Szabo 1

David Szabo
CST 300 Writing Lab
February 22, 2020

Should American Citizens Have Access to Strong Encryption?

Encryption is the process by which data is obfuscated with the intent that it only be

viewable by specific people or groups. This is accomplished by means as simple as a letter shift

(D translates to A, E to B, etc) or far more complex mathematical processes. Most uses of

encryption before the modern era were relegated to military endeavors such as the famous Caesar

Cypher (attributed to Julius Caesar) or the German Enigma Machine of World War II, the

information age has not only ushered in a seismic shift in how personal information is available

and needs to be protected.

Medical data that was once a paper file full of one’s most intimate health concerns is now

available to access with a phone. Sensitive and potentially damaging information such as our

social security number, credit cards and a myriad of other personal vectors are stored on the

servers of commercial entities such as Amazon, Google, Intuit, etc. If this information is so

easily obtained by the person attached to it, how do we stop someone with ill intent from doing

the same? Encryption has become standard in the majority of electronic communications. Even

web traffic without any personally identifiable information (PII) is encrypted now on most major

sites. The current ecommerce boom would simply not be possible without strong encryption

being available to anyone wishing to buy online.

Since the 1990s, the US Federal Government has been waging war against strong

encryption being available in any form to US citizens, even going so far as classifying such

software as a munition, such as the case of Phil Zimmerman author of PGP (Stay, 2012). While
 Szabo 2

this case ended up as a loss for the government, the attempt to prevent the sale of products with

public sector encryption didn’t end there. An attempt to incentivize the use of an government

created alternative in the form of the Clipper Chip, which used a new NSA encryption algorithm

named Skipjack, was backed all the way to Whitehouse and championed by then vice president

Al Gore (Froomkin, 1996). The chip itself was sold on the promise of providing strong

encryption to consumers while the government itself would keep a copy of each such chips

decryption key in escrow, only to access it if necessary. This alone was unpopular both with the

public and the encryption community at large, but the revelation that the chip itself had

fundamental security flaws doomed it to failure.

The government has been trying to enact legislation mandating companies to adopt a

backdoor in their encryption or a “golden key”, under the aegis that it is to protect the innocent

from predation, prevent terrorist attacks and assist in the prosecution of crime. While there are

existing mass data gathering programs, namely PRISM, the majority deal with the acquisition of

data, not breaking of encryption. Thus, a government backdoor could potentially aid in the

prevention of terrorist attacks and stop large scale crime rings.

Many companies that provide consumer encryption contend that any backdoor would not

be something only the government could exploit. Any intentional weakening of the underlying

cryptographic algorithms or software bypass that allowed access without the decryption or

private key is an inherent flaw in the software. Given the existing flaws in all software, would

adding some intentionally be safe? Additionally, the major purveyors of encryption are already

working with the FBI and other agencies to assist in their stated goals insofar as finding and

prosecuting criminals.
 Szabo 3

The federal government argues that any impediment to finding criminals before they

commit crimes, or in the prosecution of those who have already done so, is dangerous. While this

has been an imperative since the formation of centralized governments in antiquity, it is far more

applicable in the information age when communication options are numerous are ubiquitous. It

came far more sharply into focus for the United States post 9/11. While there was a wealth of

data showing the potential threats of the hijackers, it was spread across disparate agencies who

had a history of not communicating with each other (Johnston, 2003). Critical data that could

have saved lives languished in the hands of the FBI and CIA separately, where neither could see

the complete picture due to lack of intra-agency cooperation. This new-found clarity spawned the

Department of Homeland Security (DHS) and Transportation Security Administration (TSA) and

later a mass surveillance program known as PRISM. The scope of government surveillance since

9/11 is far too large to discuss here as most of what the public at large knows is due to the

Edward Snowden leaks in 2013, and encompass far more programs than just PRISM.

The primary support for this are claims of policy connected to claims of cause. “The

government needs to a backdoor” (policy) “to stop terrorism” (cause) or “to catch child

predators” (cause). There is an unspoken claim of value since these are both considered bad

actions in our culture. The purported claims all appear to be logical since stopping terrorist

attacks and criminal enterprises are both net positives.

While the goals are laudable, there is limited proof of their efficacy. Any operation that

catches a terrorist plot is by nature classified and will either never be known by the public at

large or be shrouded in mystery. Catching child molesters and organized criminal enterprises

tends to be more high profile and we see a much larger swath of the particular tactics used.
 Szabo 4

If the government was suddenly faced with a surge of completely unassailable encryption

that was widely available and easy to use, they claim the prevention of crime and apprehension

of criminals would be much harder. Should the government by allowed to mandate weak

encryption to protect the nation?

The American public has a vested interest in securing their privacy, be it from an overly

intrusive government violating at least the spirit of the 4th amendment, or nefarious actors both

foreign and domestic who wish to harm them. The rampant rise in cybercrime in the 21st century

has clearly shown that no information is safe without good security. Identity theft was already

widespread before the Equifax breach of 2017 (St. John, 2017), but that theft of the credit history

of every American citizen, along with a panoply of other such breaches, has shown quite clearly

that nobody is safe. Despite the opening of this proverbial Pandora’s Box, we still have tools at

our disposal to protect ourselves in the form of strong encryption.

As support would be claims of policy and value. “I have the right to protect my personal

information from misuse” (value) “as outlined by the 4th amendment” (policy). Since we are all

presumed innocent until proven guilty (Coffin v. United States, 1895), any governmental action

to collect private data on a citizen not being specifically investigated for a crime is in violation of

the 4th amendment. There does not appear to be a logical fallacy since there is no concerted effort

to prevent the government from performing lawful surveillance.

If the government is able to convince or coerce companies to install backdoors, what little

safety we have online may well be gone. As stated by Tim Cook, CEO of Apple, in an interview

with ABC in 2016, “Our smartphones are loaded with our intimate conversations, our financial

data, our health records. They're also loaded with the location of our kids in many cases. It's not
 Szabo 5

just about privacy, it's also about public safety. No one would want a master key built that would

turn hundreds of millions of locks ... that key could be stolen” (Wagner, 2016).

Should the US government be allowed to mandate that publicly available encryption have

a backdoor that only they can access?

Moral Universalism is attributed to Plato and a cornerstone in his vision of utopia or the

ideal state. It is meant to be an analog to his view of humans, divided into a three-part structure

based on appetite (workers), spirit (warriors) and reason (rulers). He viewed a single decisive

source of power in the form of a wise philosopher-king to be superior to any other form of

government, due to his “soul of gold”. He posited that every form that sprung from this was

corrupted, with more power being diffused into less able or moral hands. Democracy and finally

the tyrant it elevates when the people feel powerless are the lowest forms. Our society most

closely resembles his favored style of governance, aristocracy, despite the notable lack of any

true royalty involved (Brown, 2017). The presumption being that people who rule are there

because they are fit to do so through some sort of innate “gold” quality and rigorous education.

While these aren’t evident in modern politics, it was at least the ideal at the founding.

The government states that (a) it is will make every effort to protect the citizenry from

harm (b) will not abuse access to information about innocent citizens and (c) strong encryption

without government safeguards weakens their ability to protect us. Since it is the not only the

legal source of crime prevention and apprehension (FBI, CIA, police, etc.) but also has the moral

high ground in these areas, it is logical to assume that they would be best able to handle the task.

Additionally, they already have the infrastructure to gather this massive amount of information,

both relevant and collateral, so being able to decrypt it in a lawful fashion does nothing but aid

them in these tasks.

 Szabo 6

If the government were to lose the ability to freely access this information, it is possible

that terrorist plots would be able to occur with greater regularity, and criminal enterprises would

be able to continue breaking the law. They have already seen roadblocks in investigating terrorist

attacks such as the San Bernardino massacre in 2015 or Pensacola naval base in 2019. In both

cases, strong encryption on Apple devices have prevented them from directly accessing phones

potentially used in the planning of these crimes.

The creator of utilitarianism, Jeremy Bentham, stated “it is the greatest happiness of the

greatest number that is the measure of right and wrong” (Crimmins, 2019). Maximizing

happiness and well-being for the largest number of people while minimizing unhappiness and/or

hurt is the most moral course of action. A law, while seemingly just in its intent (catching

criminals) can become unjust when it is applied indiscriminately (mass surveillance). The value

of the former is superseded by the damage inflicted on the latter.

Retaining access to strong encryption allows people security in many aspects of their

lives. Companies providing services that use these such as commerce, medical, insurance or any

with potentially damaging personally identifiable information offer a layer of protection if how

they transmit said data is strongly encrypted. If whatever data they store is also similarly

protected, the value of encryption rises dramatically with numerous high-profile data breaches in

the past 5 years. On the personal front, being able to securely store personal information “in the

cloud” without fear of it being either intercepted in transit or easily used if successfully taken, is

a necessity.

The government’s imperative to “stop terrorism” or “catch predators” are noble goals, but

not if their utility is so wildly imbalanced. Stopping a handful of criminals or even thousands is

greatly outweighed in utility by the harm done to hundreds of millions of innocent people who
 Szabo 7

are already being watched without cause (which is beyond the scope of this issue). Additionally,

most of the major purveyors of strong encryption either in data transmission (Amazon, Google)

or storage (Apple) already cooperate fully with law enforcement enacting lawful warrants.

Google has been very cooperative, engaging in “geofencing warrants” (Welty, 2019) or “digital

dragnets”, offering up the information of thousands of users in the areas of a crime. While that

itself is against utilitarian ethos, it is far less harmful than the entire citizenry being constantly

surveilled.

If the American people and the companies whose services they employ lose access to

strong encryption, the rates of identity theft and massive breaches will expand greatly. Most such

events are currently due to finding flaws in existing frameworks such as unpatched web servers

or poorly managed contractor accounts. If there is an intentional weakening of the encryption

that protects our online lives, exploits will be found. Even if the assumption is that the backdoor

will be in the form of a key escrow where the keys are securely stored on government servers,

not only has the government shown that it is unwilling to adhere to the bill of rights when it

comes to mass surveillance but they have a long history of poor digital operational security. All

it would take is one unprincipled employee or contractor and the proverbial keys to the kingdom

would be stolen.

I don’t trust the government to (a) properly manage and secure a key escrow and/or (b)

mandate a secure backdoor for existing encryption nor (c) resist abusing the system. Mass

surveillance such as PRISM and the other much less well-known systems (“NSA Surveillance”,

n.d.) have shown that they simply do not have our best interest at heart. While the party line is

that it’s to stop bad guys or “protect children”, the latter being a veil for some of the more

intrusive anti-privacy legislation, I don’t honestly know the end goal. And that’s worrisome since
 Szabo 8

other than some toothless saber rattling from congress, nothing has been done to slow down

these programs. Nor has any actual proof been released to show their efficacy in stopping or

prosecuting crimes.

I align myself with the utilitarian goals of the American citizens. The potential good of

these efforts appear minimal at best to at most a couple thousand people whereas the harm could

well be catastrophic to the entire populace.

The best solution I can see at this point would be to continue on our current course. The

companies responsible for most of the encrypted traffic on the Internet already cooperate with

law enforcement and can already be compelled to do so in a way that is completely invisible to

the public, via the issuing of a National Security Letter from a FISA court. While I don’t like that

angle at all, Amazon, Apple and Google are not going to risk their standing with the US

government and refuse to release data.

As for everyday citizens using encryption in their own lives, that is the price of freedom.

saying hateful, horrible words is completely legal so long as no direct threat or inciting of

violence is present. I find it vile, but is any amount of restriction of free speech safe? The same

goes for encryption. A minority will use it for bad ends, but does that mean we should violate the

4th amendment for the entire country?

 Szabo 9

References

Brown, E. (2017, September 12), Plato’s ethics and politics in The Republic. Stanford

Encyclopedia of Philosophy. Retrieved from https://plato.stanford.edu/entries/plato-

ethics-politics

Coffin v. United States, 156 U.S. 432 (1895)

Crimmins, J.E. (2019, January 28), Jeremy Bentham. Stanford Encyclopedia of Philosophy.

Retrieved from https://plato.stanford.edu/entries/bentham

Froomkin, A.M. (1996), It came from planet clipper: the battle over cryptographic key "escrow".

Retrieved from http://osaka.law.miami.edu/~froomkin/articles/clipper.htm

Johnston, D. (2003, July 24), 9/11 congressional report faults F.B.I.-C.I.A. lapses. New York

Times. Retrieved from https://www.nytimes.com

NSA Surveillance (n.d.). Retrieved from https://www.aclu.org/issues/national-security/privacy-

and-surveillance/nsa-surveillance

St. John, A. (2017, September 21), Equifax data breach: what consumers need to know.

Retrieved from https://www.consumerreports.org/privacy/what-consumers-need-to-

know-about-the-equifax-data-breach

Stay, R. (2012, March), Cryptic controversy: U.S. government restrictions on cryptography

exports and the plight of Philip Zimmermann. Georgia State University Law Review.

Retrieved from

https://readingroom.law.gsu.edu/cgi/viewcontent.cgi?article=2264&context=gsulr
 Szabo 10

Wagner, L. (2016, February 24), Apple CEO Tim Cook: backdoor to iPhones would be software

equivalent of cancer. Retrieved from https://www.npr.org/sections/thetwo-

way/2016/02/24/468016377/apple-ceo-tim-cook-back-door-to-iphones-would-be-

software-equivalent-of-cancer

Welty, J. (2019, July 30). Geofencing warrants. North Carolina Criminal Law. Retrieved from

https://nccriminallaw.sog.unc.edu/geofencing-warrants