A debate, going on in the quasi-private and well-catered halls of government-corporate collusion, has reached the post-smoldering stage. It’s now a virtual forest fire in full public view.
It pits government spies against corporate cannibals and is about the often misunderstood and somewhat tedious issue of encryption.
Like so many “raging debates” among the powerful, this one is more important to most of us not for what is being said but what is assumed.
To believe the corporate PR releases (and some media reports), the two sides are debating the balance between protecting our rights and protecting our lives. [2]. In fact, the debate is more about how to effectively manage spying: the government says it wants companies to give it the codes to crack all encryption while the companies are devising ways to make sure the government has a court order, or inter-agency collaboration, before doing that.
Nobody is saying the obvious: cracking encryption to steal data is unconstitutional and illegal and this debate is taking place at a moment when massive movements of protest are convering the streets of our cities organized through social media and cell-phone communications. In a sense, this is the fight over how they’ll cross the line we can’t let them cross.
The term “encryption” is now ubiquitous. Most of us have heard it, many understand it in principle but few know much about.
Encryption, used for a very long time in secret communications, is the substitution of the letters and numbers in a message with other letters, numbers and symbols. That substitution “scrambles” the message making it impossible to read and appearing to be nonsense. You then use a “key” that relates every letter and number you’re seeing to a real letter or number. When the key is applied, the intended message is readable.
That’s how it works in war and espionage, on radios and pieces of paper. On computers, the key that you use can be very large and the scrambling can be insanely complex and multi-tiered.
If you use encrypted email, for example, people can’t read your email without the key or without going through an enormous and lengthy process of expert decryption. Your data is not absolutely protected but it’s extremely hard to read and very time-consuming to decipher.
Most people don’t encrypt their email. In fact, gmail users will find it extremely difficult to use encryption because Google, other popular providers too, make it tough. This pleases the government because it is now collecting all data flowing across the Internet and is using powerful software to analyze that data, identify “suspect” content (applying a list of thousands of “trigger words” to the message content) and pulling data sent by individuals on their watch-lists. It’s a spy’s orgy.
Message encryption puts a damper on their party by making what the government collects unreadable and useless. So, with good reason, the NSA and other spy agencies hate it.
Their reaction has become frantic with the spread of cell-phone technology. For a very long time, cell phones, now the most popular communications technology in the world, were sold without any encryption software and, since the great majority of users don’t even think to encrypt the data they transmit, the cell was a spy’s dream come true.
The problem now, however, is that companies like Google or some of the cellphone manufacturers are becoming concerned about the mass data capture, feeling discomfort about being spied on themselves and concerned about being the subject of mass citizens’ action. The huge success of the Net Neutrality campaign, a grass roots effort that wasn’t given a chance two years ago, has had a sobering effect on much of the tech elite.
So, earlier this year, Apple began encrypting the data on its market-dominating iPhone [3]. Soon after, other companies began doing the same, particularly those serving the Android market. It’s only a matter of time before the entire industry makes encryption automatic and this encryption requires no real user involvement: it all happens automatically between two devices and nobody else can see what’s being sent or stored.
That’s the debate. The government people, mainly the NSA, FBI and some in Congress, believe that corporations should provide the investigators with a key to crack all encryption on their cellphones and other communications devices: a kind of Internet Rosetta Stone. That would mean that all companies would use one common encryption scheme with a built-in “backdoor” so that, with the magic key, all encryption disappears. They claim they need that access to foil crimes, terrorism and all varieties of nefarious conduct.
The corporations are pushing back. “We don’t know how to build a trap door in these systems, which is only available to the good guys,” says Google Executive Chairman Eric Schmidt. “If we put a trap door in our system, first we would have to disclose it, because people would find out anyway, and second, some evil person, in addition to the good guys, would figure out a way to get in it. And I think the whole trust of this model is really broken.”
Instead, the companies say encryption keycodes should be withheld from the government without court order or should be “distributed” — a system under which several government agencies would each have a piece of the key code and would need a court-ordered collaboration to unlock the encryption code.
That’s the argument and it’s an important one because the NSA will soon develop regulations about cell-phone encryption and the Congress might actually start passing laws. Once that happens, the companies are going to fold.
So important is this debate that the White House has sponsored special conferences on the issue [4], including one at Stanford University earlier this year.
“…this is a public conversation that we should end up having,” President Obama said after that Stanford conference. “I lean probably further in the direction of strong encryption than some do inside of law enforcement. But I am sympathetic to law enforcement because I know the kind of pressure they’re under to keep us safe. And it’s not as black and white as it’s sometimes portrayed.”
That depends on what black and white you’re reading because if you read the black and white letters of the Constitution, you can easily identify the position that’s missing in this debate.
Both the First and Fourth Amendments to the Constitution make absolutely clear that the government cannot do mass data capture. There is no fuzziness about that in the document’s wording. Data from citizens can only be captured with a court-approved search warrant and then only when the object of the data seizure is specifically described in the warrant.
But as whistle-blower Edward Snowden and a bunch of other techies who’ve “blown the whistle” on government spying have told us, our government pays no attention to any of that. Tapping computer network and Internet connections, servers and cell-phone text and data connections, the NSA and cooperating agencies simply take everything. They gobble up every single message you send, if they can, and then sift through it to determine whether they should be storing and analyzing it. After first lying, NSA officials have now admitted that this is the case.
Privacy, the constitutional principle written to protect movements and citizen organizing (among other things), has been washed down the legal drain.
The only protection we have is to encrypt what we send and constitutionally we have an absolute right to do so. But that argument is missing in this debate.
Instead, this debate is about how companies can best protect themselves against citizens’ rage. If they require a court order for decryption of cellphones and computers, they can then turn shrug and plead helplessness when activists confront them about it. This is precisely what Google officials do when confronted about their massive turnover of data. They simply argue that the government has issued them thousands of National Security Letters — legally-binding documents that require no court action, demand information, must be obeyed and can’t even be disclosed in public.
What the companies are really saying is that they want public relations cover when they collude with government spies.
On the other hand, some companies are now arguing that the demand for decryption should come from more than one agency. They envision distributing partial keys to various agencies which would only work when those agencies put them together. This bizarre form of “protection” would easily be defeated by government agencies working together, which they already do. That doesn’t protect us; it just makes the government more efficient and coordinated in its spying on us.
The NSA and FBI position — the universal special key or “backdoor” alternative — is a horror story of even greater dimensions. It would force a uniformity in encryption code which would seem to defeat the whole idea — encryption works because it’s not uniform. But that wouldn’t matter because, if they have this key, there is no encryption.
While there is certainly crime and terror in the world, there is absolutely no evidence that any terrorist attack has been thwarted by data-capture. Terrorists know they are being watched; only the most naive would use the Internet to make their plans. As for other crimes, we have laws and law-enforcement agencies to do that work. We don’t need spying, and we certainly can’t tolerate it domestically where it is clearly in violation of the law.
But this may not be about crime and terror at all. In 2011 when activists in San Francisco planned protests over the police shooting of a handcuffed and subdued man named Charles Blair Hill in the BART subway system, BART officials simply shut off all cell phone service [5] in several of their stations. They effectively close down the protests by doing that.
If the government can easily capture all cellphone data in this country, how much information would it have about the many protests, campaigns and actions that social justice organizers plan and lead? Put another way: Why are they debating this now, a time in which massive actions are taking place against police misconduct, the denial of water, housing and minimum wage and working conditions? All of these actions depend on the use of cell-phone communications for organizing and mobilizing. With encryption, the people who know about these plans would be the people doing the planning…and not some police or spy intent on stopping or manipulating the protests.
That’s important context that some might call over-reacting speculation. But the bottom line is that encryption is in place, in part, to prevent the government from reading what we’re writing. Activists don’t need much of an explanation about why that’s necessary. It’s written in the Constitution which, in this debate, has been shredded like an NSA memo.
Alfredo Lopez writes about technology issues for This Can’t Be Happening!