The National-Security Needs for Ubiquitous Encryption
Harvard’s Berkman Center for Internet & Society convened an interdisciplinary group to take on vexing questions of surveillance and cybersecurity. The group has now released the report “Don’t Panic.” Here, its authors share some individual reflections.
Each terrorist attack grabs headlines, but the insidious theft of US intellectual property — software, business plans, designs for airplanes, automobiles, pharmaceuticals, etc. — by other nations does not. The latter is the real national-security threat. It’s a strong reason for national policy to favor ubiquitous use of encryption.
In 2000, the US government loosened export controls on encryption. In part this was because of pressures from Silicon Valley and Congress, but in large part, the reason for this change was national security. The end of the Cold War led to a temporary decline in military spending. One way to accommodate the shift was to turn to commercial off the shelf (COTS) equipment, a requirement formalized in the 1996 Clinger-Cohen Act. Another reason for the shift to COTS equipment for communications and computer technology was the speed of innovation in Silicon Valley. The need for ubiquitous security throughout our communications systems represented the third major reason.
There was an era when Blackberrys were the communication device of choice for the corporate world; these devices, unlike the recent iPhones and Androids, can provide cleartext of the communications to the phone’s owner (the corporation for whom the user works). Thus businesses favored Blackberrys.
But apps drive the phone business. With the introduction of iPhones and Androids, consumers voted with their hands. People don’t like to carry two devices, and users choose to use a single consumer device for all communications. We have moved to a world of BYOD (Bring Your Own Device). In some instances, e.g., jobs in certain government agencies, finance, and the Defense Industrial Base, the workplace can require that work communications occur only over approved devices. But such control is largely ineffective in most work situations. So instead of Research in Motion developing a large consumer user base, the company lost market share as employees forced businesses to accept their use of personal devices for corporate communications. Thus access to US intellectual property lies not only on corporate servers — which may or may not be well protected — but on millions of private communication devices.
Protecting US intellectual property is crucial for US economic and national security, and given BYOD — a social change that is here to stay — encrypted communications are necessary for national security. In a July 2015 Washington Post op-ed former DHS Secretary Michael Chertoff, former NSA Director Mike McConnell, and former Deputy Defense Secretary William Lynn concurred, observing that “Strategically, the interests of U.S. businesses are essential to protecting U.S. national security interest ... If the United States is to maintain its global role and influence, protecting business interests from massive economic espionage is essential.” They concluded that the security provided by encrypted communications was more important than the difficulties encryption present to law enforcement.
There are, after all, other ways of going after communications content than providing law enforcement with exceptional access to encrypted communications. These include using the existing vulnerabilities present in the apps and systems of the devices themselves. While such an approach makes investigations more expensive, this approach is a tradeoff enabling the vast majority of communications to be far more secure.
Exceptional access is dangerous. As my co-authors and I have described in our Keys under Doormats paper, proposals for law-enforcement “exceptional access” ignore the realities of current software. Getting software correct is very difficult. Thus, for example, when NSA tested CALEA-compliant switches, it discovered security problems with every implementation. Furthermore, exceptional access prevents the deployment of two extremely useful forms of security: forward secrecy and authenticated encryption.
At a time when nation-state espionage is heavily aimed at business communications — and these communications are often on personal devices — national security dictates that communications and communications devices be secured. And that means that policy facilitating the ubiquitous use of uncompromised strong encryption is in our national-security interest.