Subscribe
Modern field guide to security and privacy

Opinion: Encryption backdoors are killers of the innovation economy

A government mandate for access to secure communication technologies would cripple the security of the Web and hurt the thousands of small companies that make up the backbone of the Internet. 

  • close
    During Tuesday's Republican presidential debate, Ohio Gov. John Kasich said called encryption a problem the US needs to solve.
    John Locher/AP
    View Caption
  • About video ads
    View Caption
of

During Tuesday's Republican debate, Ohio Gov. John Kasich spoke at length about the dangers of encryption, calling this critical safety feature "a major problem" and tying it to the recent terror attacks.

Sadly, Governor Kasich is hopping on the seemingly growing bandwagon of discrediting encrypted communications and its critical role in securing networks and preventing cyberattacks. This budding narrative that connects the rise of secure communications with national security dangers is not only untrue; it’s dangerous.

Encrypted communications lie at the heart of our ability to secure networks and prevent things like the Office of Personnel Management attacks, but certain law enforcement agencies seem intent on weakening encryption standards and undermining our ability to prevent future occurrences through the creation of encryption backdoors. As the Internet moves more toward encrypted communication as a way of protecting networks and consumers' personal data from additional breaches, providers are engaged in a fight to continue to use these tools lawfully and effectively.

Recommended: Tech firms push back on 'reactionary' politics following terror attacks

Unfortunately Kasich isn't the only one who misunderstands the complexities of this important technology. FBI Director James Comey is now speaking out against end-to-end encryption. Recently he said that conversations with tech companies have persuaded him that this is not "a technical issue."

That is correct. If technologists were forced to come up with ways to implement backdoors that undermine the effectiveness of end-to-end encryption, they could find a way. The companies that build the Internet’s infrastructure are talented innovators. There are capable of building the kind of technology that Comey envisions, however, that’s not the issue. The issue is that Mr. Comey is talking to the wrong tech companies.

The Internet is more than Facebook, Google, Apple, and Microsoft. There are around 35,000 businesses in the US, and 60,000 worldwide that make up the Internet’s core routing and switching infrastructure and house its data and the vast majority of them are small-to-medium sized businesses.

This extremely competitive field is the heart of the Internet. The ability to build an Internet or cloud company in one's basement, garage, or dorm room has been the key to Internet innovation and the economy built on top of it. Encryption backdoors – if they worked at all – wouldn’t scale downward. We could lose the innovation economy as we ratchet up the requirements of who can build a cloud company.

The kind of system Comey proposes would never work for the countless small businesses that actually build and maintain the Internet. For instance, a small company can't easily or effectively operationalize a backdoor requirement, and handle the key data handling, retention, and distribution operations. There are three systemic problems small business would face in operationalizing such a system.

The technological cost issue: Let's say tech can be built to facilitate operationalizing backdoors. It's going to be new tech. Most of the Internet runs on legacy tech. Who covers the costs of upgrade? Who covers the cost of storage systems, or the costs of implementing secondary security systems to obfuscate the required backdoors? The costs will be significant enough to push out small operators.

The manpower issue: Managing these systems is no small feat. Much of the Internet is built on small operations. How is a one-man-shop going to handle managing these systems, much less the technical overhaul of systems required to get to them?

The open liability issue: Even if you can technically make a backdoor-laden system work, it will always be less secure than one without one. How will the business liability insurance respond to the increased risk to critical consumer data? We should expect dramatically increased insurance premiums as the insurance industry braces itself for the increased risk. Such premiums can be the difference between the success and failure of a small business.

These three systemic issues would be too great for a small business to overcome. Calling for a backdoor requirement is risking the ability for small businesses to continue to operate on the Internet and, as a result, putting the Internet economy in harm’s way.

Christian Dawson is the cofounder of the Internet Infrastructure Coalition (i2Coalition), an organization comprised of more than 80 member companies that build and maintain the infrastructure of the Internet. Follow him on Twitter @mrcjdawson.

About these ads
Sponsored Content by LockerDome
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK