It’s been a year and a half since US law enforcement agencies resumed their campaign trying to ban strong end-to-end encryption, and it’s pretty clear that the resulting “debate” is going nowhere.
In the Senate, legislation seeking to block companies from offering encryption that can’t be deciphered with a court order has stalled. California and New York are advancing bills of their own that would ban the sale of encrypted devices in those states, taking aim directly at Apple, which provoked the FBI in 2014 by implementing encryption schemes on iOS devices that even they can’t circumvent. And yesterday in the House, resident computer scientist Rep. Ted Lieu (D-CA) introduced the ENCRYPT Act, which would ban encryption bans.
But as it stands neither the bans nor the ban-bans have nearly enough momentum, meaning there’s no indication the encryption conundrum will be resolved any time soon.
The contours of this fight have been well documented, but it goes something like this: The FBI and other law enforcement agencies say they’re “going dark,” a contention from the 90s which claims that widespread encryption is preventing cops from catching drug dealers, terrorists and other Horsemen of the Infocalypse by making their communications inaccessible.
Meanwhile, current and former intelligence officials and an overwhelming majority of security experts have noted that’s not actually true, and that banning end-to-end encryption in the US would be ineffective since it would simply move overseas. The FBI’s proposals for bypassing encryption with backdoors would also make internet security catastrophically worse, since it requires opening security holes that anyone, not just the “good guys,” could exploit.
And yet, hundreds of news articles, dozens of Congressional hearings and a handful of reports and academic papers later, there’s still no hint of agreement on encryption in Washington.
That’s why FBI director James Comey has to constantly tweak his rhetoric to make the idea of forcing companies to offer inferior encryption that government agencies can access more palatable. The semantics have shifted from back doors to “front doors” to asking companies to completely abandon their business models.
At a hearing this week, Comey claimed the FBI has been unable to unlock one of the San Bernardino shooters’ phones. But the link between the Bureau’s troubles and advanced encryption is only implied, not explicitly stated; Comey could just as easily have been locked out by a numeric PIN code.
Even while begging for a ban on strong encryption, the FBI is simultaneously investing in investigative techniques that would circumvent it entirely. The Bureau recently asked for $69.3 million to invest in more hacking technology, similar to the kind they already use to crack dark web sites and circumvent encryption.
None of this seems to matter though in view of the larger debate being had on the Hill. Law enforcement will continue to color encryption as an existential threat. Experts will continue to demonstrate that it isn’t, and that regulating it would be pointless at best and destructive at worst.
It’s stupid in the same way that arguing with a climate change denier is stupid: No matter what evidence you present, the other side is going to just keep looking for conflated anecdotes that confirm their world view.
Security guru Bruce Schneier likes to say “Trust the Math,” a reassurance that science will win out in the end. But if the current state of things is any indication, encryption defenders are in for a long slog.