encryption advantage - hss 2015

7/25/2019 Encryption Advantage - HSS 2015

1/93

Notes/ExplanationThis is an advantage stem that can be read with the Surveillance State Repeal Act and Secure Data Actafrmatives (and others that we havent worked on yet) !t accesses many o" the other impact areas that

we have developed in other advantage #les This #le contains the internal link stem "or the advantage$ theimpact scenarios are "ound in other advantage #les and the solvency cards "or a particular plan are "oundin that afrmative #le


2/93

1AC Options


3/93

1AC Encryption Advantage Stem

Contention __ is Encryption

First, US government attac!s on encryption leave everyone

v"lnera#le, $eopardi%ing privacy and data sec"rity &'ere is nos"c' t'ing as a (good guys only) #ac!door*octoro+ 1% &ory Doctorow' ournalist and science #ction author' &o*ditor o" Boing Boing'+ellow at the *lectronic +rontier +oundation' "ormer &anadian +ulbright &hair "or ,ublic Diplomacy at the&enter on ,ublic Diplomacy at the -niversity o" Southern &ali"ornia' recipient o" the *lectronic +rontier+oundations ,ioneer Award' ./01 (2&rypto wars redu34 why the +5!6s desire to unlock your private li"emust be resisted'7 The Guardian' 8ctober 9th' Available 8nline athttp4::wwwtheguardiancom:technology:./01:oct:/9:cryptowarsredu3whythe"bisdesiretounlockyourprivateli"emustberesisted' Accessed /;.1./0 the idea has been around sincethe early 099/s' when the ?SA classed all strong cryptography as a 2munition7 and regulated civilian use

o" it to ensure that they had the keys to unlock any technological countermeasures you put around yourdata!n 099 thatcomputers were changing the global realpolitik in an historically unprecedented way &omputationalcrypto made keeping secrets e3ponentially easier than breakingsecrets' meaning that' "or the #rst time in human history' the ability "orpeople without social or political power to keep their private lives trulyprivate "rom governments' police' and corporations was in our graspThe arguments then are the arguments now Bovernments invoke t'eFo"r .orsemen o t'e 0nocalypse (so"tware pirates' organisedcrime' child pornographers' and terrorists) and say that unless theycan decrypt bad guys hard drives and listen in on their conversations'law and order is a dead letter8n the other side' virtually every security and cryptography e3perttries patiently to e3plain that theres no s"c' t'ing as 2a back doorthat only the good guys can walk through7(hat tip to 5ruce Schneier) Designinga computer that bad guys cant break into is impossi#le toreconcile with designing a computer that good guys can break into!" you give the cops a secret key that opens the locks on yourcomputerised storage and on your conversations' then one day ' peoplewho arent cops will get hold o" that key' too The same "orces that led to bent copsselling out the publics personal in"ormation to Blen Culcaire and the tabloid press will cause those copssuccessors to sell out access to the worlds computer systems' too' only the numbers o" people who are
http://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-the-fbis-desire-to-unlock-your-private-life-must-be-resistedhttp://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-the-fbis-desire-to-unlock-your-private-life-must-be-resistedhttp://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-the-fbis-desire-to-unlock-your-private-life-must-be-resistedhttp://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-the-fbis-desire-to-unlock-your-private-life-must-be-resisted


4/93

interested in these keys to the (-nited) ingdom will be much larger' and theyll have more money' andtheyll be able to do more damage

Thatsreally the argument in a nutshell 8h' we can talk about whether thedanger is as grave asthe law en"orcementpeople say it is' point out thatonly a tiny number o" criminal investigations run up againstcryptography' and when they do' these investigations always #nd

another way to proceed e can talk about the "act that a ban in the-Sor - wouldnt stop the 2bad guys7 "rom getting per"ect crypto "romone o" the nations that would be able to pro#t(while -S and - business suEered)by selling these use"ul tools to all comers 5ut thats missing the point4even i" every crook was using crypto with per"ect operational security'the proposal to backdoor everything +o"ld still #e madness5ecause your phone isnt ust a tool "or having the odd conversationwithyour "riends > nor is it merely a tool "or plotting crime > though it does duty in both casesFourphone ' and all the other computers in your li"e'they are your digitalnervo"s system They know everyt'ing about you They havecameras' microphones' location sensors Fou articulate your social

graph to them' telling them about all the people you know and how you know themThey areprivy to every conversation you have They hold your logins andpasswords"or your bank and your solicitors website$ theyre used to chat to your therapist and theST! clinic and your rabbi' priest or imam

That device > tracker' con"essor' memoir and ledger > should bedesigned so that it is as 'ard as possi#le to gain unauthorisedaccess to 5ecause plumbing leaks at the seams' and houses leak at the door"rames' and lielows loseair through their valves Caking something airtight is much easier i" it doesnthave to also allow the air to all leak out under the right circumstancesThere is no s"c' t'ing as a vulnerability in technology that can onlybe used by nice people doing the right thing in accord with the rule o"

law The e3isting 2back doors7 in network switches' mandated under -S lawssuch as &AG*A' have become the go2to +ea!2spot "or cyberwar andindustrial espionage !t was Boogles law"ul interception backdoor that let the &hinesegovernment raid the Bmail account o" dissidents !t was the law"ul interception backdoor in Breecesnational telephone switches that let someone > identity still unknown > listen in on the Breek ,arliamentand prime minister during a sensitive part o" the .//< 8lympic bid (someone did the same thing the ne3tyear in !taly)

The most shocking Snowden revelation wasnt the mass spying(we alreadyknew about that' thanks to whistleblowers like Cark lein' who spilled the beans in .//


5/93

in on every conversation' to spy upon every interaction ?o systemthat can only sustain itsel" by arrogating these powers can possi#ly#e called ($"st)

Second, t'ese government programs are an attac! on

encryption itself &'e damage is done even ifagencies donta#"se #ac!doors3illmor 1% Dan Billmor' Director o" the night &enter "or Digital Cedia *ntrepreneurship at thealter &ronkite School o" Journalism and Cass &ommunication at AriIona State -niversity' +ellow at the5erkman &enter "or !nternet K Society at =arvard -niversity' recipient o" the *lectronic +rontier+oundations ,ioneer Award' ./01 (2Gaw *n"orcement =as Declared ar on *ncryption !t &ant 5reak'7Future Tense%a Slatepublication' 8ctober 0st' Available 8nline athttp4::wwwslatecom:blogs:"utureLtense:./01:0/:/0:lawLen"orcementLhasLdeclaredLwarLonLencryptionLitLcanLtLbreakhtml' Accessed /;.1./0


6/93

security e3pertCatt 5laIe put it this way42&rypto backdoors aredangerous even i you trust the government not to abuse them esimply don6t know how to build them reliably7The hackers o" the world%criminals' "oreign governments' you name it%will be thrilledi" =older' &omey and the noprivacy"oryou backup singers get their

wayThe other' even worse' disconnect is the implicit notion that there is nomeasure we shouldnt take to guarantee our ability to stop and punishcrime The &onstitution' andespecially the 5ill o" Rights' says we do takesome additional risks in order to have liberty hy have we become soparanoid and "ear"ul as a society that wed even entertain the notionthat civil liberties mean ne3t to nothing in the "ace o" our "ear@

50nsert 0mpact 6od"le7s8 and Solvency Card7s89


7/93

1AC :ong (Open :etter) Card

50 reading t'is impact, pl"g2in t'e relevant terminal impactcards9

US government attac!s on encryption decimatecy#ersec"rity, cr"s' tec' ind"stry competitiveness, and"ndermine glo#al 0nternet reedomOpen :etter 1;% An 8pen Getter to ,resident 8bama cosigned by O; civil society organiIations(including the American &ivil Giberties -nion' *lectronic +rontier +oundation' *lectronic ,rivacy !n"ormation&enter' and the +ree So"tware +oundation)' 1P technology companies and trade associations (includingApple' +acebook' Boogle' Cicroso"t' and Fahoo)' and


8/93

issue agrees on this point' incl"ding t'e governments o+nexperts!n addition to undermining cybersecurity' anykind o" vulnerabilitymandate wouldalso serio"sly "ndermine o"r economic sec"rity-S companies are already struggling to maintain international

tr"st in the wake o" revelations aboutthe ?ational Security Agencyssurveillance programs !ntroducing mandatory vulnerabilities intoAmerican products would "urther push many customers %be theydomestic or international'end page 0 individual or institutional%to t"rna+ay "rom those compromised products and services !nstead' they %and manyo" the bad actors whose behavior the government is hoping toimpact%will simply rely on encrypted oEerings "rom oreignproviders' or avail themselves o" the wide range o" "ree and opensource encryption products that are easily available onlineCore than undermining every Americans cybersecurity and thenations economic security' introducing new vulnerabilities to weaken

encrypted products in the -S wouldalso undermine '"man rig'ts andinormation sec"rity around the globe !" American companiesmaintain the ability to unlock their customers data and devices onreQuest' governments ot'er t'an t'e United States will demand t'esame access' and willalso be em#oldened to demand t'e samecapa#ility "rom their native companies The -S government' havingmade the same demands' will have little room to o#$ect The resultwill be an in"ormation environment riddled with vulnerabilities thatcould be e3ploited by even the most repressive or dangerous regimes Thats not a "uture that the American people or the people o" the worlddeserve

The Administration "aces a critical choice4 will it adopt policies that"oster a global digital ecosystem that is more secure' or less@ Thatchoice maywell de#ne the "uture o" the !nternet in the .0st centuryhen "aced with a similar choiceat the end o" the last century' during thesocalled 2&rypto ars7' -S policymakers weighedmany o" the same concernsand argumentsthat have been raised in the current debate' and correctly concludedthat the serious costs o" undermining encryption technologyoutweighed the purported bene#ts Sotoo did the ,residents ReviewBroup on !ntelligence and & ommunications T echnologies' who"nanimo"sly recommendedin their December ./0O report that the -SBovernment should2(0) "lly s"pport and not "ndermine eEorts to

create encryption standards$(.) not in any +ay subvert' undermine'weaken' or make vulnerable generally available commercial so"tware$and(O) increase the use o" encryption and urge -S companies to do so 'in order to better protect data in transit' at rest' in the cloud' and inother storage7e urge the Administration to "ollow the Review Broupsrecommendation and adopt policies that promote rat'er t'an"ndermine the widespread adoption o" strong encryption


9/93

technologies' and by doing so help lead the way to a more secure'prosperous' and rightsrespecting "uture "or America and "or the world


10/93

1AC S'ort (Open :etter) Card

50 reading t'is impact, pl"g2in t'e relevant terminal impactcards9

US government attac!s on encryption '"rt cy#ersec"rity, t'eeconomy, and '"man rig'tsOpen :etter 1;% An 8pen Getter to ,resident 8bama cosigned by O; civil society organiIations(including the American &ivil Giberties -nion' *lectronic +rontier +oundation' *lectronic ,rivacy !n"ormation&enter' and the +ree So"tware +oundation)' 1P technology companies and trade associations (includingApple' +acebook' Boogle' Cicroso"t' and Fahoo)' and


11/93

1AC Civil :i#erties 6od"le

50 reading t'is impact, pl"g2in appropriate terminal impacts privacy, $o"rnalism, #igotry, etc9

Encryption is a fundamental human right


12/93

The war over encryption%most notably the socalled 2crypto wars7 o" the 099/s%saw theAmerican government try to make strong encryption a militarygradeweapon in the eyes o" the law 8pposed chieNy by the *lectronic +rontier+oundation' courts declared computer code to be "ree speech and said thegovernments regulations were unconstitutional

Despite the landmark legal victory' the war over encryption hascontinued to this dayJohn J *scalante' chie" o" detectives "orthe &hicago ,olice Department' hascalled encryption mostly a tool o" pedophiles%a claim thatsdisingenuous and misleading' i" not outright dangerous +or one thing' manycity and "ederal police agents use encryption tools regularly' andencryption stymied a total o" nine police investigations last yearThereare plenty o" ways to investigate crimes involving cryptography thatdont involve banning or curtailing itTheres no denying that these tools have somevery ugly users=owever' "or the "ew billiono" us who want to keep our digital lives

private "rom unwanted eavesdroppers and hackers' being "orce"ullygrouped in with terrorists and pedophiles is a hard insult to stomach*ncryption works to protect you%and everyone else%online Core thanthat' its t'e #est protection you have There are simply no otheroptions that can compare!"' "or some reason' you assume a hack will never happen to you' let me giveyou some perspectiveon the current state o" digital security ./01 is known inin"ormation technology circles as 2the year o" the breach7 because it hasboasted some o" the biggest hacks in history ./0O had a nicknametoo4 The year o" the breach &ome to think o" it' ./0. was called somethingeerily similar4 The year o" the breach

./00@ Fou get the ideaThis is ntmerely one year o" massivesecurity breaches' its an era o"proo"nd digital insec"rity in which sensitive personal data%thein"ormation that can be put together to add up to a startlingly complete picture o" our lives and thoughts%

is under attack by criminals' corporations' and governments whosesophistication' budget' and drive is only growing&onsider the "ollowing' put "orth by *ben Coglen' a law pro"essor at &olumbia -niversity' in ./0/4

2+acebook holds and controls more data about the daily lives and socialinteractions o" hal" a billion people than ./thcentury totalitariangovernments ever managed to collect about the people theysurveilled7The !nternets2architecture hasalso made it possible "or businesses andgovernments to #ll giant data vaults with the ore o" human e3istence%the appetites' interests' longings' hopes' vanities' and histories o"people sur#ng the !nternet' o"ten unaware that every one o" their clicksis being logged' bundled' sorted' and sold to marketers'7 the ?ew Fork Times

ournalist Jim Dwyer wrote in his new book' Core Awesome Than Coney 2Together' theyamount to nothing less than a "ull psyche scan' unobstructed by law orsocial mores7


13/93

hen peoplelike &omey suggest that law en"orcement should have a2back door7 or 2golden key7 that allows cops to easily access allencrypted communication' they are will"ully ignoring the realityshouted to them by the vast maority o" the in"ormation technology industry2Fou cant build a Vback door that only the good guys can walk

through'7 cryptographer 5ruce Schneier wrote recently 2*ncryption protects againstcybercriminals' industrial competitors' the &hinese secret police' andthe +5! Foure either vulnerable to eavesdropping by any o" them' oryoure secure "rom eavesdropping "rom all o" them7hen encryption becomes a campaign issue' thats going to go on the bumper stickers4Fou eitherhave real privacy and security or everyone or or no one2The e3isting Vback doors in network switches' mandated under -S laws such as&AG*A' have become the goto weakspot "or cyberwar and industrialespionage'7 author &ory Doctorow wrote in the Buardian 2!t was Boogles law"ul interceptionbackdoor that let the &hinese government raid the Bmail account o" dissidents !t was the law"ulinterception backdoor in Breeces national telephone switches that let someone%identity still unknown%listen in on the Breek ,arliament and prime minister during a sensitive part o" the .//< 8lympic bid(someone did the same thing the ne3t year in !taly)7

!"' like many Americans' you say you dont mind i" the -S governmentwatches what you do online' take a step back and consider the biggerpictureThe American government is not the only government%nevermindot'er organi%ations%watching and hacking people on the !nternetC'ina' -"ssia' 0ran' 0srael' the U=' and every ot'er nation onlinedecided long ago that cyberspace is a militariIed country All thestates with the necessary resources are doing vast watching andhacking as well*ncryption proved a crucial help to protesters during the Arab Spring !t

helps !ranian liberals push against their oppressive theocracy +romA"rican "ree speech activists to &hinese prodemocracy organiIers toAmerican cops investigating organiIed crime' strong encryption saveslives' aids la+ enorcement(ironic' huh@)' protects careers' and helpsbuild a more ree and verdant +orld Journalists%citiIen and pro"essionalalike%depend on encryption to keep communications and sourcesprivate "rom the people and groups they report on' making itessential to an independent and ree press

The right to privacy' the right to choose what parts o" yoursel" are e3posed to the world' was describedover a century ago by the -S Supreme &ourt and held up as an issue o" prime importance last year by-? human rights chie" ?avi ,illay !ts something we all need to worry about

Gacking good law' privacy is best de"ended by good technology Fou

cannottruly talk about online privacy without talking about encryption Thats why many o" the worlds biggest tech #rmssuch as Boogle' Apple' andFahoo are adding strong encryption tosome o" their most popular products2There is only one way to make the citiIens o" the digital age secure'and that is to give them systems designed to lock out everyone e3cepttheir owners'7 Doctorow wrote 2The police have never had the power tolisten in on every conversation' to spy upon every interaction ?o


14/93

system that can only sustain itsel" by arrogating these powers canpossibly be called Vust7!n the digital age' encryption is o"r only g"arantee o privacyithout it' the ideal o" "ree speech could be lost orever


15/93

1AC Cy#ersec"rity 6od"le

US government attac!s on encryption destroy cy#ersec"rityOpen :etter 1;% An 8pen Getter to ,resident 8bama cosigned by O; civil society organiIations(including the American &ivil Giberties -nion' *lectronic +rontier +oundation' *lectronic ,rivacy !n"ormation

&enter' and the +ree So"tware +oundation)' 1P technology companies and trade associations (includingApple' +acebook' Boogle' Cicroso"t' and Fahoo)' and


16/93

cyberattackearlier in the year!n perhaps the most in"amous cyberattack o"./01' in late ?ovember' Sony,ictures *ntertainment suEered a 2signi#cantsystem disruption7 as a result o" a 2braIen cyber attack7Pthat resultedin the leaking o" the personal details o" thousands o" Sony employees9And in +ebruary o" ./0"ent and more sop'isticated cyber incidents0Tothe e3tent that its e3pected rise outpaces any corresponding rise in theability to de"end against such attacks' the result could be troublingnews "or countless businesses that rely more and more on computersin all aspects o" their operations' as the economic losses resulting "roma single cyberattack can be extremely costly0PAnd the resulting

eEects o" a cyberattack can have eEects beyond a single companysbottom line As 2nations are becoming ever more dependent onin"ormation and in"ormation technology'709the threat posed by any onecyberattackend page . can have 2devastating collateral andcascading eects across a +ide range o p'ysical, economicand social systems7./ith reports that "oreign nations %such asRussia' &hina' !ran' and ?orth orea %may be using cyberspace as ane+ ront to +age +ar'.0"ears abound that a cyberattack could beused to s'"t do+n t'e nations electrical grid'..'i$ac! acommercial airliner'.Oor even la"nc' a n"clear +eapon +it' asingle !eystro!e.1 !n short' the potential e3ists that the -nited States

could suEer a 2cy#er Bearl .ar#or'7 an attack that would 2 causep'ysical destr"ction and loss o lie7.


17/93

http4::wwwcsmonitorcom:-SA:./01:000/:+edshacked!scybersecurityabiggerthreatthanterrorismvideo' Accessed //;./0


18/93

cybersecurity Today' strong encryption is an essential ingredient inthe overall security o" the modern network' and adopting technologies like =TT,S isincreasingly considered an industry bestpractice among maor technology companies0 *ven thereport o" the ,residents Review Broup on !ntelligence and&ommunications Technologies' the panel o" e3perts appointed by

,resident 5arack 8bama to reviewthe ?SAs surveillance activitiesa"ter the ./0OSnowden leaks' was "ne>"ivocal in its emphasis on the importance o"strong encryption to protect data in transit and at rest The ReviewBroup wrote that4

*ncryption is an essential basis "or trust on the !nternet$ withoutsuch trust' valuable communications +o"ld not #e possi#le+or the entire system to work' encryption so"tware itsel must betrustworthy -sers o" encryption must becon#dent' andusti#ablycon#dent' that only those people they designate can decrypttheir dataX !ndeed' in light o" the massive increase in cybercrimeand intellectual property the"t online' the use o" encryption

should be greatly e3panded to protect not only data in transit'but also data at rest on networks' in storage' and in the cloud0P

The report"urther recommended that the -S government should4,romote security by(0) "lly s"pporting and not"ndermining eEorts to create encryption standards$(.) makingclear that it will not in any way subvert' undermine' weaken' ormake vulnerable generally available commercial encryption$ and(O) supporting eEorts to encourage the greater use o" encryptiontechnology "or data in transit' at rest' in the cloud' and instorage09


19/93

1AC &ec' Competitiveness 6od"le

US government attac!s on encryption destroy tec' ind"strycompetitivenessOpen :etter 1;% An 8pen Getter to ,resident 8bama cosigned by O; civil society organiIations(including the American &ivil Giberties -nion' *lectronic +rontier +oundation' *lectronic ,rivacy !n"ormation&enter' and the +ree So"tware +oundation)' 1P technology companies and trade associations (includingApple' +acebook' Boogle' Cicroso"t' and Fahoo)' and


20/93

economic interests with national security interestsThe cost o" inactionis not only shortterm economic losses "or -S companies' but a waveo" protectionist policies that will systematically +ea!en -Stech nology competiveness in years to come ' with impacts oneconomic gro+t''$o#s' trade #alance' and national sec"rity

through a +ea!ened ind"strial #ase 8nly by taking decisive stepsto re"orm its digital surveillance activities will the -S governmentenable its tech industry to eectively compete in the global market


21/93

1AC 0nternet Freedom 6od"le

US government attac!s "ndermine glo#al 0nternet reedom&'e plan is !ey to #olster US credi#ilityOpen :etter 1;% An 8pen Getter to ,resident 8bama cosigned by O; civil society organiIations(including the American &ivil Giberties -nion' *lectronic +rontier +oundation' *lectronic ,rivacy !n"ormation&enter' and the +ree So"tware +oundation)' 1P technology companies and trade associations (includingApple' +acebook' Boogle' Cicroso"t' and Fahoo)' and


22/93

unlock when the C'inese government comes knocking "or bad ones Abackdoor mandate' by contrast' ma!es lie easy or oppressiveregimes by guaranteeing that consumer devices are exploita#le #ydea"lt%presenting -S companies with a presence in those countries with a horri#c choice betweenenabling repression and endangering their "oreign employees


23/93

Case ac!lines


24/93

&'ey Say (Freedom Act Solves)

&'e Freedom Act +asnt eno"g'Castro and 6cD"inn 1;% Daniel &astro' Yice ,resident o" the !n"ormation Technology and!nnovation +oundation%a nonpro#t' nonpartisan technology think tank' "ormer !T Analyst at the

Bovernment Accountability 8fce' holds an CS in !n"ormation Security Technology and Canagement "rom&arnegie Cellon -niversity and a 5S in +oreign Service "rom Beorgetown -niversity' and Alan CcZuinn'Research Assistant with the !n"ormation Technology and !nnovation +oundation' holds a 5S in ,olitical&ommunications and ,ublic Relations "rom the -niversity o" Te3asAustin' ./0< (25eyond the -SA +reedomAct4 =ow -S Surveillance Still Subverts -S &ompetitiveness'7 Report by the !n"ormation Technology K!nnovation +oundation' June' Available 8nline at http4::www.iti"org:./0


25/93

&'ey Say (Companies Solve)

Government actionis needed companies cant do it alone=e'l et al 1% Danielle ehl' Senior ,olicy Analyst at the 8pen Technology !nstitute at the ?ewAmerica +oundation' holds a 5A in =istory "rom Fale -niversity' with evin 5ankston' ,olicy Director at the

8pen Technology !nstitute at the ?ew America +oundation' "ormer Senior &ounsel and Director o" the +ree*3pression ,roect at the &enter "or Democracy K Technology' "ormer Senior StaE Attorney at the*lectronic +rontier +oundation' "ormer Justice illiam 5rennan +irst Amendment +ellow at the American&ivil Giberties -nion' holds a JD "rom the -niversity o" Southern &ali"ornia Gaw School' Robyn Breene',olicy &ounsel specialiIing in surveillance and cybersecurity at the 8pen Technology !nstitute at the ?ewAmerica +oundation' holds a JD "rom =o"stra -niversity School o" Gaw' and Robert Corgus' ,rogramAssociate with the &ybersecurity !nitiative and !nternational Security ,rogram at the ?ew America+oundation' ./01 (2Surveillance &osts4 The ?SAs !mpact on the *conomy' !nternet +reedom K&ybersecurity'7 Report by the 8pen Technology !nstitute o" the ?ew America +oundation' July' Available8nline at https4::staticnewamericaorg:attachments:0P1surveillancecoststhensasimpactontheeconomyinternet"reedomandcybersecurity:SurveilanceL&ostsL+inalpd"' Accessed //


26/93

&'ey Say (Alt Ca"ses &o Cy#ersec"rity)

Encryption is vital to every aspecto 0nternet sec"ritySc'neier 1;% 5ruce Schneier' &hie" Technology 8fcer "or &ounterpane !nternet Security' +ellowat the 5erkman &enter "or !nternet and Society at =arvard Gaw School' ,rogram +ellow at the ?ew America

+oundation6s 8pen Technology !nstitute' 5oard Cember o" the *lectronic +rontier +oundation' Advisory5oard Cember o" the *lectronic ,rivacy !n"ormation &enter' interviewed by Rob ,rice' ./0< (25ruceSchneier4 David &ameron6s proposed encryption ban would 6destroy the internet6'7 Business Insider' July;th' Available 8nline athttp4::wwwbusinessinsidercom:bruceschneierdavidcameronproposedencryptionbandestroytheinternet./0


27/93

services' which tend to use similar technologies and are more likely to have the resources to manage

vulnerabilities that may arise "rom new "eatures +eatures to permit law en"orcemente3ceptional access across a wide range o" !nternet and mobilecomputing applications could be particularly problematic because theirtypical use would be surreptitious % making security testing difcultand less eEective

Third' e3ceptional access would create concentrated targets thatcould attract bad actors Security credentials that unlock the datawould have to be retained by the plat"orm provider' law en"orcementagencies' or some other trusted third party !" law en"orcements keysguaranteed access to everything' an attacker who gained access tothese keys would enoy t'e same privilege Coreover' law en"orcementsstated need "or rapid access to data would make it impractical to storekeys o\ine or split keys among multiple keyholders' as security engineers wouldnormally do with e3tremely highvalue credentials Recent attacks onthe -nited StatesBovernment 8fce o" ,ersonnel Canagement (8,C) show how much harm can arisewhen many organiIations rely on a single institution that itsel" hassecurity vulnerabilities !n the case o" 8,C' numerous "ederal agencieslost sensitive data because 8,C had insecure in"rastructure !" serviceproviders implement e3ceptionalend page . access reQuirementsincorrectly' the security o" all o t'eir "sers will be at risk


28/93

&'ey Say (Alt Ca"ses &o &ec' 0nd"stry)

&'e plan restores tr"st in US companies #y pro'i#itingattac!s on encryption=e'l et al 1% Danielle ehl' Senior ,olicy Analyst at the 8pen Technology !nstitute at the ?ewAmerica +oundation' holds a 5A in =istory "rom Fale -niversity' with evin 5ankston' ,olicy Director at the8pen Technology !nstitute at the ?ew America +oundation' "ormer Senior &ounsel and Director o" the +ree*3pression ,roect at the &enter "or Democracy K Technology' "ormer Senior StaE Attorney at the*lectronic +rontier +oundation' "ormer Justice illiam 5rennan +irst Amendment +ellow at the American&ivil Giberties -nion' holds a JD "rom the -niversity o" Southern &ali"ornia Gaw School' Robyn Breene',olicy &ounsel specialiIing in surveillance and cybersecurity at the 8pen Technology !nstitute at the ?ewAmerica +oundation' holds a JD "rom =o"stra -niversity School o" Gaw' and Robert Corgus' ,rogramAssociate with the &ybersecurity !nitiative and !nternational Security ,rogram at the ?ew America+oundation' ./01 (2Surveillance &osts4 The ?SAs !mpact on the *conomy' !nternet +reedom K&ybersecurity'7 Report by the 8pen Technology !nstitute o" the ?ew America +oundation' July' Available8nline at https4::staticnewamericaorg:attachments:0P1surveillancecoststhensasimpactontheeconomyinternet"reedomandcybersecurity:SurveilanceL&ostsL+inalpd"' Accessed //


29/93

backdoor to circumvent the encryption or privacy protections o" itsproducts' unless there is statutory authority to make such a mandate or reQuest7O;0 Although thatmeasure was not adopted as part o" the ?DAA' a similar amendment sponsored by Go"gren along withRepresentatives Jim Sensenbrenner (D!) and Thomas Cassie (RF)' did make it into the =ouseapprovedversion o" the ?DAA%with the support o" !nternet companies and privacy organiIationsO;.%passing on anoverwhelming vote o" .9O to 0.OO;O Gike Representative Braysons amendment on ?SAs consultationswith ?!ST around encryption' it remains to be seen whether this amendment will end up in the #nal

appropriations bill that the ,resident signs ?onetheless' these legislative eEorts areaheartening sign and are consistent with recommendations "rom the ,residentsReview Broup that the -S government should not attempt todeliberately weaken the security o" commercial encryption productsSuch mandated vulnerabilities ' whether reQuired under statute or bycourt order or inserted simply by reQuest' unduly threaten innovationin secure !nternet technologies while introducing security Naws thatmay be e3ploited by a variety o" bad actors A clear policy againstsuch vulnerability mandates is necessary to restore internationaltr"st in US companies and tec'nologies

&'e plan restores con4dence in t'e US tec' ind"strySensen#renner et al 1;% Jim Sensenbrenner' Cember o" the -nited States =ouse o"Representatives (R!)' with Thomas Cassie' Cember o" the -nited States =ouse o" Representatives (RF)' and ]oe Go"gren' Cember o" the -nited States =ouse o" Representatives (D&A)' ./0"estions' and would "ndo progress on sec"rity at a time

when !nternet vulnerabilities are causing extreme economic 'armAs comp"ter scientists +it' extensive sec"rity and systemsexperience' we believe that law en"orcement has "ailed to account "orthe risks in'erent in e3ceptional access systems 5ased on ourconsidera#le expertise in real2+orld applications' we know thatsuch risks l"r! in t'e tec'nical details !n this report we e3amine whether it istechnically and operationally "easible to meet law en"orcements call "or e3ceptional access withoutcausing largescale security vulnerabilities e take no issue here with law en"orcements desire to e3ecute

law"ul surveillance orders when they meet the reQuirements o" human rights and the rule o" law 8urstrong recommendation is that anyone proposing regulations should#rstpresent concrete technical reQuirements' which industry' academics'and the public can analyIe "or technical weaknesses and "or hidden

costs

Even t'e Bresidents -evie+ 3ro"p votes aOpen :etter 1;% An 8pen Getter to ,resident 8bama cosigned by O; civil society organiIations(including the American &ivil Giberties -nion' *lectronic +rontier +oundation' *lectronic ,rivacy !n"ormation&enter' and the +ree So"tware +oundation)' 1P technology companies and trade associations (includingApple' +acebook' Boogle' Cicroso"t' and Fahoo)' and


48/93

technologies' and by doing so help lead the way to a more secure'prosperous' and rightsrespecting "uture "or America and "or the world


49/93

&'ey Say (-esearc' Still 3ood)

&'e de#ate 'as already #een decided On o"r side is everyexpert On t'eir side is wishful thinking 6ore researc' ispointless6c:a"g'lin 1;% Jenna CcGaughlin' Reporter and 5logger covering surveillance and nationalsecurity "or The Interce,t' "ormer national security and "oreign policy reporter and editorial "ellow atMother (ones' ./0< (2+5! Director Says Scientists Are rong' ,itches !maginary Solution to *ncryptionDilemma'7 The Interce,t' July Pth' Available 8nline at https4::#rstlookorg:theintercept:./0


50/93

&'is arg is somet'ing anti2vaxxers +o"ld say (Researchingthe impossible is good) is not a net2#ene4t


51/93

causes crime6 deserves no more consideration than vaccinationsca"se diseaseMThe debate on encryption that &omey wanted has come and gone >and he lost =e "ailed at the #rst hurdle !t6s time to let it go

Everyproposal +ill get s'ot do+n -esearc'ing t'em is astalling tactic3eller 1;% *ric Beller' Deputy Corning *ditor at The Daily Dot%the 2hometown newspaper o" the!nternet'7 ./0< (2The rise o" the new &rypto ar'7 The Daily Dot' July 0/th' Available 8nline athttp4::wwwdailydotcom:politics:encryptioncryptowaramescomey"biprivacy:'Accessed /././0


52/93

&'ey Say (Crime/&error Net2ene4t)

ac!doors necessarilyma!e systems insec"re and increase t'eris! o crimeSanc'e% 1% Julian SancheI' Senior +ellow specialiIing in technology' privacy' and civil liberties atthe &ato !nstitute' "ormer ashington *ditor "orArs Technica' holds a 5A in ,hilosophy and ,oliticalScience "rom ?ew Fork -niversity' ./01 (28ld Technopanic in ?ew i5ottles'7 Cato at Liberty%a &ato!nstitute blog' September .Ord' Available 8nline athttp4::wwwcatoorg:blog:oldtechnopanicnewibottles'Accessed /;.9./0


53/93

!t6s telling that his remarks echo so closely the arguments o" that era &ompare them' "or e3ample' withthis comment "rom "ormer +5! Director Gouis +reeh in Cay o" 099


54/93

ump the airgaps to get the keying material together in one placethats probably also an airgapped "acility7Daniel eitIner arguedthat there was simply no way to reconcile abackdoors dual reQuirements o" security and accessibility !" youphysically disperse keys across the country to make them easier "or

law en"orcement to reach' you add more venues "or e3ploitation' he said!" you put one hardware security module in the +5!s heavily guardedashington headQuarters' you prevent disparate lawen"orcementgroups "rom Quickly accessing it to launch realtime monitoringoperations2!m not even sure were good atdoing that' keeping keys like thattechnically secure'7 Breen said 2!m not sure we have any 'ard+are thatsever been put to that test7 =all [ Joseph =all' chie" technologist at the &enter "or Democracy K Technology$ eitIner [ DanieleitIner' lecturer in the computer science department at the Cassachusetts !nstitute o" Technology$ Breen[ Catthew Breen' assistant research pro"essor at the Johns =opkins !n"ormation Security !nstitute


55/93

&errorism/Crime *A


56/93

&'ey Say (Statistics/Anecdotes)

Empirically, strong encryption doesntoil la+ enorcement&'eir evidence is #aseless earmongeringSc'neier 1% 5ruce Schneier' &hie" Technology 8fcer "or &ounterpane !nternet Security' +ellowat the 5erkman &enter "or !nternet and Society at =arvard Gaw School' ,rogram +ellow at the ?ew America+oundation6s 8pen Technology !nstitute' 5oard Cember o" the *lectronic +rontier +oundation' Advisory5oard Cember o" the *lectronic ,rivacy !n"ormation &enter' ./01 (2Stop the hysteria over Appleencryption'7 C--' 8ctober O0st' Available 8nline at http4::wwwcnncom:./01:0/:/O:opinion:schneierappleencryptionhysteria:inde3html' Accessed /;.9./0and the investigations proceeded in some ot'er +ayThis is why the +5!6s scare stories tend to +it'er a"ter public scrutinyA "ormer +5! assistant director wrote about a kidnapped man whowould never have been "ound without the ability o" the +5! to decryptan i,hone' only to retract the point hours later #eca"se it +asnttr"e


57/93

e6ve seen this game be"ore During the crypto warso" the 099/s' +5!DirectorGouis +reeh and others would repeatedly use the e3ample o"mobster John Botti to illustrate why the ability to tap telephones was sovital 5ut the Botti evidence was collected using a room bug' not atelephone tap And those same scary criminal tropes were trotted out

then' too 5ack then we called them the +our =orsemen o" the!n"ocalypse4 pedophiles' kidnappers' drug dealers' and terroristsNot'ing 'as c'anged

Ocial statisticsdisprove t'e lin!Francesc'i2icc'ierai 1;% GorenIo +ranceschi5icchierai' StaE riter covering hacking'in"ormation security' and digital rights at .IC+ Motherboard' "ormer writer at Mashableand Danger /oo!%the iredblog' holds an CS in Journalism "rom &olumbia -niversity' ./0< (2Data Shows Gittle *vidence"or +5!6s &oncerns About &riminals 6Boing Dark6'7 Motherboard' July 0st' Available 8nline athttp4::motherboardvicecom:read:datashowslittleevidence"or"bisconcernsaboutcriminalsgoingdark 'Accessed /././0


58/93

technology #rms on surveillance matters' and Jonathan Cayer' a computer scientist and lawyer at Stan"ord-niversity

2The report is suggestive' but hardly conclusive'7 Cayer told Cotherboard 2Cuch more telling' inmy view' is that law en"orcement and intelligence ofcials remain "na#leto provide episodes where encryption "rustrated an investigation7So "ar' the +5! has yet to put "orth a valid example where encryption

really thwarted an investigation !n "act' some o" the e3amples cited by&omey have been de#"n!ed in media reports2This crypto debate continues to be a red herring because we really are unin"ormed about the "acts thatthe +5! contends supports their position'7 Bidari said

The iretap Report contains other interesting in"ormation that shed a light on government surveillancepractices 8ut o" the more than O'


59/93

decade *ncryption can stop or mitigate the damage "rom crimes likeidentity the"t and "raud targeted at smartphone users0P0


60/93

&'ey Say (3oing *ar!)

No (going dark) lin! it is $"st rhetoric=erry 1% &ameron + erry' Distinguished +ellow in Bovernance Studies at the &enter "or

Technology !nnovation at the 5rookings !nstitution' "ormer Yisiting Scholar with the C!T Cedia Gab' "ormer

Beneral &ounsel and Acting Secretary o" the -nited States Department o" &ommerce' holds a JD "rom5oston &ollege Gaw School' ./01 (2The Gaw ?eeds To eep -p ith Technology 5ut ?ot At The *3pense 8"&ivil Giberties'7 Forbes' ?ovember ;th' Available 8nline athttp4::www"orbescom:sites:realspin:./01:00:/;:thelawneedstokeepupwithtechnologybutnotatthee3penseo"civilliberties:.:'Accessed // the theory that people place

higher value on goods they own versus comparable goods they do notown Applied to surveillance' the idea is that agencies "eel the loss o"one techniQue more than they "eel an eQualsiIed gain "rom othertechniQues hether based on the language o" behavioral economicsor simplyon common sense' we are "amiliar with the human tendencyto 2pocket our gains7 > assume we deserve the good things that comeour way' but complain about the bad things' even i" the good thingsare more important
http://www.forbes.com/sites/realspin/2014/11/06/the-law-needs-to-keep-up-with-technology-but-not-at-the-expense-of-civil-liberties/2/http://www.forbes.com/sites/realspin/2014/11/06/the-law-needs-to-keep-up-with-technology-but-not-at-the-expense-of-civil-liberties/2/http://www.forbes.com/sites/realspin/2014/11/06/the-law-needs-to-keep-up-with-technology-but-not-at-the-expense-of-civil-liberties/2/https://cdt.org/blog/%E2%80%98going-dark%E2%80%99-versus-a-%E2%80%98golden-age-for-surveillance%E2%80%99/https://cdt.org/blog/%E2%80%98going-dark%E2%80%99-versus-a-%E2%80%98golden-age-for-surveillance%E2%80%99/https://cdt.org/blog/%E2%80%98going-dark%E2%80%99-versus-a-%E2%80%98golden-age-for-surveillance%E2%80%99/http://www.forbes.com/sites/realspin/2014/11/06/the-law-needs-to-keep-up-with-technology-but-not-at-the-expense-of-civil-liberties/2/http://www.forbes.com/sites/realspin/2014/11/06/the-law-needs-to-keep-up-with-technology-but-not-at-the-expense-of-civil-liberties/2/https://cdt.org/blog/%E2%80%98going-dark%E2%80%99-versus-a-%E2%80%98golden-age-for-surveillance%E2%80%99/https://cdt.org/blog/%E2%80%98going-dark%E2%80%99-versus-a-%E2%80%98golden-age-for-surveillance%E2%80%99/


61/93

A simple test can helpthe reader decide between the 2going dark7 and2golden age o" surveillance7 hypotheses Suppose the agencies had achoice o" a 099/era package or a ./00era package The #rst packagewould include the wiretap authorities as they e3isted preencryption'but would lack the new techniQues "or location tracking' con"ederate

identi#cation' access to multiple databases' and data mining Thesecond package would match current capabilities4 some encryptionrelated obstacles' but increased use o" wiretaps ' as well as thecapabilities "or location tracking' con"ederate tracking and datamining The second package is clearly superior > the new surveillancetools assist a vast range o" investigations' whereas wiretaps apply onlyto a small subset o" key investigations The new tools are used "armore "reQuently and provide granular data to assist investigators&onclusion

This post casts new light on government agency claims that we are 2going dark7 Due to changingtechnology' there are indeed speci#c ways that law en"orcement andnational security agencies lose speci#c previous capabilities Thesespeci#c losses ' however' are more t'an oset by massive gains ,ublic debates should recogniIe that we are truly in a golden age o"surveillance 5y understanding that' we can re$ect calls or #adencryption policy Core generally' we should critically assess a wide rangeo" proposals' and build a more sec"re computing and communicationsin"rastructure

Encryption +ont ma!e la+ enorcement (go dar!)


62/93

trove o" data "or police even i" that trove does not include backdooraccess to physical devices The ordinary' unsophisticated criminal may be more able toprotect locally stored #les than he was a decade ago' but in a thousand other ways' he can e3pect to be"ar more minutely tracked in both his online and o\ine activities An encrypted te3t messaging systemmay be worse "rom the perspective o" police than an unencrypted one' but it is it really any worse than asystem o" pay phones that allow criminals to communicate without leaving any record "or police to si"t

through a"ter the "act@ Ceanwhile activities that would once have le"t nopermanent trace by de"ault%"rom looking up in"ormation to movingaround in the physical world to making a purchase%now leave a trail o"digital breadcrumbs that would have sounded like a utopian "antasy toan +5! agent in the 09;/s Gaw en"orcement may moan that they are2going dark7 when some particular innovation makes their obs moredifcult(while improving the security o" lawabiding peoples private data)' but when weconsider the bigger picture' it is"ar easier to agree withthe e3perts whohave dubbed our era t'e 3olden Age o S"rveillance Fear a"ter year'technology opens a thousand new windows to our government monitors !" we aim to preserve an2eQuilibrium7 between government power and citiIen privacy' we should accept that it will occasionallyclose one as well

Encryption wont$eopardi%e la+ enorcementSc'neier 1% 5ruce Schneier' &hie" Technology 8fcer "or &ounterpane !nternet Security' +ellowat the 5erkman &enter "or !nternet and Society at =arvard Gaw School' ,rogram +ellow at the ?ew America+oundation6s 8pen Technology !nstitute' 5oard Cember o" the *lectronic +rontier +oundation' Advisory5oard Cember o" the *lectronic ,rivacy !n"ormation &enter' ./01 (2Stop the hysteria over Appleencryption'7 C--' 8ctober O0st' Available 8nline at http4::wwwcnncom:./01:0/:/O:opinion:schneierappleencryptionhysteria:inde3html' Accessed /;.9./0


63/93

&'ey Say (A#ove &'e :a+)

No (above the law) lin! #ad arg"ment6asnic! 1% Cike Casnick' +ounder and &hie" *3ecutive 8fcer o" +loor;1%a so"tware company'+ounder and *ditor o" Techdirt' ./01 (2+5! Director Angry At =omebuilders +or ,utting -p alls That =ide

Any &rimes Therein'7 Techdirt' September .;th' Available 8nline athttps4::wwwtechdirtcom:articles:./01/9.


64/93

&'ey Say (Only For Criminals)

Not (only or criminals) ridic"lo"s arg"ment6asnic! 1% Cike Casnick' +ounder and &hie" *3ecutive 8fcer o" +loor;1%a so"tware company'+ounder and *ditor o" Techdirt' ./01 (2+5! Director Angry At =omebuilders +or ,utting -p alls That =ide

Any &rimes Therein'7 Techdirt' September .;th' Available 8nline athttps4::wwwtechdirtcom:articles:./01/9.


65/93

&'ey Say (.elps &errorists)

Encryption doesntoster terrorismSc'neier 1;% 5ruce Schneier' &hie" Technology 8fcer "or &ounterpane !nternet Security' +ellowat the 5erkman &enter "or !nternet and Society at =arvard Gaw School' ,rogram +ellow at the ?ew America

+oundation6s 8pen Technology !nstitute' 5oard Cember o" the *lectronic +rontier +oundation' Advisory5oard Cember o" the *lectronic ,rivacy !n"ormation &enter' interviewed by Rob ,rice' ./0< (25ruceSchneier4 David &ameron6s proposed encryption ban would 6destroy the internet6'7 Business Insider' July;th' Available 8nline athttp4::wwwbusinessinsidercom:bruceschneierdavidcameronproposedencryptionbandestroytheinternet./0


66/93

Thegeneral ideacoming "rom these camps is that terrorists use encryption tocommunicate Thus' i" there are backdoors'then law en"orcement caneavesdrop on those communications Geaving aside the massivev"lnera#ilities that would be introduced on everyone else' its clearthat the terrorists could very easily modiy t'eir comm"nications to

evade those types o" encryption or set up alternative communicationmethods e would be creating holes in the protection used "or trillionso" transactions' all or na"g't&itiIens o" a city do not give the police the keys to their houses e donot register our bank account passwords with the +5! e do notknowingly or speci#cally allow law en"orcement to listen and record ourphone calls and !nternet communications(though that hasnt seemed to matter) eshould de#nitely not crac! t'e o"ndation o sec"re 0nternetcomm"nications with a backdoor that will only be e3ploited bycriminals or the very terrorists that were supposedly trying to thwartRemember' i" the government can lose an enormous cache o"

e3traordinarily sensitive' deeply personal in"ormation on millions o" itsown employees' one can only wonder what horrors would be visitedupon us i" it somehow succeeded in destroying encryption as well


67/93

&'ey Say (.elps 0S0S)

$o, encryption isnt needed to stop 0S0S "t it isvital to UScy#ersec"rity:anda" 1;% Susan Gandau' ,ro"essor o" &ybersecurity ,olicy in the Department o" Social Scienceand ,olicy Studies at orcester ,olytechnic !nstitute' serves on the &omputer Science Telecommunications5oard o" the ?ational Research &ouncil' "ormer Senior StaE ,rivacy Analyst at Boogle' "ormer Distinguished*ngineer at Sun Cicrosystems' "ormer "aculty member at the -niversity o" Cassachusetts at Amherst andat esleyan -niversity' has held visiting positions at =arvard' &ornell' Fale' and the Cathematical SciencesResearch !nstitute' holds a ,hD in Cathematics "rom the Cassachusetts !nstitute o" Technology' ./0 not the criminal in Question$ not theinvestigators who are seemingly unable to e3plore other options > be held liable "or the

criminal6s actions ittes poses a rhetorical Question > one that assumes most o" America wantswhat &omey wantsCight a victim o" an !S!S attack domestically committed by someone who communicated andplotted using communications architecture speci#cally designed to be immune' and speci#callymarketed as immune' "rom law en"orcement surveillance have a claim against the provider whooEered that service even a"ter the director o" the +5! began speci#cally warning that !S!S wasusing such in"rastructure to plan attacks@ To the e3tent such companies have no liability in suchcircumstances' is that the distribution o" risk that we as a society want@

=olding companies responsible "or the actions o" criminals iscompletely stupid ,roviding encryption to all shouldn6t put companiesat risk o" civil suits The encryption isn6t being provided solely "or useby bad guys !t makes no more sense than holding +ed*3 responsible"or shipments o" counter"eit drugs And yet' we6ve seen our government do e3actly that'in essence reQuiring every aEected private company to act as deputiIed law en"orcement entities' despite

there being no logical reason to put them in this position ittes "eels the best solutionsinvolve the government "orcing companies to bend to its will' andprovide compromised encryption under duressThe #nal solution proposed by ittes isto let everything go to hell and assume thepolitical landscape > along with tech companies6 MsympathiesM > will shi"t accordingly This would be theMlet6s hope "or the tragic death o" a childM plan4

e have an endtoend encryption issue' in signi#cant part' because companies are trying toassure customers worldwide that they have their backs privacywise and are not simply tools o"?SA ! think those politics are likely to change !" &omey is right and we start seeing law


74/93

en"orcement and intelligence agencies blind in investigating and preventing horrible crimes andsigni#cant threats' the pressure on the companies is going to shi"t And it may shi"t "ast and hardhereas the companies now "eel intense pressure to assure customers that their data is sa"e"rom ?SA' the kidnapped kid with the encrypted i,hone is going to generate a very diEerent sorto" political response !n e3traordinary circumstances' e3traordinary access may well seemreasonable

!" this does happen' ittes6 assumption will likely be correct ,oliticians have never been shy aboutcapitaliIing on tragedies to nudge the government power needle This will be no diEerent 8ne wonders

why no one has come "orward with a signi#cantly compelling tragedy by this point' considering the wealtho" encryption options currently on the market A logical person would assume this lack o" compellinganecdotal evidence would suggest encryption really hasn6t posed a problem yet especially consideringthe highlymotivated sales pitches that have been oEered nonstop since Boogle and Apple6s

announcement o" their encryptionbyde"ault plansThe MproblemM &omey and others sodesperately wish to MsolveM remains almost entirely theoretical at thispoint5ut the +5! and others aren6t going to wait until the ne3t tragedy Theywant the path o" least resistance now The solutions proposed byittes are e3actly the sort o" thing they6d be interested in4 e3pandedgovernment power and increased private sector liabilityThis is why&omey has no solution to oEer &'ere is none There is only the

option o" making companies do what he wants' but he6s too wary o"public backlash to actually say these things out loud ittes has savedhim the trouble and proven himsel" no more tr"st+ort'y than thosewho want easy access' no matter the negative implications orunintended conseQuences o" these actions


75/93

=e goes on to attempt an analogy4&onsider the comparable argument in physical space4 the creation o" a city in which authoritiesare entirely dependent on citiIen reporting o" bad conduct but have no direct visibility onto whathappens on the streets and no ability to conduct search warrants (even with court orders) or topatrol parks or street corners ould you want to live in that city@ The idea that ungovernedspaces really suck is not controversial when you6re talking about Femen or Somalia ! see nothingmore attractive about the creation o" a worldwide architecture in which it is technically impossibleto intercept and read !S!S communications with "ollowers or to "ollow child predators into

chatrooms where they go a"ter kids*ven at this conceptual level' be"ore even considering whether a governmentonly backdoor is possible and costeEective'it seems to me that ittessanalysis is a+edThe problem lies in the limits o" his analogy!n an ungoverned territory like Somalia' bad actors can take violentphysical actions with impunity%say' seiIing a cargo ship' killing the captain' and takinghostages !" authorities were similarly helpless on Americas streets%i" gangscould rob or murder pedestrians as they pleased' and police couldnt see or do a thing%that would'indeed' be dystopian 5ut when communications are encrypted' the2ungoverned territory7 does not encompass actions'violent or otherwise'ust

t'o"g'ts and t'eir expressionNo 'arm is done +it'in t'e encrypted space

To be sure' plots planned inside that space can do terrible damage in thereal world%but so can plots hatched by gang members on publicstreets whispering into one anothers ears' or Tony Soprano out on hisboat' having swept it "or +5! bugs


76/93

To be clear' ! dont mean to assert that 2backdoor7 access to digital communications is ust like eQuivalent

access to our brains 5ut say that endtoend encryption is the norm going"orward Do readers thinkthat America would be more like Somalia@ 8rmore like todays America' only with greater privacy "or thoughts'papers' and personal eEects that enables both signi#cant goods andharms@As in contemporary America%and unlike in Somalia%terrorists' childpornographers' and other serious criminals would have to operateoutside 2ungoverned spaces7 to harm any innocents The threats theypose can be ade>"ately addressed t'ere


77/93

&'ey Say (Cyr"s Hance)

Hance is +rongOConnor 1% ?uala 8&onnor' ,resident and &hie" *3ecutive o" the &enter "or Democracy K

Technology' "ormer Blobal ,rivacy Geader at Beneral *lectric' "ormer Yice ,resident o" &ompliance K

&onsumer Trust and Associate Beneral &ounsel "or Data K ,rivacy ,rotection at AmaIoncom' "ormerDeputy Director o" the 8fce o" ,olicy K Strategic ,lanning' &hie" ,rivacy 8fcer' and &hie" &ounsel "or

Technology at the -nited States Department o" &ommerce' "ormer &hie" ,rivacy 8fcer at the Departmento" =omeland Security' holds a JD "rom Beorgetown -niversity Gaw &enter' ./01 (2Apple and Boogle arehelping to protect our privacy'7 Getter To The *ditor % ashington )ost' 8ctober .nd' Available 8nline athttp4::wwwwashingtonpostcom:opinions:appleandgooglearehelpingtoprotectourprivacy:./01:0/:/.:eaO


78/93

&'ey Say (-onald .os!o)

.os!o is +rong:ee 1% Timothy 5 Gee' Senior *ditor covering technology at .o0' previously covered technologypolicy "or the ashington )ostandArs Technica' "ormer Adunct Scholar at the &ato !nstitute' holds a

Casters in &omputer Science "rom ,rinceton -niversity' ./01 (2The government says i,hone encryptionhelps criminals They6re wrong'7 .o0' September .9th' Available 8nline athttps4::wwwvo3com:./01:9:.9:;P


79/93

&'ey Say (Stanley Crovit%)

Crovit% is totally +rong6asnic! 1% Cike Casnick' +ounder and &hie" *3ecutive 8fcer o" +loor;1%a so"tware company'+ounder and *ditor o" Techdirt' ./01 (2Ridiculously Cisin"ormed 8pinion ,iece !n SJ Asks Apple And

Boogle To Cake *veryone Gess Sa"e'7 Techdirt' ?ovember .1th' Available 8nline athttps4::wwwtechdirtcom:articles:./0100.1://00O.9.O.:ridiculouslymisin"ormedopinionpiecewsasksapplegoogletomakeeveryonelesssa"eshtml' Accessed /././0 such as the time he insisted the internet was invented by companieswithout government support (yes' he really argued that) &rovitI hasalso been strongly prosurveillance state"or years =e6s attacked ikileaks and &helsea Canning by blatantly takingQuotes out o" conte3t' and then last year' writing a column aboutthe Snowdenleaks thatshowed he doesn6t understand even t'e #asic acts &rovitI tends tosee the world the way he wants to see it' rather than the way it really

is=is latest is no e3ception' repeatinga bunch o" bogus or debunked claimsto argue that the tech industry shouldhappily insert back doors intotechnology to aidin surveillance =e kicks it oE by both repeating the"alse claim concerninghow Msubway bomberM ?aibullah ]aIiwas caught' but alsototally misunderstanding the diEerence between encrypting data on adevice and encrypting data in transit4

!ts a good thing ?aibullah ]aIi didnt have access to a modern i,hone or Android device a "ewyears ago when he plotted to blow up ?ew Fork &ity subway stations =e was caught because hisemail was tapped by intelligence agencies%a practice that Silicon Yalley #rms recently decidedthe -S government is no longer permittedApple ' Boogle' +acebook and others are playing with #re' or in the case o" ]aIi with a plot to blowup subway stations under Brand &entral and Times SQuare on Sept 00' .//9 An A"ghanistan

native living in the -S' ]aIi became a suspect when he used his unencrypted Fahoo emailaccount to doublecheck with his al Zaeda handler in ,akistan about the precise chemical mi3 tocomplete his bombs ]aIi and his collaborators' identi#ed through phone records' were arrestedshortly a"ter he sent an email announcing the imminent attacks4 2The marriage is ready7

*3cept' no !t wouldn6t have mattered i" he had a modern i,hone orAndroid device because whether or not email is encrypted is entirelyunrelated to whether or not data on the device is encrypted hatApple and Boogle are promising now is to encrypt data on the device*ven i" that was turned on' i" you send an unencrypted email' it6s stillavailable to be viewed &rovitI is comparing two completely diEerentthings and doesn6t seem to realiIe it hat kind o" standards does theSJ have when it allows such "alse arguments to be published

uncritically@+urthermore' the "act that ]aIi sent an unencrypted email via Fahoo was a diEerent issue And Fahooencrypted all its email connections a while ago' and no one "reaked out at the time *ven so' that6s

unimportant' because law en"orcement and the intelligence community canand do still read emails with a warrant And' as was made clear by many in theanalysis o" the ]aIicase' he had been watched by law en"orcement "or a whileThe phone encryption that Boogle and Apple are discussing wouldhave had no impact whatsoever on the ]aIi case So why even bring it up' otherthan pure surveillance state +-D@


80/93

5ut' to someone as ignorant o" the basics as &rovitI' it6s an opportunityto double down

The ]aIi e3ample (he pleaded guilty to conspiracy charges and awaits sentencing) highlights therisks that Silicon Yalley #rms are taking with their reputations by making it impossible "orintelligence agencies or law en"orcement to gain access to these communications

*3cept' again' that6s not true !ntelligence agencies and law en"orcement would

still have access to communications in transit > ust not data held onhis phone directly(which they wouldn6t have unless they got the phone itsel") Second' it stillwouldn6t be MimpossibleM to get the in"o rmation They could eithercrack the encryption or issue a subpoena ordering the phone6s ownerto unlock the data(or potentially "ace a potential contempt o" court ruling) hile there are some


81/93

be able to save citiIens "rom terror attacks During a speech' &omey said' Mencryption threatens to lead allo" us to a very dark placeM

*arlier this week' G Bordon &rovitI' a "ormer publisher o" the The all Street Journal' echoed&omey6s concerns in an oped in the SJentitled' Mhy Terrorists Gove Silicon YalleyM

The column contends that tech companies have made consumer products too secure with endtoendencryption &rovitI says when the +5! asked tech companies to #nd a way to balance privacy encryptionand courtordered legal searches' the technologists said it was impossible

MTerror attacks are increasingly planned online' outside the reach o" intelligence and law en"orcement'M&rovitI writes M8nce a recruit is identi#ed' !S!S tells him to switch to an encrypted smartphone Gegalwiretaps are useless because the signal is indecipherable *ven when the devices are law"ully seiIedthrough court orders' intelligence and lawen"orcement agencies are unable to retrieve data "rom themM

?ot only is thiskind o" language irresponsible' linking encryption toterrorism' &rovitI6s "earmongering article seems to hold up &omey6scampaign against encryption as the unvarnished truth Data encryptionwill not result in the -S getting attacked &ompelling tech businessesto tear down basic privacy measures in the service o" #ghting terrorismis a move back to a surveillance state,ost9:00 "ear led to a decade o" mass surveillance &onsidering howlittle was accomplished' it6s clear that relying on access to data and

monitoring electronic communications is not the only way to preventterrorist plots &yberattacks have started to cross over into thephysical world%because smartphones' appliances' and our country6s in"rastructure are allconnected to the internet' our nation6s security actually depends onencryptionCeanwhile' encryption appears to have done little to "oil law en"orcement 6suse o" wire and electronic surveillance to bring down terroristsAccording to the-nited States &ourts6 iretap Report./01' instances o"encrypted devices inter"ering with wiretaps decreased nearly by hal""rom ./0O to ./01 Coreover' the reportalso "ound that last year the vastmaority o" wiretaps were granted "or investigations into drug deals'

not potential terrorist plotsThe +5!6s claim o" being crippled i" tech companies don6t allow them tomonitor electronic communications is a stretch' says David Borodyansky' co"ounder o" virtual private network provider Anchor+ree M!t would presume the +5! wascompletely "seless be"ore the internet was created'M he saysAnchor+ree helps its O


82/93

Crovit% is lying a#o"t t'e :o"isiana case6asnic! 1% Cike Casnick' +ounder and &hie" *3ecutive 8fcer o" +loor;1%a so"tware company'+ounder and *ditor o" Techdirt' ./01 (2Ridiculously Cisin"ormed 8pinion ,iece !n SJ Asks Apple AndBoogle To Cake *veryone Gess Sa"e'7 Techdirt' ?ovember .1th' Available 8nline athttps4::wwwtechdirtcom:articles:./0100.1://00O.9.O.:ridiculouslymisin"ormedopinionpiecewsasksapplegoogletomakeeveryonelesssa"eshtml' Accessed /././0


83/93

that the ?SA and others in law en"orcement keep warning us about Caking us all sa"er is a good thing'though' not to G Bordon &rovitI' apparently

&rovitI is either +oe"lly cl"eless and misinormed or he6sp"rposely misleading the American public ?either reNects well onhim or the all S treet Journal


84/93

&'ey Say (Ste+art a!er)

a!er is +rongCo'n et al 1% &indy &ohn' *3ecutive Director and "ormer Gegal Director and Beneral &ounselo" the *lectronic +rontier +oundation' holds a JD "rom the -niversity o" Cichigan Gaw School' with Jeremy

Billula' StaE Technologist at the *lectronic +rontier +oundation' holds a ,hD in &omputer Science "romStan"ord -niversity' and Seth Schoen' Senior StaE Technologist at the *lectronic +rontier +oundation' ./01(2hat De"ault ,hone *ncryption Really Ceans +or Gaw *n"orcement'7 .ice -e's' 8ctober Pth' Available8nline at https4::newsvicecom:article:whatde"aultphoneencryptionreallymeans"orlawen"orcement 'Accessed //


85/93

&'ey Say (


86/93

medical data +or the rest o" us' its common sense' not an unpatriotic slap to the"ace o" law and orderThis argumentalso misunderstands the role o" the search warrant Asearch warrant allows police' with a udges approval' to do somethingtheyre not normally allowed to do !ts an instrument o" permission,

not comp"lsion !" the cops get a warrant to search your house'youre obliged to do nothing e3cept stay out o" their way Foure notcompelled to dump your underwear drawers onto your dining roomtable and slash open your mattress "or them And youre not placingyoursel" 2above the law7 i" you have a steelrein"orced door thatdoesnt yield to a battering ram


87/93

&'ey Say (


88/93

&'e Bost cites no evidence ignore itC"s'ing 1;% Tim &ushing' StaE riter "or Techdirt' ./0< (2ashington ,ost 8bserves *ncryptionar ./ +or Several Conths' Gearns Absolutely ?othing'7 Techdirt' July ./th' Available 8nline athttps4::wwwtechdirtcom:articles:./0


89/93

The editorial #nally wraps up by calling "or e3perts in the #eld to resolve this issue4This conNict should not be le"t unattended ?ineteen years ago' the ?ational Academy o" Sciencesstudied the encryption issue$ technology has evolved rapidly since then !t would be wise to askthe academy to undertake a new study' with special "ocus on technical matters' andrecommendations on how to reconcile the competing imperatives

Thea,o editorial board is no better thanJames &omey !t can citenot'ing in support o" its view but yet still believes it6s right And ust

like &omey' the board is being wholly disingenuous in its Mde"erralM tosecurity researchers and tech companies !t' like &omey' wants to holdtwo contradictory views

Tech:security researchers are dumb when they say this problemcan6t be solvedTech:security researchers are supersmart and can solve this

problemSo' they(the board and &omey) want to ignore the Msmart guysM when they saythis is impossible' but both are willing to listen i" they like the answersthey6re hearing


90/93

Bolitics *A


91/93

No :in! Under &'e -adar

Encryption ies "nder t'e radar no lin!3eller 1;% *ric Beller' Deputy Corning *ditor at The Daily Dot%the 2hometown newspaper o" the!nternet'7 ./0< (2The rise o" the new &rypto ar'7 The Daily Dot' July 0/th' Available 8nline at

http4::wwwdailydotcom:politics:encryptioncryptowaramescomey"biprivacy:'Accessed /././0


92/93

No :in! O#ama

EitherO#ama +ont spend political capital on encryption or'isne+ position +ill >"ic!ly end t'e de#ate3eller 1;% *ric Beller' Deputy Corning *ditor at The Daily Dot%the 2hometown newspaper o" the!nternet'7 ./0< (2The rise o" the new &rypto ar'7 The Daily Dot' July 0/th' Available 8nline athttp4::wwwdailydotcom:politics:encryptioncryptowaramescomey"biprivacy:'Accessed /././0


93/93

ofcials told the ashington ,ost this week eitIner said that 8bama may also be waitinguntil the latest round o" the &rypto ars has progressed "urther2The hite =ouse tends to get involved in debates once t'eyvemat"red'7 he said 2!" you ump in on everything right up "ront' thevolume can become unmanageable ! know that theres a lot o" attention being paid' and! think thats the right thing to do at this point7

The presidents noncommittal stance has earned him criticism rompro2encryption la+ma!ers who say that their #ght would be m"c'easier i" the commanderinchie" weighed in 2The best way to put allthis to bed'7 =urd said' 2would be "or the president to be very clear sayingthat he is not interested in pursuing backdoors to encryption andbelieves that this is the wrong path to go' in order to s>"as' t'ede#ate once and or all7!" 8bama ever "ormally came out against backdoors' it would representa signi4cant s'it away "rom decades o" antiencryption governmentpolicies' including undermining industrystandard security tools andattacking tech companies through public bullying and private hacking

encryption advantage - hss 2015

Documents