We have aggressively pressed the administration to steer clear of measures to weaken data encryption standards.
The success of our member companies relies on the trust of users. If the government forcibly weakens our ability to protect data, it threatens the trusted relationship with consumers we have worked so hard to earn. Moreover, it’s also bad for business and vastly increases the likelihood of catastrophic breaches.
But not everyone sees it that way.
At an October 2014 speech at the Brookings Institute, FBI Director James Comey laid down a marker for how the administration’s preferred modification of encryption laws. He argued that law enforcement should have “front door” access to Americans’ private, encrypted communications.
After a hailstorm of criticism, the Director was called before Congress to answer questions about how law enforcement demands would dramatically weaken online security. He was joined by U.S. Deputy Attorney General Sally Yates and New York County District Attorney Cyrus Vance who echoed his demands.
Most troubling was their admission that they had no idea how or if such an encryption system could actually work. The only suggestion about where a solution could be found was relying on the genius of “guys in garages.” When pressed with evidence that encryption experts overwhelmingly reject the viability of this plan, Director Comey said:
“I don’t think the great innovative people of America have really put their minds to this.”
Only that’s not true. Just three days ago, a group of the world’s leading cryptology experts published a paper describing the dangers of the government holding all the encryption keys. Simply put, it’s not possible for companies to add exceptional access to an encryption system without fundamentally compromising its security.
Encryption methods are based on highly complex principles of mathematical cryptography. Any additional point of access added to an encryption system creates numerous potential failure points, exponentially weakening any computer system.
Notably, we have experience with government failures trying to restrict encryption.
In the 1990s, the National Security Agency tried to introduce encryption hardware that also provided law enforcement access. Known as the Clipper Chip, serious technical vulnerabilities rendered it useless within a year of its debut. When the NSA argued against the export of encryption software at the end of that decade, hundreds of foreign alternatives entered the market downloadable over the internet.
The U.S. is the birthplace of the world’s vibrant app economy. American app companies are global market leaders, but requiring them to weaken security would be devastating. It is critical that the President allows U.S. companies to ensure the safety of American citizens in a manner that does not undermine their data security.