Encryption and Privacy

Recently, the FBI ordered Apple inc. to decrypt the iPhone of one of the San Bernardino shooters. On the surface, this may seem like a simple and reasonable request, but there is much more to this request than may be obvious to the average citizen. The first issue is that Apple does not currently have the ability to decrypt their customers’ phones. The encryption system was designed so that nobody, not even Apple or the US Government, could gain access to the phone’s data without the user’s credentials (in this case, the user’s fingerprint scan and passcode). For Apple to grant the FBI’s request, they would need to create a modified version of the iPhones operating system (OS) that would allowe them to break into it. The FBI insists that the modified OS would only be installed on this phone, but critics of the request believe that the FBI would begin using this strategy in more cases, increasing the risk that this software would be leaked to a third party. In the wrong hands, anyone with this software could break into any iPhone they could get their hands on, accessing personal and financial information of the phone’s owner.

Although it may seem to be just a squabble between a tech company and the FBI, this issue actually represents the next major crossroads for the right to privacy by the American citizen. Although most constitutional scholars believe that the constitution guarantees its citizens’ right to privacy (through a combination of the 1st, 3rd, 4th, 9th, and 14th amendments), they also agree that this right to privacy is forfeit during substantiated legal investigations. This interpretation has worked for years, but with the recent advent of the digital age, we must consider the consequences of continuing in this manner.

Before the digital age, privacy meant that nobody could come into your home or take something that was yours without permission. They also could not access any legal, financial, or personal information about you, since any documents containing such information would be inside your home or workplace, where they would not be allowed without permission. Now, however, people store their entire lives in their pocket: their phone contains personal information in the form of texts, emails, and pictures; their credit card and social security numbers are stored by apps through which they make purchases. To gain access to someone’s phone is often to gain access to their schedule, their bank accounts, and any other services they may be able to access through their phone. In the digital age, a phone contains everything one would need to completely assume a person’s identity, or to empty all of their accounts. All of this can be done quickly and untraceably once a party gains access to the data. We must consider this incredible risk when choosing to allow certain parties access to our information.

Some might argue that these risks are there in the physical world as well – that the same criminals can break into your home or mug you, steal your wallet, and accomplish the same goals. However, the major difference here is that in either case, it is clear that a crime has been committed, and that the victim’s data has been compromised. In the case of digital intrusions, a skilled hacker will leave no trace that the victim’s data has been stolen. A person may not realize that their identity has been stolen for hours, days, or even weeks after the crime has been committed. This makes it very difficult to track the person  who committed the crime, and leaves the victim little hope of recovering his assets.

The thing about encryption that public officials seem unable to grasp is that you cannot create a backdoor without leaving it open for anyone clever enough to find it. What I mean by “backdoor” is a method for authorized officials (such as the FBI) to access encrypted data. To understand the flaw in this idea, we need to understand how encryption works. When data is encrypted, it is first encoded numerically, so that a computer can read it. Next, these numbers are run through a function based on the user’s key. Without the key, there is no way to convert the encrypted numbers back into something that the computer can read. Modern encryption programs do not rely on the method of encryption being kept secret, as that method’s discovery would render the entire encryption system useless. A government backdoor would require an encryption system that does not nned the user’s key to be decrypted. This method would rely entirely on the government’s method of gaining backdoor entry remaining secret. The moment that method was discovered, the entire encryption system would become unsafe to use, exposing millions of people’s data to anyone tech savvy enough to look for it.

In the digital age, where a person can remotely access a server from anywhere in the world, and where any information they gain can be disseminated nearly instantaneously across the globe, we cannot afford to rely on secrecy to protect our data. The chance of the backdoor’s secret being discovered coupled with the untold damage that could do to millions of lives far outweighs the advantages that could be gained through giving the government access to criminal’s communication records. This is not an issue of the FBI gaining access to a single phone. This is an issue of whether we value the privacy and safety of every single citizen over the ability of our government to access the records of those deemed to be a threat to national security. It is not an easy question, and should not be answered lightly, but I believe that the potential risks far outweigh the potential benefits of having a government backdoor to encryption. Even if we assume that this power will never be abused, we cannot realistically assume that it will never be replicated by hackers, who have already proven far more competent in matters of information technology than our government.

Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *