Argument for Giving Law Enforcement Special Access to Encrypted Systems Falls Short
David Inserra /
In the continuing debate over whether law enforcement and intelligence officials should have some sort of special access to encrypted communications, officials are arguing that such access is important against “sloppy and stupid terrorists.”
Objections have centered on the counterargument that allowing the government some form of special access to encrypted communications and systems would undermine the cybersecurity of many individuals. Additionally, even if the U.S. required U.S. companies to provide special access, terrorists and criminals could switch to products that do not give the U.S. access, such as those made by foreign companies or open-source products. Robert Litt, general counsel for the Office of the Director of National Intelligence, conceded both points at a public event on Monday.
The “Sloppy and Stupid” Argument
However, Litt argued that some bad actors will be “sloppy and stupid.” In other words, they will not migrate to different platforms, but instead use products that the U.S. government can access. This is certainly true. Some terrorists will continue to use their iPhones for iMessage and FaceTime, even if Apple was forced to provide special access to duly-authorized law enforcement officers. Litt also argued that the private sector could and should develop a special access procedure that does not undermine security.
In this debate, law enforcement and the intelligence community would clearly benefit from special access. However, the policy question is what are the costs and benefits of this policy or its alternatives. In a recent paper, Heritage intelligence, homeland security, and legal experts concluded: “The current debate indicates that such access will substantially weaken cybersecurity and incent criminals and terrorists to switch from U.S. applications to foreign ones.” While these experts recognized that some bad actors will be “stupid and sloppy,” the costs of special access to cybersecurity could be extensive.
No Viable Solution
A secure, special access solution that Litt and others such as FBI Director James Comey have requested also seems to be unavailable. If there is a way to access encrypted technologies without introducing vulnerabilities into those technologies, one of the major costs of special access goes away. However, at this point, the individuals who say that such a solution is available are generally in law enforcement or the intelligence community. The technologists and encryption experts say it is not possible. While both sides certainly have their own biases, without actual encryption experts agreeing that special access doesn’t undermine U.S. cybersecurity, Litt and Comey’s argument is not sustainable.
Litt and Comey have a noble objective—to keep the U.S. safe from criminals and terrorists—and they want a cybersecure way to reach that goal. Heritage experts considered how we might find such a solution and what it might look like. For example, perhaps a viable solution would involve biometric keys to unlock encryption. Alternatively, maybe large service providers such as Google could, or already, offer special access without compromising security.
All Other Lawful Tools
At this time, such a solution is not clearly available. Until one is, Congress should provide law enforcement with all other lawful tools to detect and combat threats in an increasingly dangerous world.
But for now, special access to encrypted technologies cannot be one of those tools.