Encryption Rules Only Apply to Those Who Follow Them

Posted on by Tony Bradley

encryption backdoorThe world can be a dangerous place, and nations around the world must be vigilant to identify and prevent attacks from would-be terrorists. In the wake of recent terrorist attacks in Paris and in San Bernardino, Calif., there has been increased debate over the need for intelligence agencies to have some sort of back-door access to enable monitoring of encrypted data and communications. It’s an issue of national security, apparently.

How would that work, exactly? Let’s assume that we allow the government to mandate that our Internet providers, websites and Web browsers, email systems, instant messaging tools, and other computer and communication technologies build some sort of encryption back door that allows Big Brother to keep tabs on everything and everyone. Would we then also make a rule demanding that would-be terrorists only use the tools that comply with the encryption back-door requirement?

I know that sounds silly, but how else would it work? The problem with making rules and regulations is that they only apply to law-abiding organizations and individuals. Terrorists and criminals—by definition—don’t follow the rules, so making new rules won’t really change anything.

The bad guys that are ostensibly the target of an encryption back door can simply choose to use platforms and applications that don’t comply with the encryption back door requirements. The more resourceful terrorists and criminals can just develop their own proprietary tools to encrypt information. Those that lack the capacity to do so would simply find alternative methods to communicate that circumvent the encryption back door. At the very least, the only terrorists or criminals who could be monitored or captured as a result of a known encryption back door would be the dumbest of the dumb, and probably would have blown themselves up anyway.

Meanwhile, all of the law-abiding organizations and citizens would now be monitored by intelligence agencies and law enforcement, just in case one of those moron terrorists or criminals happens to slip up and telegraph plans for an attack using methods that comply with the encryption back door mandate. Unless accessing data and communications using the encryption back door will also require probable cause and a properly-issued warrant, it seems to me that implementing such a back door would first require repealing the Fourth Amendment of the United States Constitution.

I don’t believe that our government has a hidden agenda designed to strip away our rights. I believe that the concern over encrypted communications is valid and that those calling for a back door for intelligence agencies and law enforcement have the right intentions. I just don’t think we should change our values or surrender Constitutional rights when the proposed “solution” will only impact law-abiding citizens, and would simply weaken or marginalize the value of encryption itself. 

Tony Bradley

Editor-in-Chief, TechSpective.net

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community