Its too Late to Stop Encrypting Now
The internet may never have been a medium that could by its design afford you privacy. The nature of digital communication and rapidly affordable computing meant easy surveillance happened long before easy privacy.
What afforded us protection with analog technologies in the past may not just have been the warrants required to tap them so much as the physical difficulty of placing yourself between data and its destination. In its early days the internet rode on the same analog infrastructure and perhaps those same protections just seemed implicit. Nonetheless the early core principle was always ease of communication and being under surveillance still meant a wiretap or something being physically confiscated.
Spying on the early internet was in many ways external, physical, and subject to all the old paradigms of law enforcement. Its not until now, decades into the modern computer revolution, that we’ve collectively stopped to take stock of what has changed as an industry.
We built our world on an infinitely more surveyable medium and then expected privacy to manifest itself.
As a result there is a thread of thought running through government that not being able to easily access your data, whilst keeping it “secure” is somehow the result of not thinking hard enough about the problem. As if through the last decades of cryptography and information security study, researchers just hadn’t really been putting their back into it.
All the while the security apparatus of the US Government and Governments around the world have grown comfortable with their level of access to our data. And as a consequence of having it they are forced to argue its value in terms of our security even when they cannot reliably point to use of our data that led to terrorist arrests, plots foiled, or measurable lives saved.
“If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?” Mr. Obama said. “How do we disrupt a terrorist plot?” — New York Times
When we’re not thinking of the children, we’re invoking terrorism, but even that argument rings hollow when it comes to stopping the Boston Bombers, the San Bernardino shooters, or even cracking into their iPhones.
From what we can tell none of these plots were incredibly technologically sophisticated, they we’re just planned in small groups that didn’t need to coordinate across the internet.
Weakening encryption won’t stop these plots because encryption never made them possible in the first place, but saying so fits the narrative.
What we know today is that if we want to truly durable security we always come back to very straightforward concepts. One of those is minimize your points of failure and another is to make information difficult to parse while its in transit. Any form of a Back Door or “Front Door” assails those concepts with a hammer.
The internet today has ceded user security and privacy in uncountable ways as advertising and tracking became more sophisticated, but for the most part it was done for mundane things like better targeted keywords, or more content curation. We built the infrastructure of the web with this kind of data collection in mind and have only started papering over parts of it with encryption now that the consequences are deafeningly clear.
Initiatives like fully encrypted messaging in WhatsApp, LetsEncrypt, Do-Not-Track in browsers, and even the pseudo security of ephemeral Snapchat messages are all reactions to the realization that if we’re going to reconcile with the surveyable nature of the internet then we have an obligation to make what we send through it more secure.
Those of us who work on products on the web have a unique opportunity to fulfill that obligation because of the perspective and context our work lends us. Many of our users can’t advocate for themselves and most have no exposure to safeguards we’re battling everyday to implement.
In your own home you know where the doors and windows are, you understand why locking them is important and you’re well equipped to argue on your own behalf when someone suggest you remove your locks.
We’re the stewards of billions of digital homes and it is up to us to secure the locks. If you’re on the sidelines don’t stay quiet on encryption. Loud clear voices in this field have never been more important than now.