During Tuesday's Republican debate, Ohio Gov. John Kasich spoke at length about the dangers of encryption, calling this critical safety feature "a major problem" and tying it to the recent terror attacks.
Sadly, Governor Kasich is hopping on the seemingly growing bandwagon of discrediting encrypted communications and its critical role in securing networks and preventing cyberattacks. This budding narrative that connects the rise of secure communications with national security dangers is not only untrue; it’s dangerous.
Encrypted communications lie at the heart of our ability to secure networks and prevent things like the Office of Personnel Management attacks, but certain law enforcement agencies seem intent on weakening encryption standards and undermining our ability to prevent future occurrences through the creation of encryption backdoors. As the Internet moves more toward encrypted communication as a way of protecting networks and consumers' personal data from additional breaches, providers are engaged in a fight to continue to use these tools lawfully and effectively.
Unfortunately Kasich isn't the only one who misunderstands the complexities of this important technology. FBI Director James Comey is now speaking out against end-to-end encryption. Recently he said that conversations with tech companies have persuaded him that this is not "a technical issue."
That is correct. If technologists were forced to come up with ways to implement backdoors that undermine the effectiveness of end-to-end encryption, they could find a way. The companies that build the Internet’s infrastructure are talented innovators. There are capable of building the kind of technology that Comey envisions, however, that’s not the issue. The issue is that Mr. Comey is talking to the wrong tech companies.
The Internet is more than Facebook, Google, Apple, and Microsoft. There are around 35,000 businesses in the US, and 60,000 worldwide that make up the Internet’s core routing and switching infrastructure and house its data and the vast majority of them are small-to-medium sized businesses.
This extremely competitive field is the heart of the Internet. The ability to build an Internet or cloud company in one's basement, garage, or dorm room has been the key to Internet innovation and the economy built on top of it. Encryption backdoors – if they worked at all – wouldn’t scale downward. We could lose the innovation economy as we ratchet up the requirements of who can build a cloud company.
The kind of system Comey proposes would never work for the countless small businesses that actually build and maintain the Internet. For instance, a small company can't easily or effectively operationalize a backdoor requirement, and handle the key data handling, retention, and distribution operations. There are three systemic problems small business would face in operationalizing such a system.
The technological cost issue: Let's say tech can be built to facilitate operationalizing backdoors. It's going to be new tech. Most of the Internet runs on legacy tech. Who covers the costs of upgrade? Who covers the cost of storage systems, or the costs of implementing secondary security systems to obfuscate the required backdoors? The costs will be significant enough to push out small operators.
The manpower issue: Managing these systems is no small feat. Much of the Internet is built on small operations. How is a one-man-shop going to handle managing these systems, much less the technical overhaul of systems required to get to them?
The open liability issue: Even if you can technically make a backdoor-laden system work, it will always be less secure than one without one. How will the business liability insurance respond to the increased risk to critical consumer data? We should expect dramatically increased insurance premiums as the insurance industry braces itself for the increased risk. Such premiums can be the difference between the success and failure of a small business.
These three systemic issues would be too great for a small business to overcome. Calling for a backdoor requirement is risking the ability for small businesses to continue to operate on the Internet and, as a result, putting the Internet economy in harm’s way.
Christian Dawson is the cofounder of the Internet Infrastructure Coalition (i2Coalition), an organization comprised of more than 80 member companies that build and maintain the infrastructure of the Internet. Follow him on Twitter @mrcjdawson.