In a bizarre flashback to the 1990s, domestic restrictions on the use of encryption are being proposed once again.
Politico has reported that a National Security Council committee discussed last week whether to ban encryption without a mandatory backdoor for government access to plaintext. “Senior officials debated whether to ask Congress to effectively outlaw end-to-end encryption, which scrambles data so that only its sender and recipient can read it,” the article said.
The best way to read this report is that it represents the latest extrusion of the permanent cadre of law enforcement and national security bureaucrats who have never abandoned their efforts, underway for over 20 years, to allow U.S. government agencies to break or bypass encryption embedded in hardware and software products.
The last time this extra-constitutional campaign against encryption kicked off was during the George W. Bush administration, in mid-2008, when FBI officials briefed Senate Intelligence committee members on what they called the “Going Dark” problem. This campaign continued without apparent interruption during the Barack Obama administration, when the FBI asked all field offices in 2009 for anecdotal information about cases in which “investigations have been negatively impacted” by encryption. By 2012, as I disclosed in an article at the time, the FBI had drafted a proposed law to force tech companies to build in backdoors and was asking the companies not to oppose it. That legislation was never publicly introduced.
Details on the latest discussions are nonexistent, as Politico delicately acknowledged (they were “unable to determine what participating agency leaders said during the meeting”). But anti-crypto legislation has been introduced in the past.
In 1997, after lobbying by law enforcement and intelligence agencies, one House of Representatives committee actually voted for mandatory backdoors. The committee’s rewritten version of the bill, H.R. 695, said: “After January 31, 2000, it shall be unlawful for any person to manufacture for distribution, distribute, or import encryption products intended for sale or use in the United States, unless that product includes features or functions that provide an immediate access to plaintext capability” in response to a court order. The plaintext must be able to be acquired, the legislation said, “without the knowledge or cooperation of the person being investigated.”
Industry efforts killed this version, and it was not taken up by the full House of Representatives. But let’s review for emphasis. Elected members of Congress actually wanted to imprison American citizens (and permanently take away related liberties like the right to own firearms, as the U.S. Court of Appeals for the 7th Circuit recently reminded us) for allowing other Americans to communicate privately. A lawyer, working as legislative counsel, actually agreed to undertake the task of drafting language. And a committee of the U.S. Congress actually voted for it.
In a constitutional republic, this is properly seen as risible. Police may be granted the authority, through legal processes, and within reasonable limits, to search our possessions. But they are not guaranteed success. We are not required to speak only in languages that senior FBI officials prefer. We are not required to talk only in locations where police can readily eavesdrop. As John Gilmore, the libertarian co-founder of the Electronic Frontier Foundation, pointed out during the 1990s crypto wars, the patriots fighting the American Revolution were able to enjoy perfect privacy by rowing to the middle of Boston Harbor. (Encryption wasn’t unknown to those revolutionaries either.)
Based on the Politico report, last week’s meeting is the continuation of efforts by federal agencies that now qualify as multi-generational. It can be traced back to when the National Security Agency convinced IBM to use a shorter, easier-to-crack key length for the DES encryption algorithm in the 1970s, and continues through the National Security Agency’s efforts, disclosed by Edward Snowden, to weaken encryption algorithms today. This is what detractors might call the “deep state,” the unseen government within the government that does not change with elections, which outlasts individual politicians and department heads.
In other words, this is no Trump administration-specific plan. But the danger is that it could become one.
If there’s a terrorist attack with mass casualties, and encryption is reported to have been involved, look for a renewed push for domestic restrictions on encryption without backdoors. Technology companies will complain, of course, but in a political environment where the executive branch has turned against Silicon Valley because of its increasing bias against conservatives—a White House summit on that topic is planned for July 11—would anyone expect the president to listen?