Modern field guide to security and privacy

Opinion: Encryption backdoors are killers of the innovation economy

A government mandate for access to secure communication technologies would cripple the security of the Web and hurt the thousands of small companies that make up the backbone of the Internet. 

John Locher/AP
During Tuesday's Republican presidential debate, Ohio Gov. John Kasich said called encryption a problem the US needs to solve.

During Tuesday's Republican debate, Ohio Gov. John Kasich spoke at length about the dangers of encryption, calling this critical safety feature "a major problem" and tying it to the recent terror attacks.

Sadly, Governor Kasich is hopping on the seemingly growing bandwagon of discrediting encrypted communications and its critical role in securing networks and preventing cyberattacks. This budding narrative that connects the rise of secure communications with national security dangers is not only untrue; it’s dangerous.

Encrypted communications lie at the heart of our ability to secure networks and prevent things like the Office of Personnel Management attacks, but certain law enforcement agencies seem intent on weakening encryption standards and undermining our ability to prevent future occurrences through the creation of encryption backdoors. As the Internet moves more toward encrypted communication as a way of protecting networks and consumers' personal data from additional breaches, providers are engaged in a fight to continue to use these tools lawfully and effectively.

Unfortunately Kasich isn't the only one who misunderstands the complexities of this important technology. FBI Director James Comey is now speaking out against end-to-end encryption. Recently he said that conversations with tech companies have persuaded him that this is not "a technical issue."

That is correct. If technologists were forced to come up with ways to implement backdoors that undermine the effectiveness of end-to-end encryption, they could find a way. The companies that build the Internet’s infrastructure are talented innovators. There are capable of building the kind of technology that Comey envisions, however, that’s not the issue. The issue is that Mr. Comey is talking to the wrong tech companies.

The Internet is more than Facebook, Google, Apple, and Microsoft. There are around 35,000 businesses in the US, and 60,000 worldwide that make up the Internet’s core routing and switching infrastructure and house its data and the vast majority of them are small-to-medium sized businesses.

This extremely competitive field is the heart of the Internet. The ability to build an Internet or cloud company in one's basement, garage, or dorm room has been the key to Internet innovation and the economy built on top of it. Encryption backdoors – if they worked at all – wouldn’t scale downward. We could lose the innovation economy as we ratchet up the requirements of who can build a cloud company.

The kind of system Comey proposes would never work for the countless small businesses that actually build and maintain the Internet. For instance, a small company can't easily or effectively operationalize a backdoor requirement, and handle the key data handling, retention, and distribution operations. There are three systemic problems small business would face in operationalizing such a system.

The technological cost issue: Let's say tech can be built to facilitate operationalizing backdoors. It's going to be new tech. Most of the Internet runs on legacy tech. Who covers the costs of upgrade? Who covers the cost of storage systems, or the costs of implementing secondary security systems to obfuscate the required backdoors? The costs will be significant enough to push out small operators.

The manpower issue: Managing these systems is no small feat. Much of the Internet is built on small operations. How is a one-man-shop going to handle managing these systems, much less the technical overhaul of systems required to get to them?

The open liability issue: Even if you can technically make a backdoor-laden system work, it will always be less secure than one without one. How will the business liability insurance respond to the increased risk to critical consumer data? We should expect dramatically increased insurance premiums as the insurance industry braces itself for the increased risk. Such premiums can be the difference between the success and failure of a small business.

These three systemic issues would be too great for a small business to overcome. Calling for a backdoor requirement is risking the ability for small businesses to continue to operate on the Internet and, as a result, putting the Internet economy in harm’s way.

Christian Dawson is the cofounder of the Internet Infrastructure Coalition (i2Coalition), an organization comprised of more than 80 member companies that build and maintain the infrastructure of the Internet. Follow him on Twitter @mrcjdawson.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.