Who's Winning the Cyber Encryption Debate?
The debate over encryption—whether tech companies should be required to maintain the ability to decrypt communications pursuant to a lawful government request—dragged on throughout 2015. The year started with a bang, as evidence was released suggesting that the National Security Agency had the ability to break certain virtual private network protocols and it had access to the encryption keys that major telecommunications providers use to encrypt network traffic. It ended with the debate back in the spotlight, as politicians mulled the need to weaken encryption in the wake of terrorist attacks in Paris and San Bernardino, California. (For a solid recap of what’s what in encryption, see this FAQ published by ProPublica.)
The format of this debate has become almost ritualized. Something bad happens. Politicians, law enforcement agents, and intelligence officials claim that encryption helped enable the bad thing or prevented them from stopping the bad thing. Privacy advocates, security researchers, and representatives of the tech industry respond that there was no evidence that was the case, and that weakening encryption would be even worse than the bad thing. The debate then dies down for a bit, nothing having been accomplished. Rinse, repeat.
In 2015 we heard from United Kingdom Prime Minister David Cameron; French Prime Minister Manuel Valls; telecommunications regulators in India and Pakistan; government attorneys and police officials in New York City, Paris, London, and Spain; NSA Director Michael Rogers; Senators Dianne Feinstein (D-CA) and John McCain (R-AZ); and presidential candidates Jeb Bush, Hillary Clinton, John Kasich, and George Pataki all arguing for some form of government access to encrypted communications.
None of them can match FBI Director James Comey, however, who’s long been one of the most outspoken U.S. government officials in the encryption debate. Comey is particularly opposed to end-to-end encryption, such as that offered by Apple’s iMessage, saying that “use of encryption is part of terrorist tradecraft now.” Testifying to Congress in early December, for the first time Comey gave a specific example of encryption getting in the way of a federal investigation: a shooter exchanged 109 encrypted messages with an “overseas terrorist” before shooting a security guard at an anti-Islam event in Garland, Texas earlier this year. Comey said he found it “depressing” that tech industry leaders support encryption and fail to acknowledge that there are “societal costs to universal encryption,” and called for companies to reconsider their “business model.”