This week, the Senate Judiciary Committee will hold a hearing examining a Groundhog Day issue in internet policy: Should the government require tech companies to redesign their systems so that government agents can access encrypted communications and data? Little about the hearing is available at this writing, but its title is “Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy.” That is an invitation to balanced analysis, which can be enlightened by consideration of benefits and costs, as well as other concepts in risk management.

The model in the US for mandating that a communications product be designed conveniently for law enforcement is CALEA, the Communications Assistance to Law Enforcement Act. That law, passed in 1994, requires centralized telecommunications carriers and manufacturers to make their services and equipment amenable to wiretapping.

CALEA reflects the technology of the times. In the 1990s,
there were a small number of channels over which wrongdoers could communicate
long distance. Having access to the nation’s communications bottlenecks could
provide genuine and lasting law enforcement benefits.

But communications technology has changed, and criminals are
not static actors. Communications travel across the wide-open internet now, on
varied and variable routes, and in a variety of formats, including bespoke
options. Internet service providers and backbone providers do not stand in the
same all-seeing position that phone companies stand to the content crossing
their systems.

Were there to be a reduction in the quality of communications
encryption provided by US tech companies, the adept criminals and terrorists —
arguably the ones we should most worry about — would move to encrypted
communications platforms offered in other countries or to nonproprietary, fully-encrypted
communications techniques. In other words, this is a low-benefit proposition. Mandating
weakened encryption systems would immediately move some bad actors off of
US-regulated systems. A continuing exodus would produce less and less law enforcement
benefit over time.

As to cost: It’s been called “dogmatic” to say, but it’s incontrovertible
that modifying encryption systems to allow third-party access reduces the
security of those systems. Proposals for opening encrypted systems to
third-party access vary, but the common questions include: Who should hold
decryption keys — the government, the company providing the service, or both? And
what rules and processes should dictate their use? Third parties can lose
control of decryption keys or suffer corruption and mismanagement. These risks
simply don’t exist when keys are held only by the parties to a communication.

Is it worth embracing those risks so that law enforcement might
have some more material to use in its investigatory work? The scale of today’s
technology systems makes the law enforcement case very hard. Simply put, the
vast, vast majority of technology users are law-abiding. Weakening the systems
they use exposes them to risks of loss and harm that are almost always going to
be greater than the risks and harms prevented or punished by such weakening.

A real-world analogy might help illustrate: If Congress
required every American home to be retrofitted with a special door for law enforcement
access, would it make us safer? Regulations could say that the door itself, the
hinges, and frame are supposed to be of a required strength. Keys to the door
could be stored at police agencies or town halls according to sharply
prescribed rules. Rules about access to the keys could be equally rigid. But
every American’s home would still have an additional opening that could be
compromised a variety of ways.

Economists summarize the action of markets using things such
as supply and demand curves. Millions of actors making billions of economic
decisions become one or two lines on a graph. Security also involves millions
of actors making decisions about millions of different problems. To name just a
few security techniques: refrigerating food, patching roofs, taking antibiotics,
seat belts, armed guards, and encrypted communications.

To think about amending security systems in gross, imagine that
the status quo in security measures — everything listed above and much more — were
depicted spatially as an area on a two-dimensional grid. Let’s say every one of
the 330 million people in the United States had one square foot of security.
That would be 330,000,000 square feet of total security.

Now, to protect victims of acute crimes and punish
wrongdoers, a rule is made that lowers the security of the general population
by just 1/32 of a square inch. Just as adding a door to a house reduces
security by a small margin, reducing the quality of the encryption systems everyone
uses to facilitate law enforcement access reduces everyone’s security. If everyone
has 11 and 31/32 square inches of security, that’s about 328,283,488 square
feet of security — about 1.7 million fewer square feet of security society-wide.
It’s the equivalent of bringing the security of 1.7 million people to zero.

There might be a few real deaths from such a policy, but the
statistical ones would mostly manifest themselves across a large swath of the
population as identity frauds and other scams, stolen data, lost business
opportunities, forgone communications, altered or destroyed medical records, money
spent mitigating data loss, and manifold other reductions in welfare. Such
costs would include unwanted access to business and political leaders’
otherwise private communications, threatening national and economic security
interests that people advocating against good encryption often claim to defend.
If the cost of our rule against strong encryption is a reduction of each
person’s square foot of security by 1/32 of a square inch, it has to do the statistical
equivalent of saving 1.7 million people from death to be a winner for society.
Weakening the encryption used by everybody has to save a HUGE number of
exploited children or stop a LOT of terrorism to be cost justified.

The theoretical reduction in security from lower-quality encryption may be smaller than 1/32 of an inch on a square-foot grid. But the affected community is actually much larger than the population of the United States. It numbers in the billions. The vast majority of encryption users worldwide are law-abiding, honest citizens of their respective countries, just like most Americans. Lowering the security of all is very costly, even if that results in greater security for a small number of highly sympathetic people against highly repugnant crimes. What is on illustration here is a methodology, better than the somewhat hashed analytical framework offered by Attorney General William Barr back in July, for weighing the costs and necessary benefits of weakening encryption. Balancing the interests at stake in a debate like this is always difficult. But our sympathies for the victims of crime and appreciation of the work of law enforcement should not obscure what I think a sound methodology reveals: Weakened encryption is bad security.

The post Weakened encryption is bad security appeared first on American Enterprise Institute – AEI.