encryption debate from Jim Baker, who was the FBI’s general counsel when it tried to get Apple to decrypt the iPhone of one of the San Bernardino shooters in 2016.

Baker argues that despite law enforcement facing the prospect of losing access to plain text messages from various sources, and the extra difficulties involved investigating certain cases, widespread encryption should be encouraged by all public officials to counter the much graver threat posed to national security from insecure networks and communications.

Today, digital technology is pervasive and society relies on a range of devices, networks and services to conduct its most important affairs. The political, economic and military power of the United States, as well as the health, safety and welfare of Americans, depend heavily on the secure and reliable operation of a complex digital ecosystem. We have connected our most vital international, national, regional and local systems to an inherently vulnerable network of networks. Glenn Gerstell, the general counsel of the National Security Agency, recently wrote a compelling piece about the complexities of the global digital network and the many challenges it presents to the United States.

It is, therefore, essential that we safeguard the confidentiality, integrity and availability of data on those networks. But we have not done so. The failures are systemic and involve poor design, poor implementation and poor risk management. The cybersecurity problems of the United States and its allies are profound.

With China, in particular, aggressively hacking everything from universities, to companies and Governments, Baker points out that the ongoing threat from that activity far outweighs the loss of access to some criminals’ messages.

Refreshing to see this argument put forward when we’re so often only presented with the simplistic “do this or criminals/terrorists/paedophiles will escape justice.” The fact is that our entire society now relies on strong encryption and weakening it will have far-reaching unintended consequences.