Yesterday, Manhattan District Attorney Cyrus Vance, Jr. and law enforcement officials from Paris, London, and Madrid published an anti-encryption op-ed in the New York Times—an op-ed that amounts to nothing more than a blatant attempt to use fear mongering to further their anti-privacy, anti-security, and anti-constitutional agenda. They want a backdoor. We want security, privacy, and respect for the Fourth Amendment’s guarantee that we be “secure” in our papers. After all, the Founding Fathers were big users of encryption.
The government’s use of horror stories to convince us that we should unlock our doors and give it free reign to pry inside our lives is nothing new. FBI Director James Comey is notorious for his examples of how cell-phone encryption will lead law enforcement to a “very dark place.” Yesterday’s op-ed adopts Comey’s signature tactic, focusing on the fatal shooting of a man in Illinois in June of this year and suggesting—without any evidence—that but for encryption built into both of the victim’s two phones (both found at the crime scene), police would have been able to track down the shooter. Never mind that of the two devices mentioned in the article, one of them (the Samsung Galaxy S6) isn’t actually encrypted by default.
The op-ed goes on to cite numerous other “examples,” again divorced from any actual facts, of cases in which encryption supposedly “block[ed] justice”—including 74 occasions over a nine-month period in which the Manhattan district attorney’s office encountered locked iPhones. Vance has touted this statistic before. But a spokesperson for his office told Wired last month that the office handles approximately 100,000 cases in the course of a year, meaning that officials encountered encryption in less than 0.1% of cases. And Vance has never been able to explain how even one of these 74 encrypted iPhones stood in the way of a successful prosecution.
The op-ed faults Apple and Google for attempting to offer their customers strong, user-friendly encryption. An iPhone with iOS8 automatically encrypts text messages, photos, contacts, call history, and other sensitive data though the use of a passcode. But contrary to the suggestion of the op-ed’s authors, Google has already backed off its promise to offer its users encryption by default, and the data on a stock Samsung S6 is accessible to law enforcement via forensic analysis tools.
But what’s more important than the op-ed’s shortage of facts is how out of touch it is with not only the fundamental importance of encryption and how encryption works, but also the U.S. Constitution.
The op-ed calls for an “appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes.” This single sentence demonstrates the numerous ways in which the authors are untethered from reality.
First, the benefits of encryption are in no way “marginal”—unless you view ensuring the privacy and security of innocent individuals across the globe as trivial goals. The authors here reveal their failure to appreciate the need for encryption to protect against not only security breaches, but also criminals (the folks they are supposed to be protecting us from) and of course pervasive and unconstitutional government surveillance.
Second, when the authors say they want an “appropriate balance,” what they are really asking for is a backdoor—or golden key—to allow government officials to decrypt any encrypted messages. As The Intercept explained in an article outlining the many things wrong with the op-ed, Vance and his counterparts in Paris, London, and Madrid are “demand[ing]—in the name of the ‘safety of our communities’—a magical, mathematically impossible scenario in which communications are safeguarded from everyone except law enforcement.”
We’ve said it before and we’ll say it again: It is technologically impossible to give the government an encryption backdoor without weakening everyone’s security. Computer scientists and cybersecurity experts agree, and have been telling the government as much for nearly two decades. And earlier this year, one Congressman with a technical background called encryption backdoors “technologically stupid." Everyone who understands how encryption works agrees.
Third, law enforcement isn’t currently and won’t in the future “go dark” as a result of encryption. The government voiced the same concerns over encryption stifling criminal investigations during the Crypto Wars of the 1990s—i.e., Crypto Wars, Part I—which saw efforts by the government to prevent the development and distribution of strong consumer encryption technologies. (Protecting your ability to use strong encryption was one of EFF’s very first victories.) Such concerns have proven to be unfounded in the past. Just a few weeks ago, former NSA director Mike McConnell, former Homeland Security director Michael Chertoff, and former deputy defense secretary William Lynn—in a Washington Post op-ed in support of ubiquitous encryption—remarked that despite losing Part I of the Crypto Wars,
[T]he sky did not fall, and we did not go dark and deaf. Law enforcement and intelligence officials simply had to face a new future. As witnesses to that new future, we can attest that our security agencies were able to protect national security interests to an even greater extent in the ’90s and into the new century.
The same is true today. And as the former national security officials recognize, “the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.”
At its core, yesterday’s op-ed demonstrates a fundamentally different vision for the future than the one we have here at EFF. Our vision is for a world where the privacy of communications are protected and where we can use the best tools possible to protect it. The vision of Vance, Comey, and others in the anti-encryption camp is for a world where no one is secure and where everyone is vulnerable. Their vision is not consistent with reality. And we hope the public is not swayed by their fear tactics.
Correction: An earlier version of this post stated that Google would have been able to unlock the specific model of Samsung phone at issue in the Illinois example. While it is not the case that Google could have unlocked the phone (regardless of whether or not it was encrypted), the data on the phone at issue, unless its settings were modified, would have been accessible via forensic analysis tools commonly sold to law enforcement.