If Congress Cares About Data Security, It Shouldn’t Weaken Encryption

More Americans than ever are concerned about protecting their data. Congress, too, has echoed these concerns. And on hearing these concerns, technology businesses like Apple, Facebook, and Google have incorporated encryption into their products.

Although complex in execution, encryption is simple in concept: companies convert information like our passwords into a code that only we can crack.

Encryption keeps our phones, social media profiles, email accounts, and even our voting booths safe from unauthorized access. In other words, it keeps our information safe from data breaches and from hackers, including those working for shady foreign governments. And with foreign hacking attempts growing more sophisticated every year, encryption is our best defense.

As with other privacy issues, encryption is disliked by law enforcement because it slows government access to our data. And that, to some, is unacceptable.

At a U.S. Senate Judiciary Committee hearing this week, senators offered a bipartisan beatdown of Apple and Facebook. They demanded that technology companies build security vulnerabilities into their products — a “backdoor” for government access. Senators threatened technology companies that failure to provide a backdoor into encrypted devices and platforms would lead to legislation making access mandatory.

Senators’ concerns about encryption are not baseless. Widespread adoption means popular services that encrypt data can also be used by bad actors at home and abroad to orchestrate crime. During the hearing senators consistently raised concerns that encryption could make it harder for the government to crackdown on child pornography, for example.

But building a backdoor into encrypted devices and platforms poses a monumental risk. As the Washington Post argued in October 2019, once technology companies open the backdoor to the U.S. government, foreign governments with much less respect for freedom and human rights will demand the same power.

If you think of data security like a safe with your valuables inside, “keys” and “backdoors” create a new vulnerability, regardless of who owns them. These solutions inevitably make data less secure. “Keys” can be misplaced. “Backdoors” can be broken through.

Everything we would want digitally stored relies on encryption to keep it safe. This means our bank accounts, credit cards, family’s vacation photos, sensitive health information, Tinder messages and Pinterest boards would be made more vulnerable if encryption is weakened.

Every year, more aspects of our lives are digitized. And every year, more criminals try to take advantage of that. Encryption is the only thing standing between us and a tidal wave of cybercrime.

But, senators argued, we need not worry: The backdoor will remain open only to the companies who install them and will be used only when those companies are served with valid legal process like a search warrant.

Although attractive on its face, this “solution” will leave everyone’s data vulnerable to hacking and breaches. It assumes, for example, that companies will be able to intentionally weaken their users’ security while simultaneously protecting those weaknesses from being exploited by bad actors. That assumption is wrong.

As representatives from Apple and Facebook pointed out, this isn’t possible. “We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in,” explained Apple’s Manager of User Privacy, Erik Neuenschwander.

Facebook’s Product Management Director for Privacy and Integrity in Messenger, Jay Sullivan, agreed, adding that intentionally weakening encrypted systems “would undermine the privacy and security of people everywhere and leave them vulnerable to hackers, criminals, and repressive regimes.”

And the damage wouldn’t stop with individual Americans. The U.S. government, including members of Congress and those running for office, would be at risk. Remember the Kremlin-backed hacks of the DNC’s servers in 2016? Encryption is undoubtedly an issue of national security.

As Senator Mike Lee observed, “if we open these things up, there are consequences.” And those consequences — including risks to our digitized lives and to our national security — are too great for us to ignore, especially when alternative solutions can help law enforcement fight crime without undermining safety on the internet.

If Congress is concerned that law enforcement is struggling to tackle crime in the digital age, it should work with tech services to develop solutions that limit all sorts of crime online. Even if weakening encryption could help law enforcement catch some criminals, such a policy would open the door to a new wave of hackers, identity thieves, and even child predators.

Encryption is the single strongest line of defense against cybercrime. Without it, we have no protection.