The disingenuity of “Going dark”-ism

Attorney General Barr is repeating the tired argument against end-to-end encryption, that it potentially frustrates law enforcement and is thus unacceptable. As happens reliably when proponents fail to actually understand the technology they are whining about, his points are based on unsubstantiated claims that fail to grasp the reality of the issue.

The fundamental issue is straightforward: should we outlaw end-to-end secure communication systems, to ensure that they are always subject to surveillance by law enforcement? The 2015 FBI-Apple dispute following the tragic San Bernardino mass shooting is perhaps the best known example.

The heart of the AG’s pro-backdoor position espouses is contained in this disingenuous portrayal of the argument: “Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety” [source]. This vastly under values strong encryption while simultaneously exaggerating the potential safety benefit.

Strong encryption is unambiguously superior to any system weakened by artificially carving out extraordinary access for the government. It is well known that any backdoor at all allowing eavesdropping must inherently degrade the security of the entire system, compared to end-to-end encryption dependent only on the integrity of the endpoints. Technical security aside, any lawful system that operates unbeknownst to the communicants is inevitably subject to abuse. Following the Snowden disclosures, “trust us” clearly doesn’t assuage these real concerns.

On the flip side, the government fails to even attempt to make the case that backdoor access is valuable. In the aftermath of San Bernardino, given Apple’s fervent resistance, the FBI ultimately claimed to have exploited a technical flaw and gained the access it sought, yet there is no indication that this in any way served the purpose of justice.

That case aside, many questions remain opaque behind the backdoor push.

• With ubiquitous backdoor access, won’t smart criminals use other means?
• How will law enforcement prevent free access to strong cryptography which already is distributed worldwide?
• We have always had “dark” communications (e.g. a quiet chat in an open field). Why is the digital any different?
• After digital communications have backdoors will the next step be to surveil of public places, buildings, and private homes?
• Which government communications will be exempt from backdoors?
• If only the government has truly secure communications, how does law enforcement and oversight operate there if this is so essential?
• Will backdoors be used only after the fact, or in real time? Will the right of private citizens to securely delete their data next be subject to restriction?
• What measurable improvement in law enforcement effectiveness is the government prepared to promise in exchange for backdoor access?

It’s pointless to debate this philosophically until the government provides a solid case for their position beyond dramatic talking points. Even with strong answers to all these open questions, obligatory backdoor access still needs to be weighed against the considerable loss of security involved.