What Should Encryption Protect?

What Should Encryption Protect?

The Paris attacks rekindled a long-standing debate between governments and technology companies over the proper use of encryption technology.  With terrorists using ever more sophisticated means to disguise their online identities and activities, a societal discussion about the boundaries of civil liberties and effective national security was inevitable.

The attacks gave the government’s case against encryption a palpable sense of urgency – when lives are at stake, national security requires a means to identify and locate criminals before they strike again.  The public’s demand for prevention of future attacks is a natural extension of that argument.  The government can only protect against the attacks that it has the capacity to detect.  As systems of encryption attain a level of complexity that the government is no longer equipped to work around on its own, the companies which create and maintain those technologies become the only viable avenue for government to perform its national security duties effectively.

Technology companies, on the other hand, tend to be more concerned with the security of legitimate activity.  There are rare and extreme national security cases where encryption becomes a liability.  Yet for the vast majority of people, encryption is what makes digital life possible in the first place.  Without the protections of encryption, the trust which underlies most technology platforms would quickly fade.

Yet there is a cultural aspect which lurks behind the debate over encryption.  Technology companies build highly complex network protocols to protect their customers, but also as a demonstration of their programming chops.  Government requests to provide a “back door” into those systems appear to be the purposeful creation of a systemic flaw.  It is the equivalent of an intentionally defective product – one whose intentional defects are even widely publicized, even if the defects can only be exploited by a privileged few.

Such a product is not only unattractive to consumers, but it also hurts the programmers’ pride.  Apple’s recent declaration that even the company will be unable to decrypt newer phones was partially a jab at security hawks, but partially a display of its technological superiority.

Civil liberties are already a fraught topic in the digital age; criminality is merely the most topical and frightening facet of the debate.  The stakes are high for governments, companies, and consumers alike, and all sides are actively promoting their often divergent interests.

Unfortunately, solutions remain elusive.  Creating a societal consensus around the proper use of encryption will be difficult, maintaining in the face of changing technology may be impossible.

Yet we will be forced to try.  Terrorism is here to stay, as are the technologies which occasionally facilitate it.