If you have not been reading the evolving articles from the Washington Post’s Orin Kerr in reaction to Apple’s move to increase the level of encryption in iOS 8 and remove their ability to decrypt data even in the presence of a legitimate, court issued warrant, I highly recommend you do so. Part 1, Part 2, Part 3.
I was initially frustrated by the first article as Kerr took the position that the move made by Apple was bad for society. This is contrary to my opinion that it was a bold, necessary, and appreciated move. Upon reading his followup pieces, I found my frustration was misplaced. I appreciate the way that he has reevaluated his opinions based on feedback received. He deserves praise for his willingness to rethink his premise and even if he concludes where he started, I have great respect for the journey he has taken.
But I thought it important to look at why I had such a visceral reaction to his first article and try to address the question he poses in his third.
The civil libertarian tradition of American privacy law, enshrined in the Fourth Amendment, has been to see the warrant protection as the Gold Standard of privacy protections. The government can’t invade our private spaces without a showing that the invasion is justified by the expectation that the search will recover evidence. And the government must go to a neutral magistrate and make that case before it conducts the search. When the government can’t make the showing to a neutral judge, the thinking runs, the public interest in privacy outweighs the public interest in solving crime. But when the government does make that showing, on the other hand, the public interest in solving crime outweighs the privacy interest. That’s the basic balance of the Fourth Amendment, most recently found in the stirring civil libertarian language in Riley just a few months ago.
Apple’s new policy seems to thumb its nose at that great tradition. It stops the government from being able to access the phone precisely when it has a lawful warrant signed by a judge. What’s the public interest in that?
I am a huge fan of the Fourth Amendment and was thrilled as the Supreme Court took on how to apply and update the rules to our digital lives. I praised the court when it issued its decision in Riley. So why was I now also praising Apple for, as Kerr rightly states, thumbing their nose at the legal victory so recently won?
Two reasons; one technical and one emotional.
Kerr clearly got many responses that addressed the technical risks associated with Apple’s original methods of allowing device access and they are quite valid. They boil down to the classic criticism against “security through obscurity.” If Apple has a backdoor method to access data on an iPhone given physical possession, someone else can (and will) eventually reverse engineer that process. That subversion of the Apple technical process also subverts the legal protection that the court system and Fourth Amendment provides. It allows people, not under the auspices of a legally granted warrant, to gain access to private data.
My frustration came not from the technical, it was an emotional response. It came from a breach of trust. In Kerr’s first article he makes the assumption that the government of the United States religiously follows the spirit of the Fourth Amendment. As has been shown through the leaks by Edward Snowden, the US Government has not kept true to the spirit of the Fourth Amendment and possibly not even the letter of current law. It is clear to me that recent administrations have gone out of there way to stretch any possible loophole to allow access to personal data while hiding under the cloak of “national security.”
If I believed that the only method that US Law Enforcement would get access to my personal data was through the warrant process and the review by an impartial magistrate, I would be far more sympathetic to the concerns of Orin Kerr. But I have lost much of my faith in the legal protections afforded me in the Fourth Amendment and I want to have the power in my own hands.
And that means crypto, crypto, and more crypto.
So I applaud Apple’s move as it, happily, protects me against those of my citizen peers who wish me harm, and, sadly, protects me from agents of my government who have broken faith with one of the core values I believe our country was founded on.
In his third article, Kerr poses a quite reasonable question:
Strong crypto has benefits and costs from the standpoint of security and public safety. For many Internet users, the benefit side is obvious: Crypto allows individuals to keep people out who should be out. But there’s also a cost side, because it also allows individuals to keep people out who shouldn’t be out. Unfortunately, sometimes people use computers and the Internet to facilitate really bad crimes. Maybe the crime is child molestation offenses involving child pornography, or maybe it’s a conspiracy to commit murder or to inflict violence. Maybe it’s fraud or harassment or something else. To deter and punish those and other crimes, communities hire police to investigate crimes to collect evidence and charge wrongdoers in court, the thought being that solving crimes and bringing prosecutions is critical to deterring that kind of crime in the future and to punishing the wrongful acts. If an individual can use crypto to keep anyone out, however, people using computers to commit crimes will use that to keep the police out even when the police have a warrant.
So here’s the question: In your view, can there ever a point when there can be too much encryption — and if so, what is that point? In other words, do you think there could ever be a point at which crypto is so widely used in so many contexts to protect so much data so strongly, that you would think that the marginal costs of more and better crypto begin to cause more harm than good? Some very vocal readers take the view that the government is fundamentally illegitimate, and I gather that they will say that there is no such point. From their perspective, the very idea of governments solving crimes, and criminal law in its entirety, is misguided. But for readers who don’t go that far, and who see some legitimate role for law enforcement, is there any point at which you would say, in the hypothetical future, that there is too much encryption? If so, where would that line be, in terms of the scenarios that trouble you and government powers that you think would be cut back too far?
I need to be critical of his question. Kerr implies that people who do not believe there should be limits on cryptography are somehow anti-government and “the very idea of governments solving crimes, and criminal law in its entirety, is misguided.” This kind of statement is not helpful to the discussion.
But to return to his actual question, rephrased: Can there be too much cryptography? Is it acceptable to have (practically) unbreakable cryptography in widespread use?
A slight tangent is whether this issue will become irrelevant due to the progress of technology. Will the the balance of power shift to allow law enforcement the ability to break into encrypted system regardless of the wishes of the owner of the encrypted data? I think not.
We have entered an era where the cryptographers have so far outpaced the cryptoanalysts that attacking the mathematical foundation of cryptography is largely an academic exercise and does not result in actual breaks in the systems. Contrast this to 75 years ago where the cryptoanalysts were able to break many of the most advanced cryptosystems of the day (the German Enigma being the most visible example). Without a revolutionary discovery in computing, the balance of power will remain with the users of cryptography.
For this discussion, we must accept that it will always be possible for an interested individual to have effectively unbreakable crypto. I believe this conclusion makes Kerr’s question moot. The level of cryptography in use will continue to increase and nothing will stop it. The only question I believe can be considered is the implication to society of ubiquitous encryption of all personal data.
Attempts in the past to restrict the spread of strong crypto failed. Strong crypto either skirted the laws or strong crypto was implemented independently in other countries (see the rise of the security industry in Israel). Attempting to hinder the advance of science and technology is never successful.
Attempts in the past to implement crypto that had government backdoors also failed. This is analagous to trying to force people to use a product which is broken over fully functionally products. Even if companies can be forced to implement such a system, adoption of a “broken” technology when “non-broken” alternatives exist will be challenging at best. For those whom breaking the law is not a problem using proscribed technology will not be a deterrent.
I am not certain that the trend towards more cryptography will make it more difficult in general for law enforcement to do their jobs. I believe the situation is more subtle. I believe that ubiquitous encryption prevents law enforcement from getting access to information that would make their jobs easier. The increase in difficulty is only in comparison to a situation of complete data transparency that may or may not have ever existed.
There are two classes of crime that need to be looked at here. Crimes which take place in the physical world that have components in the virtual: I.e. a murder plot where the perpetrators conspire over email. And crimes which take place entirely in the virtual world. Finding examples of this case is considerably more difficult. (I.e. I can’t think of any. Bullying online has messages visible to the person being bullied, etc.)
If one assumes ubiquitous encryption, instances of the first type of crime will require law enforcement to use the tools they have used since before the advent of electronic communications. Law enforcement will need to rely upon the physical world evidence of the crime. Clearly, providing a virtual panopticon into all electronic communications could simplify law enforcement, but, as we have already established, that is not possible.
With regards to the second class of crimes, we need to determine what, if any, crimes are conducted 100% in the virtual world with no impact on the physical either by the perpetrator or victim.
Apple’s move to increase encryption in iOS 8 and Google’s move to do the same in their next version of Android will close off an avenue of information to law enforcement. But I believe this window of easy access will be seen as a very short one. In 50 years we will look back and only see a brief period at the birth of the interconnected world where data was not always encrypted. Society and law enforcement will adapt to this new technology as we have all others.
I want there to be effective law enforcement and I understand that it is a difficult job. But I do not believe that the advent of encryption in wide use will result in the inability of police to do their jobs. I believe the protection from criminals enabled by technology will increase the overall safety and security of society.
But these are important topics that should be discussed and I thank Orin Kerr for doing so.