Last week the Obama Administration announced that it would be shortly submitting legislation intended to force providers of all kinds of digital communication services (mail, voice, chat, Twitter, etc.) to install back doors in their services to allow government monitoring of all encrypted digital communication. No explicit details were given of how this is going to work, nor has the actual legislation yet been introduced. Hopefully it never will, because it simply won’t work.
It’s not that such technical back doors can’t be written (they can), nor is it even so onerous to force communication providers to change all their software since these services are rewritten often anyway. The problem is that such back doors will simply force terrorists and privacy freaks to roll their own encryption products often using technology that is already in the public domain and readily available.
All Osama has to do is encrypt his messages with a product like Pretty Good Privacy (PGP) before sending them. With tens of thousands of suspicious techies already using PGP and similar products, real terrorist communications will get lost in the flux.
For those who are unlikely to show such technical initiative, the feds may force Verizon, Google, and even Skype, to install back doors, but they can’t do so as effectively to two-guys-in-a-garage web encryption services that appear and disappear overnight and are given away for free.
Only the dumb crooks will be caught and at a terrible cost to the rest of us.
I have been covering this story since the Reagan Administration and in that time law enforcement has consistently worried about a growing technology gap that would keep it from intercepting criminal communications. A variety of standards have been proposed over the past 30 years with the general goal being to monitor virtually all communication in real time, something the National Security Agency is rumored to be capable of doing right now.
While this may seem very reasonable in a post-9/11 world, it isn’t. First there is the proposed scale of these activities, which is massive. As far back as the first Bush and early Clinton Administrations law enforcement agencies pushed for the capability to intercept up to 10 million simultaneous communication sessions. Yet according to a Congressional report issued annually on federal wiretaps, fewer than 2,000 legal taps have been ordered in any year.
Such an expansion of federal wiretap authorizations was ludicrous then, when there wasn’t the law enforcement manpower to implement it. And today when automation can probably replace manpower, making 10 million simultaneous wiretaps maybe a breeze to do, there are even more reasons to decry it as an invasion of privacy and even a possible violation of the Constitution.
When encryption is made illegal (that’s where this trend threatens to go) its presence creates a situation where we are guilty until proven innocent. That’s when encryption may well give way to obfuscation — hiding secret communications in plain sight in a process known as steganography — with the next terrorist plan easily hidden in the background noise on a Miley Cyrus music video.
Even if there were actually a backdoor for Internet communication services, it would eventually be used and abused by both the government and hackers. That would make government communications equally insecure — a huge threat to national security.
This is simply not a tool we need.