Nearly 200 computer security experts, open-Internet organizations, human-rights groups, and tech companies have penned a letter to world leaders asking them to embrace unbreakable encryption as a technological and political priority.
“The ability to freely develop and use encryption provides the cornerstone for today’s global economy,” reads the global coalition’s letter. “Economic growth in the digital age is powered by the ability to trust and authenticate our interactions and communicate and conduct business securely, both within and across borders.”
The letter, signed by people and groups in 42 countries, represents the most ambitious effort yet to stem a rising tide of anti-encryption rhetoric and policies across the globe. After a year of terrorist attacks conducted or inspired by the Islamic State, many Western governments—concerned that jihadists are using encryption to hide their planning—are considering proposals to guarantee their investigators access to tech companies’ encrypted products.
“It was exactly this sort of effort that moved policymakers in the 1990s, and I think everyone involved agrees that we avoided a trap at that time.”
The Obama administration considered and rejected several technical schemes for this purpose, including a requirement that tech companies build “backdoors” into their encryption for law enforcement and intelligence officials. A bill under consideration in the British Parliament could give U.K. officials the authority to mandate backdoors by imposing requirements for how companies can design their products.
Beyond the West, other countries are toying with the idea of backdoor mandates or other anti-encryption measures. India pulled a draft proposal that appeared to mandate backdoors after public outcry, and China recently adopted a counterterrorism law that experts worry could give Beijing the authority to demand workarounds in commercial encryption.
The coalition letter pushes world leaders to reject these technical mandates and support “strong encryption,” the informal term for a level of security that even tech companies themselves cannot break.
“Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type,” reads the first of the letter’s principles.
“Governments should not mandate the design or implementation of ‘backdoors’ or vulnerabilities into tools, technologies, or services,” reads the second principle.
High-profile signatories include large trade groups like the Computer and Communications Industry Association (CCIA) and the Internet Association; prominent security researchers like Matt Blaze and Matthew Green; and major civil liberties organizations like the American Civil Liberties Union, the Electronic Frontier Foundation, and Human Rights Watch.
Adam Segal, a cyber policy expert at the Council on Foreign Relations, said he was “pretty skeptical” that the letter would significantly shift the encryption debate in closed societies like China and Russia, where repressive governments are considering or have adopted some of the most draconian Internet policies.
“What might affect the Chinese debate are Chinese companies arguing about their own competitiveness and ability to attract users and ensure their trust,” Segal said in an email to the Daily Dot, “but that is not an argument they have been public with yet, though they may make it behind closed doors.”
Also interesting is the fact that few of the large U.S. tech companies that would be most affected by backdoor mandates signed the letter.
CCIA and the Internet Association, which did sign it, represent many of those companies, including Facebook, Google, and Twitter. Although these groups often poll their members in advance of taking a position, they do not require majority support from their members to proceed.
Asked whether the Internet Association had solicited feedback from its members before signing the letter, a spokesman said in an email, “We don’t talk about our internal process, but we are a membership driven organization.”
A CCIA spokeswoman said that the group consulted its members before signing but added, “As a trade association, our participation is not necessarily representative of any particular member company’s position.”
The companies could have encouraged their trade associations to sign the letter as a way of supporting it without affixing their own names, which would have drawn them more directly into a conflict with foreign governments whose permission they need to reach new markets.
Segal suggested that, if the groups didn’t poll their members, that “may have been [a] decision to keep some maneuver[ing] room in foreign markets.”
Matthew Green, the Johns Hopkins University professor who signed the letter, said he was “optimistic” that the letter might change some minds.
Few of the large U.S. tech companies that would be most affected by backdoor mandates signed the letter.
“I think it’s important to make it clear to policymakers how important this technology is, and how much expert consensus there is around the importance of free, uncompromised encryption technology,” he said in an email. “It was exactly this sort of effort that moved policymakers in the 1990s, and I think everyone involved agrees that we avoided a trap at that time.”
Although encryption is vital to both individual privacy and security and global commerce, many Western intelligence agencies, most notably the National Security Agency, have sought to undermine it to simplify the work of surveilling terrorist suspects. In 2006, the NSA secretly added a backdoor to a popular encryption standard and convinced another U.S. agency to recommend its widespread adoption, sparking a global incident.
The debate over whether to compromise encryption for law-enforcement or intelligence purposes stretches back several decades and has always pitted government officials against privacy activists and security engineers. But after several ISIS-inspired attacks in Paris and San Bernardino, California, in 2015, many of those officials, particularly in the United States, felt emboldened to rekindle their argument.
But pro-encryption forces aren’t letting up either. Late last year, civil-liberties groups organized a massively popular petition asking Obama to publicly support encryption. White House officials said at a meeting with those groups that the president would soon clarify his stance on the issue.
A senior administration official declined to comment on either the encryption letter or the timetable for the president’s statement.
Update 12:43pm CT, Jan. 11: Added response from CCIA.
Update 1:24pm CT, Jan. 11: Added new response from CCIA.
Update 2:26pm CT, Jan. 11: Added response from the Internet Association.
Photo via David Jafra/Flickr (CC BY 2.0) | Remix via Max Fleishman