Keys to the Kingdom

4 July 2020

Suppose you’ve just bought a house. No more apartment living, you finally have a place all to your own. On the day you take possession, you change the locks and start moving in. Pretty soon a couple of cops stop by. They introduce themselves and seem friendly enough, but they’ve come to ask for a copy of your house keys.

You see, in this town, there’s a law that says everyone must give a copy of their keys to law enforcement. That way, if they ever need to enter your house, they can just unlock your door. The cops assure you that that they will only use it if they have a warrant. Trust them.

Sound like a good idea?

In the digital world, encryption is like a locked door. If you encrypt something properly, it can only be easily opened with the right key. Without the key, you have to work hard to get to the information, like bashing down your door to get into your house. But unlike doors, encryption has gotten so good that brute force often isn’t enough. Criminals can encrypt data so well that it is effectively uncrackable by law enforcement. Law enforcement may have a warrant, but they could still face an unbreakable door.

So Senators Graham, Cotton, and Blackburn have introduced a bill called the Lawful Access to Encrypted Data Act of 2020, or LAED. It’s a complex bill, but the overall gist of it is that devices and social media platforms must have an ability to decrypt data into an intelligible form. They must turn over unencrypted data to law enforcement when it’s requested. The only real way to do this is for companies to write a backdoor into their encryption software. This means Apple will be able to unlock and decrypt your iPhone. Facebook can read your WhatsApp conversations. Microsoft would have the ability to decrypt your hard drive. As legal analysts have pointed out, the bill would effectively make strong encryption illegal in the United States. Corporations and the government would always have a key.

The bill is clear that the backdoor would only be used for “Exceptional Access Only With A Warrant,” but that further underscores the problem. Even if we assume government officials will hold to the law, introducing a known backdoor into encryption makes it a huge target for bad actors. This is particularly true given that many users of U.S. software don’t live in the U.S. WhatsApp, for example, has 1.5 billion users across the world. You can bet that the governments of less democratic countries would very much like that back door, and they will put money and effort into finding it. When they do find the back door, they will also be able to use it against the U.S.

There’s no doubt that strong encryption can make it more difficult for the good guys to catch the bad guys. But strong encryption also protects the good guys from the bad guys. Which is why LAED is a very bad idea.