echo ''

Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Sorry Mr. Cameron. Encryption Backdoors are Still Not the Answer.

January 16, 2015

At 8:00am, September 11, 2001, I met with the White House Deputy Chief of Staff to finalize 9/12 Oval Office briefing materials that outlined dramatic steps to strengthen individual privacy protections.

That briefing obviously never happened.

In the coming days, I had the honor of working alongside men and women who bravely and decisively took action to defend our country in response to the tragic events of 9/11. I was also at the table during the first debates over legislation that was to become the Patriot Act.

I saw firsthand how the urge to take quick action can push reasonable people to make decisions with massive unintended consequences. In this case, Government needlessly sacrificed personal liberty in the name law enforcement and national security. It can happen so quickly.

I worry that history is about to repeat itself. In the wake of ongoing, massive hacks on Sony and daily stories of terrorists using secure communication to plot attacks, cybersecurity is no longer an abstract concept;  it has been made very real for people. And once again, our governments face the urge to act quickly and decisively.

This morning, Virtru along with several US security companies met with David Cameron just a few days after his threat to shutdown WhatsApp and Snapchat in the UK if British intelligence isn’t granted carte-blanche access to these platforms. Cameron’s and NSA Director Adm. Roger’s impulse to do something is  understandable. Governments have adopted a “war footing” against terrorism since 9/11 and the ability to “blanket decrypt” all communications is still seen as the best way to fight our wars and gather intelligence.

Yet degrading encryption and requiring a carte-blanche backdoor to every messaging medium is not the answer for free societies. Smarter regulations make sense, updated requirements for warrants make sense, but throwing out individual freedom in the name of greater “security” is not an option we should accept.

The US has the 4th Amendment and the UK has the Criminal Evidence Act and the Human Right Acts. Both countries have codified ways for authorities to gather data given reasonable suspicion and judicial assent. What we don’t need to return to is the use of general warrants granting governments unrestricted access without any oversight.

The ability to listen to all conversations and decrypt everyone’s messages should immediately uncover terrorist suspects, but, in reality, the evidence is mixed. Last year’s study from the New America Foundation found that surveillance played a surprisingly minor role in identifying terrorism suspects versus the use of informants. Mass surveillance creates a massive burden on the intelligence community to analyze petabytes of information every day, it isn’t effective in identifying terrorism plots, and it throws out any notion of an individual’s right to privacy.

Western democracies are stronger because we place an emphasis on individual freedom and because we stand by this commitment even in the face of threats. We don’t limit individual freedom because a small handful of bad actors may abuse this freedom to launch attacks.

No one wants to see more terrorist attacks. And no one wants to live in a society where the freedom of expression and the right to privacy has been sacrificed in the name of security. Society needs to come to terms with the fact that our right to privacy comes with a built-in paradox. If we sacrifice our right to privacy in an effort to defend our free society we destroy our free society.