Is Congress Really Gearing Up for an Encryption Battle?

After the attacks in New York on September 11, 2001, Congress passed the poorly thought-out Patriot Act. Friday’s Paris attacks seem to be (once again) providing Congress with another excuse to try and legislate making United States encryption weak and putting another obstacle in the way of U.S. technology companies selling overseas.

That’s right….weak. Virtually every single cryptography expert on the planet knows that a force-mandated “backdoor” in software or devices will not work and will make the systems vulnerable to attack by black-hat hackers or state-run military cyberattacks.

Today’s Wall Street Journal had this front-page article, “Paris Attacks Fuel Debate Over Spying – Growing belief that terrorists behind assaults used encrypted communications prompts re-examination of U.S. policy on surveillance.” A few things from the article leapt out at me:

“A growing belief among intelligence officials that the terrorists behind Friday’s Paris attacks used encrypted communications is prompting a far-ranging re-examination of U.S. policy on data collection and surveillance.”  

No kidding. Anyone on this planet with intermediate technical skills can encrypt their communications.

Sen. Richard Burr (R., N.C.), chairman of the Senate Intelligence Committee, said Tuesday his panel will launch a review of encryption use. “It is likely that end-to-end encryption was used to communicate in Belgium and France and Syria,” Mr. Burr said. He said encryption was likely because no direct communication among the terrorists was detected.”

Really Senator? Maybe they met in person?

But this is the part of the article that made me choke on my breakfast muffin: 

A renewed push to give law enforcement and intelligence investigators more power to decrypt commercially sold technology could set Washington on a collision course with Silicon Valley. Many technology companies have rejected law enforcement requests for “back door” coding that would give investigators access to secure communications. Software products are being marketed with a promise that they can’t be decoded, Mr. Burr said, and that might have to change.

“We don’t have a responsibility to sell their products,” the senator said. “We have a responsibility to keep America safe…And if it means that people are going to have to change their business models, then so be it.”

Wait a minute Senator…Congress doesn’t have a responsibility to sell technology products? Then what about all the lip-service paid to American competitiveness? Making this country great again? The Senator ought to talk to the heads of technology companies before shooting off his mouth. Then maybe he can discover how these firms saw first-hand how their product sales plummeted after Edward Snowden revealed the complete and sweeping vacuum surveillance the National Security Agency was doing on, essentially, everyone on the planet.

As a stakeholder in Apple, there is NO question in my mind that, if Tim Cook had not pushed to drive end-to-end encryption in iOS and the iPhone, their Q3 earnings would not being showing that the company reported $13.2 billion in revenue from greater China, which includes China, Hong Kong and Taiwan. China would likely have banned this device altogether if there had been a backdoor in either the software or the phone itself.

It’s not just Apple though, leaders from many leading U.S. technology companies have also appealed directly to President Obama to keep government’s hands off encryption. The main argument? Backdoors don’t work and legislating crippled encryption would put the United States at a security and competitive disadvantage in the world!

So please stop rattling your sabers Congresspeople. It makes you look stupid. It puts fear, uncertainty and doubt (FUD) in the minds of other country governments. That FUD causes them to knee-jerk react with their own laws, making the job of technology sales all that much harder outside the U.S.

---

ARTICLES
I always like to link to other articles that show I am not the only one who sees the absurdity of encryption and that there are other forces in play as well:

• WIRED: After Paris Attacks, Here’s What the CIA Director Gets Wrong About Encryption

• BRUCE SCHNEIER: The Risks of Mandating Backdoors in Encryption Products

• NYTIMES: U.S. Tech Companies and Their Chinese Partners With Military Ties

• FORTUNE: How China’s market meltdown impacts big technology companies

• BLOOMBERG: Why Chinese Tech Doesn’t Need America

It’s not just the America that’s trying to force U.S. tech companies to “open up” our encryption. The United Kingdom (UK) is too1:

• THE GUARDIAN (Cory Doctorow): Encryption won’t work if it has a back door only the ‘good guys’ have keys to
• THE REGISTER (UK): Hi, um, hello, US tech giants. Mind, um, mind adding backdoors to that crypto? – UK govt