In the aftermath of the Paris attacks, numerous media outlets, politicians, and officials working in intelligence agencies have been quick to point the finger at encryption as the culprit. Many politicians in the US are now seeking to legislate mandatory backdoors in encrypted communications. However, presidential hopeful Hillary Clinton is making statements that present the appearance of a middle ground on the issue.
Last week, Clinton called for Silicon Valley to work more closely with government agencies in order to deal with encryption. She said, "We need our best minds in the private sector to work with our best minds in the public sector to develop solutions that will both keep us safe and protect our privacy." She appeared to take both sides of the encryption debate seriously by saying, "We should take the concerns of law enforcement and counter-terrorism professionals seriously. On the other hand we know there are legitimate concerns about government intrusion, network security and creating new vulnerabilities that bad actors can and would exploit." She concluded by saying, "Now is the time to solve this problem, not after the next attack."
Unfortunately, this appeal for tech companies to work with the government on a middle ground solution is unworkable. Either the companies develop apps that employ encryption to the best of their abilities, or they deliberately sabotage them with backdoors that can be exploited by law enforcement and potentially malicious actors as well. There is no third option that undermines encryption while maintaining privacy. She falls short of actually demanding backdoors through legislation, but its unclear what alternative policy position she could have in mind to support this imaginary middle ground.
Clinton's position is echoed in this article by the Washington Post. It begins with a basic overview of encryption and repeats some talking points about the dangers posed by terrorists using encrypted communications. The article concludes by insisting that tech companies must find a compromise that allows police to access encrypted communications while still protecting privacy, and if they can't a terrified public will do away with encryption entirely after the next terrorist attack.
The technology giants and their allies have resolutely insisted that giving law enforcement any kind of extraordinary access would be disastrous, weakening encryption for all. When we suggested earlier that there must be some kind of technical compromise, we were told bluntly: No compromise exists, period. We understand the benefit of encryption, including for citizens living under authoritarian regimes. But we also do not underestimate the risks to the public that terrorists and other criminals may pose. It seems obvious that, if there is a terrible attack in the United States, privacy advocates and tech companies instantly will lose this argument.
We don’t have a solution, but it would be in everyone’s interest to keep looking for one, before the next catastrophe.
But this is not a reason to refuse co-operation outright. The global tech industry made around $3.7 trillion last year. They employ some of the brightest people on the planet. Apple et al could, if they wanted, employ a fraction of these resources to work out how we can simultaneously keep the good guys’ data secure and keep the bad guys in plain sight. The geniuses of Silicon Valley would be more than a match for the dunderheads in the desert.