The high-profile Apple V. FBI case that flooded mainstream media in December last year caused a flurry of conversations on encryption and the compromises of national security. Apple’s decline to assist the FBI in accessing the device used in the San Bernardino case—followed by the FBI’s reveal that they had paid an outside company to hack the device—raised nationwide concern about the proper legal limits of encryption. And though it is a case fresh on many people’s minds, Century Foundation policy associate Sam Adler-Bell reminds us that “we’ve been here before” and that the questions we’re asking now are far from novel. In fact, the debate over privacy at the hands of security has been around since the 1970s. Last week’s “Debates of the Century @NYUWagner” raised these concerns and exposed its audience members to the quiet realities of encryption by putting forth the motion, “Government should have lawful access to any encrypted message or device.”
Debate opponents CNN host Fareed Zakaria and former NSA contractor Edward Snowden went head to head over whether locked devices and messages keep us safe, or in Snowden’s words, over whether the American people should be entitled to a level of “more security or less security.” The debate, moderated by Century Foundation senior fellow Barton Gellman, was part of TCF’s Spring 2016 event series, meant to offer enlightening discussion on relevant policy issues and provide factually accurate information straight from the experts. Snowden, who tuned in remotely via video link from Moscow to debate against the motion, and Zakaria, who debated for the motion, offered insightful viewpoints—but perhaps more importantly, proved that the argument remains far from being either black or white.
Zakaria reminded us that the time to determine encryption protocol is now, “not in the wake of the next terrorist attack.” This, however, proved to be generally perceived as a difficult task, with 77 percent of the audience in the TimesCenter that evening expressing their favor of strong, unbreakable encryption, as indicated by the pre-debate audience poll illustrated in Figure 1.
What We Talk About When We Talk About Encryption
“The backbone to computer security today is encryption,” argued Snowden, highlighting that many national security experts treat cyber attacks against critical networks and databases as comparably dire threats to our national security as traditional terrorism. Today, encryption expands further than just our smartphones: it’s the base that makes our entire government and industrial infrastructure function. In a perfect world, we would find encryption that only works for the good guys, but math is math, and works the same for Mother Theresa as it does for Osama bin Laden. “It’s the thing that keeps your money in your bank account, rather than in a criminal’s,” he said. And in case that didn’t raise enough eyebrows, he went one step further, saying that it’s part of the puzzle that makes hospitals function, taking care to electronically deliver a “therapeutic dose” or a “fatal one” to patients.
Zakaria countered by comparing the Apple v. FBI encryption case to a hypothetical situation describing Bank of America as an institution who might at one time offer an unbreakable box. In response to Apple’s unique choice to strongly and permanently encrypt their devices, a question arises: “Why does any institution, frankly, any company in the United States, not have the right to encrypt the information it has—this is relatively routine software at this point—and then argue that it has created a zone of immunity in which no laws can reach, no courts can reach, and no government can reach?” In reality, despite Snowden’s security concerns, we’ll never have an absolute zone of privacy. Why? Because your employer still has access to your emails and web browsing, and third-party companies are constantly collecting and selling your data.
Who Gets A Copy of the Key and When?
There’s a significant grey area in the encryption debate. To this end, Gellman asked, “can we provide keys to a single device without compromising access to all devices?” In response, Zakaria pointed to Microsoft’s Bill Gates, who has publicly identified over seventy cases in which the FBI has been able to decrypt devices—without the assistance of the devices’ manufacturing companies—while maintaining the security and integrity of every other device in the country.
Now let’s consider an hypothetical situation about an individual who has successfully gained access to his or her personally encrypted “vault” which stores personal assets and information. While encryption can be useful for this civilian, there’s a caveat in this scenario. Snowden cites from experience: once a way into said “vault” is established, this will mean, “we [the government] can follow you, and we will, we can steal the key, and then we will own your vault.” No longer does the “vault” remain private after being decrypted.
So what’s the compromise here? Until now, law enforcement has done just fine in cracking most cases, and the demand for unlocked devices typically only manifests in extreme crimes. If police approach their job in a strategic manner, tactics other than decryption can suffice. However, solving these extreme crimes may involve “sprinkling money on hackers,” who are not always urged to close pried-open doors—leaving gaping security holes in their tracks. But this pick-and-choose method can fuel a system of unequal justice. Consider this example brought up by Zakaria: cops in wealthier areas such as Beverly Hills can invest in costly crime-fighting mechanisms (i.e. hire professional hackers, purchase surveillance technology), but cops in the Bronx cannot due to limited law enforcement budgets—resulting in more unsolved murders in less-fortunate areas. This is an incredibly difficult inequity to justify.
Old School Encryption?
During the debate, Gellman considered the encryption question from the legal standpoint of the United States Court of Appeals for the Second Circuit. Through this lens, it is yet again a different story. For example, the court cannot legally hold a safe-manufacturing company at fault if they cannot open one of their products—just like companies may not be held liable for encryption code they’ve written but cannot “unwrite” or break. Similarly, a court can legally compel a person to put their thumbprint on an [iPhone] reader to open a phone, but a person cannot be compelled to enter their passphrase. This is because the former is considered the compulsory legal provision of fingerprints whereas the latter is testimonial evidence.
Finally, Gellman asked if the evening was just a “weird, hypothetical debate”? The encryption question remains far from solved, but at the very least, providing access to reliable information is indispensable to the American people. An individual should not have to be an expert in a complicated area such as encryption to be able to discuss its merits and flaws. In the spirit of the evening, Snowden stressed the importance of public engagement in the fight for achieving a cohesive solution.
The second poll of the evening revealed that Fareed Zakaria accumulated a small portion of audience votes, from those who had either changed their minds or were previously undecided.
As a series that at its core is dedicated to encouraging open dialogue, “Debates of the Century @NYU Wagner” hopes to convert these undecided voters. Today’s media is in a dangerous state of carrying heavy bias and misinformation, but the public deserves to make their own informed decisions on issues such as encryption—which affects everyone. Watch the full debate video at the top of the post (also available via YouTube) to learn more and join the conversation via #DOTC2016.