All points in green were written by Menelik Epee-Bounya, arguing for encryption backdoors. All points in brown were written by Ryan Guan, arguing against encryption backdoors.

The U.S. should have a back door to encryption

  • Terrorism
    This is a matter of national security and cannot be taken lightly. On the evening of November 13, a series of coordinated attacks shook the French capital. The Islamic State of Iraq and the Levant (ISIL) has claimed responsibility for the Paris attacks, saying that it was in retaliation for French airstrikes on ISIL (or ISIS), targets in Syria and Iraq. Those attacks killed 129 people. What makes this situation even more horrific is that the attackers were able to communicate using encrypted apps such as WhatsApp and iMessage. The main worry for the police and law enforcement is that once these perpetrators go “dark” there is not much that they can do. The New York State Assembly has come up with a proposed bill that would ban encrypted mobile phones and slap manufacturers with a $2,500 fine per phone sold in the state of New York without a backdoor. In a nutshell, backdoors are security holes – for example, an undocumented master decryption key – knowingly added to software. In addition, encrypted apps make it much easier for ISIL to recruit online. Once ISIL connects with a potential recruit through Twitter, they quickly shift over to encrypted communication. The only way that the U.S. and its allies will stop ISIL and its horrific ideology is through collaboration between the government and the private sector.
  • Although the idea of industry and government banding together to fight global threats seems noble, the creation of backdoors will be no use to government agencies because they simply cannot process all the data. The NSA collects over 200 million text message daily and has admitted that the agency already cannot process the flood of unencrypted messages. If the U.S. government really wants to fight terror, then they should develop methods to make sense of the data they have.
  • Bill Binney, the former head of the NSA, stated that “bulk data collection,” which will be expanded with the introduction of backdoors, actually hinders the effectiveness of information analysts since their efforts are focused on sorting data rather than interpreting it. Any additional influx of data will divert resources away from more effective programs such as physical surveillance. In the case of France, the French police had previously placed the perpetrators of the Paris terrorist attacks on a list of 11,000 people considered national threats. However, with only 600 men physically spying on threats, the attackers were not physically surveilled and slipped through the cracks. The U.S should not try to ramp up the scale of mass surveillance programs in order to detect terrorists but should instead concentrate on funding focused, manual surveillance on suspects.
  • Exacerbating the problem of understaffing is that law enforcement is not always sure which threats are the most important. After the Charlie Hebdo Attacks at the beginning of last year, French Prime Minister Valls told French television, “There is a clear failing. When 17 people die, it means there were cracks.” An American official speaking about the failure said that French intelligence and law enforcement agencies had conducted surveillance on one or both of the Kouachi brothers after Saïd returned from Yemen, but later reduced that monitoring or dropped it altogether to focus on what were believed to be bigger threats. An encryption backdoor would allow law enforcement to focus their limited resources on the threats of higher importance, therefore maximizing the output of a limited workforce.
  • Crime
    A backdoor on encryption would also help law enforcement in their fight against crime, especially gang-related violence. According to the National Gang Center, over the past decade, annual estimates of the number of gangs have averaged around 27,000 nationally. The most recent estimate of more than 30,000 gangs represents a 15 percent increase from 2006 and is the highest annual estimate since 1996. In addition to the increase in gang members, gang violence is also on the rise. James Howell of the National Gang Center said, “In the past five years we’ve seen an eight percent increase in number of gangs, an eleven percent increase in members and a 23 percent increase in gang-related homicides.” One of the ways that law enforcement is able to curtail this violence and influx of drugs is through surveillance. However, law enforcement is now beginning to face some issues, as gang members and drug traffickers turn to encrypted communication. An op-ed titled “When Smartphone Encryption Blocks Justice,” which Manhattan District Attorney Cyrus Vance Jr. co-wrote with law enforcement officials from the U.K., France, and Spain, argued that by securing smartphones in such a way that only their users can unlock them, Apple and Google are undermining law and order.
  • Criminals and cartels will easily circumvent any laws banning encryption. As stated in the points, public encryption systems, used by WhatsApp and Apple, can be created by anyone or any foreign company. Even barring foreign encrypted messaging service from operating in the U.S will not do it; using a proxy – which routes a user’s internet connection through a foreign country – one can easily circumvent any firewall. Even China’s aggressive country-wide firewall is easily disregarded. If criminals or even ordinary U.S citizens want to keep their communications private, they can do it regardless of whether U.S companies are required to have backdoors or not.
  • A backdoor on encryption will not stop all terrorist attacks and all crime in general, but it will help deter such attacks, creating a safer world, more suitable to growth and progress. As said before, just because a law may not completely eradicate the problem does not mean that we should not put the law in place.
  • Privacy
    Individual privacy would not be compromised. If this law were to be put in place, the U.S. government would only have access to this encrypted information once they have presented a warrant. This would be no different than a police warrant in a murder case. This will not be the same as the NSA’s surveillance system that Edward Snowden leaked to the world in 2013.
  • Top security officials at the NSA have made similar promises to not collect data on individuals without warrants. However, security agencies have again and again created loopholes that allow the NSA to collect American communications without warrants. Even presuming that government agencies do in fact follow regulation, the creation of backdoor encryption keys, if leaked, could reveal company strategies and employee records and compromise private communications between companies. The bottom line is that allowing governments to possess indisputable control over private communications is a line that U.S government should not cross. The only way to guarantee privacy to Americans is to draw the line here.
  • To suggest that the US government has complete control over private communication because it has access to encrypted communication when necessary to protect the safety of American citizens is ludicrous. The US government is a government made by the people for the people, and has its people’s best interests at heart when implementing this backdoor. Furthermore, that rhetoric is the exact opposite of what is needed at this time. The private sector and government need to work together in order to stop these horrific attacks that occur all around the world.
  • There is precedent
    A backdoor on encryption would be no different than when law enforcement could read emails or could bug a room with a warrant. In the status quo, if law enforcement does obtain a warrant, they can bug any phone call or face-to-face conversation. Law enforcement could obtain a warrant, the same way they obtained a warrant to bug a room, and then would be able to see this encrypted communication and stop crime.
  • Although backdoor encryptions may have precedent due to other surveillance methods, mismanagement of backdoors to encryption will result in far greater repercussions than the mismanagement of unencrypted emails. The government will need to house these encryption keys in a database, and that database would be vulnerable to attacks by third parties. Companies depend on encryption keys to ensure that sensitive data of employees and company performance does not fall in the hands of hackers and criminals. However, if any hackers manage to break into the database or the encryption keys are leaked by an insider, all the effort companies have invested into concealing their information will be for nought. Scandals such as the Sony hacking will only become more common if the government is given backdoors to the communications.
  • Although the cyber attacks on Sony should concern the American government and certainly American companies, what should concern both the former and the latter are the economic effects of terrorism. According to the Global Terrorism Index, the economic cost of terrorism reached its highest ever level in 2014 at US$52.9 billion, a 61 per cent increase from the previous year and a ten-fold increase since 2000. In addition, the Global Terrorism Index estimates the global national security expenditure to be approximately US$117 billion. And according to numerous financial experts the recent attacks in Paris, will cost the French economy more than $2 billion, compared to the $35 million that Sony lost due to the cyber attack.
  • The Problem will only get worse
    In the past year we have seen hundreds of terrorist attacks all across the world, most notably in France, Yemen Egypt and Nigeria. As our technological capabilities grow and encrypted communication becomes more commonplace among most world citizens, law enforcement’s job will only get harder. According to the Global Terrorism Index, between 25,000 and 30,000 foreign fighters have arrived in Syria and Iraq since 2011, 7,000 in the first six months of 2015. These attacks will only become more commonplace.
  • The creation of backdoors to encryption will not eliminate the presence of ISIS in Syria and Iraq because ISIS has simply too many alternative messaging services that it can swap to. The thought that encryption keys will stop multimillion dollar criminal organizations is a fantasy. For organizations to create their own encryption algorithm would be as simple as downloading free, open source software. The same dilemma occurs as with iMessage and WhatsApp except that now we have prevented U.S citizens from preserving their privacy in an increasingly public world.
  • Increased physical surveillance in the form of law enforcement officers trailing potential threats will help lessen the problems of growing terrorism and criminal activity. Unlike backdoors to encryptions, physical surveillance provides focused information that does not depend on the efficacy of detection algorithms and does not allow the government the potential to spy on the activities of all Americans. Terrorists and criminals can avoid phones and can avoid U.S. messaging apps. However, they cannot avoid going outside and being observed. The U.S and French government knew that the Boston Marathon bombers and the Paris attackers were potential threats but simply lacked the resources to spy on their activities. When governments were so close to preventing national tragedies but simply lacked the manpower, shouldn’t the government focus on correcting that issue instead of expanding the reach of the NSA?
  • Although a backdoor will not destroy groups such as ISIS, backdoors will assist in the process of defeating these criminal organizations. This new asset will allow the US government, and governments around the world, to have access to up to date and often crucial information, allowing governments to make the most appropriate decision for their given situation. Although law enforcement may have a lot of data about potential terrorist threats, it is unable to follow up on leads because these agencies are undermanned and do not know which lead is more credible. A backdoor will help law enforcement decide which threats to follow up on.

No, The U.S. should not have a back door to encryption

  • Security Issues
    A backdoor to encryption introduces a security vulnerability that otherwise would not exist in programs. Thus, the creation of government-controlled encryption keys or backdoors will not just allow the U.S government secure access – as claimed by John McCain – but will also allow terrorists organizations and foreign belligerent nations to potentially access sensitive and private information about companies and individuals. As stated by Brian Dugger of the Open Technology Institute, “The more people who have a key, the higher the likelihood that one will get lost.” Such keys could get publicized in an insider leak much like those of Edward Snowden or could simply be stolen by hackers as a result of government agencies not taking proper security measures. In fact, the National Institute of Standards and Technology (NIST), which had been previously appointed as keyholder, was troubled recently by malware attacks. If the U.S. government required encryption keys from major companies such as Google, Microsoft, and Apple and made one mistake, sensitive information detailing credit card information and national security would be accessible by foreign spying agencies and terrorists organizations.
  • However, Edward Snowden leaked information about the NSA’s surveillance system because American citizens were not aware of the surveillance. In this case, American citizens will be aware of the United States’ ability to present a warrant for encrypted information. And although a backdoor on encryption will not eradicate all crime in the world, it will help law enforcement put bad people behind bars.
  • The storage of these encryption codes or keys presents too great a security risk for users and messaging companies alike because government leaks take only one person such as Chelsea (formerly Bradley) Manning to release thousands of classified documents. Regardless of a government leaker’s intention, the releasing of classified information has devastating effects on trust and security including the endangerment of the lives of U.S. soldiers. Moreover, as stated previously, the government has lost data from hacking incidents such as the breach into the personal and classified data of 20 million federal employees. What is the end result of the creation of backdoors to encryption? Users will stop using encrypted apps in fear that their privacy may be leaked, and companies will need to worry whether their encryption keys given to the U.S government have been compromised by hackers. Even if the chance of a leak is slim, the proposal injects risk into the technology industry that would not otherwise exist. When mass surveillance and online information failed to detect the Boston bombers and the Paris attackers, the claim that additional online surveillance from encrypted messages will finally stop crime is dubious.
  • Financial Consequences
    Fearful of NSA data collection, foreign firms have already stopped using US based cloud computing, and this alone has raised concern among U.S tech companies that they will lose market share abroad. Moreover, the proposed keys could turn mundane actions such as shopping online and banking into acts riddled with security issues. If the encryption keys of banks and online stores fall in the wrong hands, encrypted credit card numbers sent through the internet will be able to be decrypted by hackers. The creation of government controlled keys will only further fuel foreign distrust in the security of online services based in America and drive customers towards companies in nations that do not require built-in vulnerabilities. When the U.S technology industry is one of the fastest growing industries and is a leader in the global market, the U.S. government should not be entertaining a proposal that could threaten the two tenets that tech giants operate on: privacy and security.
  • The financial and economic consequences of terrorism outweigh the consequences of consumer doubt. According to the Global Terrorism Index, the economic cost of terrorism reached its highest ever level in 2014 at US$52.9 billion, a 61 per cent increase from the previous year and a ten-fold increase since 2000. In addition, the Global Terrorism Index estimates the global national security expenditure to be approximately US$117 billion. Furthermore, the US led airstrikes against ISIS targets in Syria and Iraq are even more costly and will continue to accrue if we are unable to stop ISIS. Commander Bill Urban, a pentagon spokesman said that, “as of December 11, 2014, the total cost of operations related to ISIL since kinetic operations started on August 8, 2014 is $1.02 billion and the average daily cost is $8.1 million.”
  • Yes, the financial losses due to terrorism outweigh the financial losses from business in the technology industry. However, the introduction of backdoors to encryption will not stem the growth of terrorism because terrorists have too many options outside of the U.S to encrypt their communications. So, the use of custom or foreign encryption services will nullify any benefit that government controlled encryption keys would provide. The $8.1 million spent everyday against ISIS in airstrikes will continue without any reduction in intensity because the proposition will have resulted in no change in how the U.S deals with encrypted terrorist messages. On the other hand, increased spying efforts, such as the NSA revelation, have slashed earnings for tech companies, and the creation of government controlled backdoors will continue that trend.
  • Other Alternatives
    Because foreign companies will not be subject to the requirements of backdoors, there will still be programs and apps that will allow terrorists and criminals to communicate using encrypted messages. The regulation of all encryption keys is beyond the U.S government’s control because of the relative ease that encryption systems can be made. So, if a criminal still wanted to obscure their communications after the implementation of backdoors, it would be as easy as downloading a foreign app or developing their own encryption keys. The creation of backdoors then will only intrude on the privacy of law-abiding citizens.
  • Although having a backdoor on encrypted communications may not prevent all terrorists or criminals, it will deter many more. Just because “there will still be programs and apps that will allow terrorists and criminals to communicate using encrypted messages” does not mean that we cannot institute this program. Just because there are still car accidents and car fatalities does not mean that the seat belt does not function. To end these mass casualties we must make progress step by step through collective and group efforts, and a backdoor on encryption is one step of many.
  • The lack of American-based encrypted communication services will not deter any potential terrorists or criminal who are willing to plan crimes weeks and months ahead. In other words, if the criminal is capable of buying a gun, smuggling drugs, or making an explosive, the criminal is more than capable of downloading a foreign encrypted messaging app via a proxy. Thus, law enforcement officers will not catch any more criminals or terrorists than they would otherwise because of the availability of encryption tools. Upon a closer look, backdoors to encryption fails to prevent criminals from obtaining encrypted messaging systems and is simply a bandage for the problem.
  • Better detection and follow up, not more data 
    The U.S government does not need access to more information through encryption keys but instead needs to process and follow up on the information that is already available. For instance, the coordinators of the 9/11 attacks used an unencrypted email service, Hotmail, to plan their attack and simply used codewords to obscure their goals. In other cases, soon-to-be-terrorists were identified and no course of action was taken, such as with the Boston bombers. According to Matt Blaze, a professor of computer science at the University of Pennsylvania, “a lot of the evidence that’s come out so far suggests that they were just communicating back and forth on Facebook and weren’t using any encryption apps at all [during the Paris attacks].” The French government with the Paris attacks, much like the American government with the Boston bombings, had already flagged the attackers as potential threats prior to the attacks; they just failed to follow up on what information agencies warned about. The addition of backdoor encryption keys will not combat criminal operations when governments lack the ability to process the deluge of unencrypted messages and to handle flagged suspects.
  • Although governments may have some information on potential terrorists or terrorist plots, they are unable to follow up on all of those suspects. After the Charlie Hebdo Attacks at the beginning of last year, French Prime Minister Valls told French television, “There is a clear failing. When 17 people die, it means there were cracks.” An American official speaking about the failure to identify the plot said that French intelligence and law enforcement agencies had conducted surveillance on one or both of the Kouachi brothers after Saïd returned from Yemen, but later reduced that monitoring or dropped it altogether to focus on what were believed to be bigger threats. Although having access to encrypted messaging may not may not prevent all attacks, a backdoor on encryption is a right step in the right direction.
  • More data on the communications of terrorists will not translate to the prevention of terrorism. When governments failed to utilize the unencrypted messages of the 9/11 terrorists to prevent the attack, what good will the addition of encrypted messages do? The NSA director, Keith Alexander, admitted that the NSA spying program has perhaps only foiled “one or two” terrorist plots. Likewise, France’s NSA-like mass surveillance program never pointed its eyes towards the Facebook messages or SMS messages of the Paris attackers who were known to the authorities prior to the attack, or if it did, the program failed to follow up. The over-reliance on the mass collection of online data has given the U.S and other nations a false sense of security. Fundamentally, the premise that information can prevent crime and terrorism seems flawed. A backdoor to encryption, which U.S lawmakers have been pushing for, is simply a continuation of that flawed premise. The creation of government controlled encryption keys will further entrench the United States as a police state while failing to help with any “policing” at all.