The New York Times reported this morning on a Federal government plan to put government-mandated back doors in all communications systems, including all encryption software. The Times said the Obama administration is drafting a law that would impose a new "mandate" that all communications services be "able to intercept and unscramble encrypted messages" — including ordering "[d]evelopers of software that enables peer-to-peer communication [to] redesign their service to allow interception".
Throughout the 1990s, EFF and others fought the "crypto wars" to ensure that the public would have the right to strong encryption tools that protect our privacy and security — with no back doors and no intentional weaknesses. We fought in court and in Congress to protect privacy rights and challenge restrictions on encryption, and to make sure the public could use encryption to protect itself. In a 1999 decision in the EFF-led Bernstein case, the Ninth Circuit Court of Appeals observed that
[w]hether we are surveilled by our government, by criminals, or by our neighbors, it is fair to say that never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty.
For a decade, the government backed off of attempts to force encryption developers to weaken their products and include back doors, and the crypto wars seemed to have been won. (Indeed, journalist Steven Levy declared victory for the civil libertarian side in 2001.) In the past ten years, even as the U.S. government has sought (or simply taken) vastly expanded surveillance powers, it never attempted to ban the development and use of secure encryption.
Now the government is again proposing to do so, following in the footsteps of regimes like the United Arab Emirates that have recently said some privacy tools are too secure and must be kept out of civilian hands.
As the Internet security community explained years ago, intentionally weakening security and including back doors is a recipe for disaster. "Lawful intercept" systems built under current laws have already been abused for unlawful spying by governments and criminals. Trying to force technology developers to include back doors is a recipe for disaster for our already-fragile on-line security and privacy. And like the COICA Internet censorship bill, it takes a page from the world's most repressive regimes' Internet-control playbook. This is exactly the wrong message for the U.S. government to be sending to the rest of the world.
The crypto wars are back in full force, and it's time for everyone who cares about privacy to stand up and defend it: no back doors and no bans on the tools that protect our communications.