Security v. safety: What cops should know about the encryption war
Should individuals be permitted to have a lock that no one but the owner may open?
The ongoing dust-up about encryption on personal electronic devices summarizes a much older argument. Which is better: security or safety?
Benjamin Franklin said, “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” That quote from Reply to the Governor in 1755 has been paraphrased many times. People who borrow it are usually protesting what they feel is an overreach of power by the government, one that erodes personal privacy or limits individual freedom.
The encryption war is centered around a basic argument: should individuals be permitted to have a lock that no one but the owner may open?
Privacy for All?
Data encryption has been around almost as long as there has been data. For thousands of years, spies and military leaders have used codes to encrypt their messages so they could not be read if they were intercepted by the enemy. These codes were usually limited to relatively small amounts of information, as encoding and decoding the messages was a labor- and time-intensive process.
Modern data encryption conceals vast amounts of information, and requires considerably less effort. Hard disk drives with capacities of five terabytes can be had for less than $150. That’s enough for 50 million average-size books, or a somewhat greater number of images of child pornography, or of bomb construction diagrams. All of that can be encrypted with free software that law enforcement can’t crack.
Personal freedom advocates insist that citizens should be able to keep any information they like from government intrusion. Law enforcement counters that uncrackable encryption makes life easy for pedophiles, drug merchants, terrorists, and other criminals.
The typical citizen isn’t hiding the rendezvous information for a clandestine dope deal or the financial records for al-Qaeda. They might be far more concerned with third-party viewing of an intimate photo or video stored on their smartphone, or about revelation of their obsession with erotic Star Trek fan fiction (yes, there is such a thing). Discovery of these things wouldn’t get them in trouble with the law, but it would be embarrassing and harmful to their personal and professional reputations. I think most of us have some hidden aspect of our personalities that we would prefer stay hidden.
This sort of fear is aggravated when they read a story of some law enforcement type who finds a titillating photo on the smartphone of someone they arrested, and shares it with their colleagues for a good laugh. It has nothing to do with the arrest or the charges brought against the owner of the phone. The cop just thought it would be fun to show that picture around.
Stories like this proliferate, and thanks to the memory of the internet, are easily retrievable years later. When an investigative agency applies to a court to compel the owner of a data storage device to give up their password, defense counsel is going to be armed with one or more of those stories of how the police can’t be trusted to use that data solely for legitimate law enforcement purposes.
Federal law enforcement and intelligence agencies are currently railing against software authors who produce encryption programs. They insist that the coders include a “back door” by which the government can bypass the password and gain access to data that is locked by the software. If they succeed, it will be illegal to make, distribute, or use encryption software that didn’t meet the government’s requirements. Even if your encrypted data was benign, merely locking it against intrusion would be a crime.
This is a sword that doesn’t just cut both ways, but in many directions at one time. The transactions of the small-time drug dealer would be secure, as would the sexy photos of the guy with a traffic warrant, and deployment plans for a massive biological warfare attack. The encryption software has no discretion for what data it secures.
The local and state cops who comprise most of the people reading this aren’t going to have much of a voice in the outcome of the debate, but you can have some influence. Unless it pertains directly to a criminal investigation, delving into and disclosing data belonging to a citizen is just wrong. It’s a breach of the public trust.
Cops see people at some of the worst moments of their lives. The authority that law enforcement has carries an implicit promise that what they see and hear will not be disclosed further unless there is a compelling reason to do it. Violating that trust for one’s personal amusement is anything but a compelling reason. If you know of someone who is doing this, remind them that their fun can wind up having a grave impact on the ability of law enforcement to keep people safe.