The controversy over Encryption

Encryption has been discussed in the recent news.  But if encryption is just a lock, why is it so controversial?  Detractors of encryption point to three main arguments: that they have “nothing to hide”, that it protects terrorists, and it is too inconvenient to use.  However, none of these arguments hold water.

Let’s say that Bob believes he has nothing to hide.  After all, if Bob is not doing anything illegal, he should not need to hide it with encryption.  First of all, it is extremely unlikely that Bob truly has nothing to hide.  There are so many federal laws and statues that no one even can count how many exist!  If the laws cannot even be counted, then how does Bob know he is really clean?  Plus, this can come back to haunt him.  If Bob becomes an activist, advocating against the US government, then the government can find an obscure law that he violated, and then have him arrested.  What’s to stop them if Bob does not use encryption?

Secondly, if one has nothing to hide, then why not post all of one’s passwords online?  This idea is repulsive; if one has their passwords online, anyone on the Internet can impersonate them or stalk them.  But encryption is what makes passwords work!  Posting passwords online has the same effect as banning encryption.  Therefore, both should be equally repulsive.encryption-article-2
Similarly, take this argument in the context of free speech instead of encryption.  If right now, one has nothing useful to say, would one support the banning of free speech?  Of course not – free speech is a fundamental American liberty.  Later, if one wanted to say something, then free speech protections would be important.  Likewise, just because one has nothing to encrypt is not a justification for banning encryption.

Another argument is that encryption protects terrorists, and therefore should be banned.  It is true that terrorists use encryption.  It is also true that terrorists use knives.  If we should ban encryption, then should we not also ban knives?  That, of course, is ridiculous.  Knives have all sorts of legitimate uses, from opening boxes to slicing food.  Encryption, like knives, is a dual-use item – something that can be used for good or bad.  In the case of encryption, the good strongly outweighs the bad.  Moreover, banning encryption on the account of terrorists would be practically impossible and ineffective at revealing terrorist plots.

Consider how one could ban encryption from the Internet.  Every website in the entire world would have to be searched, many of which support forms of encryption.  Then, encryption might be eliminated from the clearnet, which is the part of the Internet that you see everyday.  However, the dark net and the deep web – shadier corners of the Internet that are not regularly accessed – are roughly 10 times larger than the clearnet.  There is no Google for the dark net; such a program is technologically impossible.  Even if that herculean task was accomplished, the server locations are hidden, making them extremely difficult to search.  Regardless, if this was accomplished, encryption might be eliminated from the Internet.  But how about the billions of personal electronic device that harbor encryption?  All in all, it is totally infeasible to ban encryption from the Internet.  It is the fabric of the Internet.  Trying to stop encryption is like trying to censor ideas: it is impossible.

But even if every instance of encryption was destroyed, would that stop terrorists?  Of course not.  Terrorists could still communicate privately by using unethical methods, such as stealing someone’s computer or identity.  They could still meet in person, or become a lone wolf, performing attacks on their own.  Meanwhile, legitimate users of encryption could not have private conversations ethically.  Thus, banning encryption has the net result of allowing only terrorists to communicate privately: a rather unsatisfactory outcome.

Furthermore, the issue of terrorists “going dark” because of encryption is a false flag.  Documents from the Snowden revelations show that the National Security Agency (NSA) can decrypt the vast majority of traffic on the Internet.  Although encryption does make it more difficult for government surveillance, by no means is encryption perfectly unbreakable.  The NSA has a budget of over 2 billion dollars dedicated solely to breaking encryption.  Chances are, they can force their way around encryption.  Just look at the San Bernardino shooter’s phone.

Another argument is that encryption is inconvenient to use.  Certainly, there is a trade off between privacy and convenience.  One could work on an air-gapped computer located in a time-locked safe, running the TAILS operating system with no persistence, and physically destroy the RAM after use.  It would be impossible to break into such a setup; it would also be nearly impossible to use.

However, encryption is freely and easily accessible by anyone, due to an influx of free and open  source projects.  Take Signal, for instance.  It runs on Android, iOS, and all computers*, delivering unlimited international texting and calling, all for free, using a state-of-the-art encryption algorithm.  Too good to be true?  You can also take a look at the source code, and get paid if you find a security flaw.  This incentivises would-be hackers to report the flaws they find, which in turn, makes Signal even more secure.  Signal is so good that WhatsApp and Google Allo recently implemented the encryption that Signal uses into their respective apps.

Plus, there are free programs that can encrypt more things than you knew you had, for free.  Want to encrypt your computer’s hard drive?  BitLocker, DiskCryptor, and FileVault will do that.  Encrypted email?  ProtonMail and HushMail got you covered.  Private online chat? Cryptocat does that.  Secure texting and calling?  Signal, Telegram, and Silent Phone are great.  True secure, anonymous browsing?  Tor is NSA resistant**.  And finally, for the nuclear option, TAILS.  TAILS is an operating system that runs on a flash drive, leaving no records that it was ever used.  Even if a nation-state manages to break your encryption and trace you through Tor, all they will find is a ghost computer.

Thus, encryption has legitimate uses and is simple to use.  Although it can also be used to protect terrorists, banning encryption is unfeasible, and would lead to more harm than good.  So next time you want to send a message, consider using encrypted chat.  Make a statement that you care about encryption.

 

 

 

 

 

 

*Any computer which supports Google Chrome, which includes every major operating system

**According to the Snowden leaks, the NSA can only deanonymise a fraction of Tor traffic