The Value of Encryption
- Bruce Schneier
- The Ripon Forum
- April 2016
In today's world of ubiquitous computers and networks, it's hard to overstate the value of encryption. Quite simply, encryption keeps you safe. Encryption protects your financial details and passwords when you bank online. It protects your cell phone conversations from eavesdroppers. If you encrypt your laptop — and I hope you do — it protects your data if your computer is stolen. It protects your money and your privacy.
Encryption protects the identity of dissidents all over the world. It's a vital tool to allow journalists to communicate securely with their sources, NGOs to protect their work in repressive countries, and attorneys to communicate privately with their clients.
Encryption protects our government. It protects our government systems, our lawmakers, and our law enforcement officers. Encryption protects our officials working at home and abroad. During the whole Apple vs. FBI debate, I wondered if Director James Comey realized how many of his own agents used iPhones and relied on Apple's security features to protect them.
Encryption protects our critical infrastructure: our communications network, the national power grid, our transportation infrastructure, and everything else we rely on in our society. And as we move to the Internet of Things with its interconnected cars and thermostats and medical devices, all of which can destroy life and property if hacked and misused, encryption will become even more critical to our personal and national security.
Security is more than encryption, of course. But encryption is a critical component of security. While it's mostly invisible, you use strong encryption every day, and our Internet-laced world would be a far riskier place if you did not.
When it's done right, strong encryption is unbreakable encryption. Any weakness in encryption will be exploited — by hackers, criminals, and foreign governments. Many of the hacks that make the news can be attributed to weak or — even worse — nonexistent encryption.
The FBI wants the ability to bypass encryption in the course of criminal investigations. This is known as a "backdoor," because it's a way to access the encrypted information that bypasses the normal encryption mechanisms. I am sympathetic to such claims, but as a technologist I can tell you that there is no way to give the FBI that capability without weakening the encryption against all adversaries as well. This is critical to understand. I can't build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. The technology just doesn't work that way.
If a backdoor exists, then anyone can exploit it. All it takes is knowledge of the backdoor and the capability to exploit it. And while it might temporarily be a secret, it's a fragile secret. Backdoors are one of the primary ways to attack computer systems.
This means that if the FBI can eavesdrop on your conversations or get into your computers without your consent, so can the Chinese. Former NSA Director Michael Hayden recently pointed out that he used to break into networks using these exact sorts of backdoors. Backdoors weaken us against all sorts of threats.
Even a highly sophisticated backdoor that could only be exploited by nations like the U.S. and China today will leave us vulnerable to cybercriminals tomorrow. That's just the way technology works: things become easier, cheaper, more widely accessible. Give the FBI the ability to hack into a cell phone today, and tomorrow you'll hear reports that a criminal group used that same ability to hack into our power grid.
Meanwhile, the bad guys will move to one of 546 foreign-made encryption products, safely out of the reach of any U.S. law.
Either we build encryption systems to keep everyone secure, or we build them to leave everybody vulnerable.
The FBI paints this as a trade-off between security and privacy. It's not. It's a trade-off between more security and less security. Our national security needs strong encryption. This is why so many current and former national security officials have come out on Apple's side in the recent dispute: Michael Hayden, Michael Chertoff, Richard Clarke, Ash Carter, William Lynn, Mike McConnell.
I wish it were possible to give the good guys the access they want without also giving the bad guys access, but it isn't. If the FBI gets its way and forces companies to weaken encryption, all of us — our data, our networks, our infrastructure, our society — will be at risk.
The FBI isn't going dark. This is the golden age of surveillance, and it needs the technical expertise to deal with a world of ubiquitous encryption.
Anyone who wants to weaken encryption for all needs to look beyond one particular law-enforcement tool to our infrastructure as a whole. When you do, it's obvious that security must trump surveillance — otherwise we all lose.
Tags: Ripon Forum