Besides my inherent (and supposedly diseased) desire to make a pun, this title also manifests one of the thoughts I’ve been entertaining for a while. As the only person that deals with technology in a few of my professional and personal circles, I invariably get questions and requests for “clarification” or “simplification” on most of the day’s tech-related news. While the ramped up so-called “Crypto War 2.0″ of Fall 2015 didn’t elicit many questions, the heated quarrel around encryption has been catching a lot more spotlight recently, with the Apple vs. FBI case. As I tried to explain the two sides of the debate, and specifically, my position supporting strong, backdoor-less encryption, what struck me as extremely odd was that I had heard (some) of the same type of arguments before, not just from activists fighting against any kind of “modified crypto”, but from gun enthusiasts. Let me show you what I mean. Think on the following soundbites:
“Just because some bad people use it for bad things, doesn’t mean that the rest of the population shouldn’t have access to it, because it’s about security and we are safer with than without it.”
“If the US imposes restrictions, bad actors can always just get around it by using illegal (or foreign-based legal) instances of it”
“Any change to the status-quo will lead to a slippery slope that will eventually end up with the government having complete control”
These are three of the most widely-used arguments in both conversations. A cursory search of the web will lead you to several recent, more or less well-written, articles that point out to a certain extent the parallels between guns and encryption. However, the actual context and logical reasoning of the two are truly discrete. An incursion that’s more than a shallow surface-level comparison into each can unearth differing levels of truth.
For instance the first argument can be disassembled easily by analyzing the primary goal of encryption and guns. The main point of encryption is to obscure from the rest of the world a particular nugget of data, to thus both insure your security and your privacy. Conversely, the main point of a gun is to inflict harm (even if used for self-defense). Furthermore, while the lawful use of a gun would either be for leisure, or for cases of self-defense (which one would hope are not high in number, since the United States is a country with strong law-enforcement), encryption is used on a daily basis for countless mundane tasks. That is to say encryption is crucial to a lot of different actions, like online banking or protection of private information and messages, whereas a normal person could go days, months or years without needing a gun.
The second argument would apply more to encrypted communications than to gun use, specifically because the two are dealing with different challenges from government. The latter is, in the case of the most popular reform action, simply a minimal change. It asks for expanding background checks, pushing the educational and mental health aspects, and by centralizing a master list of lawful gun owners and their guns’ serial numbers, nationwide. None of these “restrictions” would actually hurt lawful purchases of guns. When it comes to encryption, a legally-mandated modified-encryption device or communication channel exposes normal citizens and their information or conversations, while allowing bad actors to use foreign, un-compromised encrypted services.
The third point is closely related to the previous one. Let’s simplify the argument even more. Guns already have a series of regulations in place, somewhat restricting their sale and use. Thus, the “status quo” argument is somewhat faulty, in the case of guns, since the “further regulation” or “slippery slope” trope is now dealing in arbitrary and artificial limits that gun supporters can stomach. What makes the current level of background checks not a breach of Second Amendment rights, whereas a slightly increased level devolves into such a breach? When talking about encryption, we are dealing with a completely different status quo. It’s currently on the market in its un-modified form, with no regulation on its use. The argument of the US legislating any modification or mandating post-market golden keys would be a national and international precedent that would snowball into a very dangerous way.
I am, obviously, still unequivocally on the side of keeping encryption strong and intact (going against, it seems, advice from President Obama who chides this as an “absolutist” view). And I’ve always believed that one’s own position can only get stronger with intellectual honesty, rather than a swift and uncritical dismissal of fair critiques. However, simply admitting the similarities described above would not actually accomplish anything. That, followed by a a thorough demonstration (something with a bit more substance than what I put forward above) of how at their core the two usages of each argument are completely dissimilar, would illuminate the crypto conversation even more.
Of course, if mathematics and human nature were to allow a “secure backdoor” of any kind, one that would only be used by those authorized to do so, and only in those cases in which it would be crucial to thwart or apprehend criminals and terrorists, I think I would not be in the minority if I were to be in favor of it. However, given the current inescapable reality of mathematics, and the roughly 2,000+ years of human existence, that type of “secure backdoor” in that specific configuration is pure fiction. Nice, soothing fiction, but fiction nonetheless.