Encryption Backdoors Won't Solve the Problem

In the wake of last month’s attacks in Paris and the recent tragedy in San Bernardino, CA, lawmakers and law enforcement have been scrambling for ways to prevent these atrocities from happening again. Unfortunately their efforts have coalesced around an idea that not only damages the American tech industry, but puts the security and civil liberties of all Americans at risk.

In recent weeks, we’ve seen the revival of a seemingly dormant debate about requiring encryption backdoors for law enforcement. This is not a new idea, and in fact was thoroughly debated and ultimately dismissed already this year for legitimate reasons.  And while the recent attacks have reminded us of the existence of an ever-present threat of terrorism, encryption backdoors are no more palatable today than they were six months ago.

The debate over encryption stems from several tech companies implementing encryption in their products in recent years.  These practices led law enforcement, and particularly FBI Director James Comey, to point out that encryption puts national security at risk and that the FBI needed access to that information. Security experts fired back this summer, pointing out that granting government access to encrypted communications would create a whole host of other problems, particularly making our communications and private information far less secure.  Even leading figures in the intelligence community such as the former Director of National Intelligence, Mike McConnell, asserted that it was folly to require such backdoor access.   The White House ultimately backed down in October, and said they would not push legislation requiring encryption backdoors for law enforcement. 

But the debate has since heated up again, and Comey re-iterated his points last week in a Senate Judiciary Committee hearing. Unfortunately encryption backdoors are not the one-size-fits all security tool that Director Comey and others make them out to be, and present significant other issues.

First, the U.S. government’s authority is limited to American companies. If we pass a law requiring encryption backdoors on U.S.-made technologies, terrorists and criminals can simply use technologies made elsewhere or create their own encryption. Second, as security experts point out, if encryption backdoors exist, someone other than law enforcement will find a way to crack them. That means all technologies with encryption backdoors will subject to hackers and cyber attacks from foreign governments. And finally, because backdoors will weaken security on American products and services, our tech industry will suffer. Any individuals or businesses seeking data security technology will look abroad for these products and services.

While it’s understandable that law enforcement wants every possible tool at its disposal for preventing terrorist attacks, encryption backdoors would have a minimal impact while creating a whole array of other problems. The negatives outweigh the positives by a pretty significant margin. Ultimately, Americans would face an increased risk of identity theft and hacking, the U.S. tech industry would suffer, and for what? To ultimately push terrorists off of iPhones and Android phones and onto other technology? It simply isn’t worth the trade-off.