The COVID-19 crisis is revealing the institutions upon which we rely most: healthcare, grocers, and local government, along with the pressure points, flaws, and frailties of each. There’s probably never been a stronger collective desire to protect and empower these institutions, and thereby protect and empower ourselves.
Looking beyond our most basic material needs though, we arrive at another institution that’s earned a bump in cachet recently: the internet. That’s currently where the bulk of all education, work, and, increasingly, governance takes place. And like our other valued institutions, important facets of the internet infrastructure, namely encryption, require protecting. Below, we’ll walk you through how key societal functions provided over the internet during this crisis benefit from strong encryption.
Learning from Home
The increased reliance on internet-powered communications technologies has been especially pronounced for school-aged children. As schools across the country close their doors to stem the spread of the virus, millions of students must now complete the semester’s coursework from home. For many students, this means contending with multiple virtual learning technologies accessed across devices.
As students, teachers, and parents attempt to master these new technologies, the migration of routine classwork online creates new vectors for privacy and security breaches that should be closely monitored considering the sensitivity of this population. After all, society decided long ago that the exigencies of protecting children online ought to warrant its own unique privacy regime. So how can we ensure that children remain protected as the threats multiply in this new landscape? One vital tool is encryption, which can ensure that the new deluge of online communications flow directly from instructors or administrators to students.
As more students congregate on teleconferencing tools, for example, strong encryption standards can protect those communications from unwanted interlopers. Consider that some such threats may seem more of an annoyance in the adult working context but take on a decidedly more sinister edge when involving a captive audience of children. “Zoombombing,” for instance, where uninvited pranksters enter a video call to use the screensharing function to broadcast profane images, is not so innocuous when considering the impressionability of a third-grader. Moreover, as more e-learning providers gain permissions relating to students’ webcams, it’s of the upmost importance that we don’t require them to engineer weaknesses into their technology.
If this crisis lasts long enough, we might also see standardized tests, which have enormous ramifications for students’ futures, move online. Encryption can play a vital role here as a type of “virtual proctor,” helping to assure the integrity and fairness of those tests. Any mandate that providers of communications technologies maintain a backdoor to these encryption measures, on the other hand, jeopardizes the security of exam results and the privacy of young children at the same time their reliance on online learning and testing tools is at its highest.
Working from Home
Those lucky enough to secure working from home arrangements during the pandemic won’t need to be reminded of the importance of a functioning, secure internet. With the ability to hold in-person conversations with colleagues severely curtailed, the only option for many is virtual communication technologies conducted over the internet.
Obviously, most folks are already intimately familiar with email and text messages, for which there are no shortage of providers, including those that offer end-to-end encryption for those who require secure transmission of highly sensitive materials. Even in normal times, it is impossible to imagine those working in certain sectors—national security, critical infrastructure, and journalism, for example—maintaining routine work correspondence in the absence of end-to-end encryption. Many of our small business members also know of the paramount importance that certain project information or trade secrets only be accessible to the intended sender and recipient.
The crisis has also created new demands for remote working technologies. The enormous boom in teleconferencing, for example, indicates that many conversations simply cannot occur in text-only format. As such, teleconferencing providers such as Zoom and Microsoft Teams have reported massive expansions in usership; Zoom usage is up 378 percent compared to this point last year, while Teams gained 12 million daily users in a week. Like email and text, the use-case for secure teleconferencing is straightforward: activists, private citizens, and businesses, among others, need a remote mechanism to verbally and visually communicate sensitive information. In turn, strong encryption on teleconferencing services is necessary to prevent third parties from obtaining content shared during these meetings and using it for purposes unintended by call participants. The absence of such protections may chill the sharing of sensitive information and could endanger certain vulnerable communities who are increasingly reliant on this technology to communicate.
Amid the crisis, the players in this industry that have failed to appreciate these security demands have paid dearly. Zoom, for example, is facing various inquiries, including attorney general investigations in multiple states, regarding its privacy policies, encryption standards, tracking capabilities, and more. The unexpectedly widespread use of what has always been an enterprise product for personal purposes is driving some of the controversy, but we are simultaneously discovering a stronger desire for privacy even for enterprise platforms as more of our work communications are conducted over the internet. The fact that Zoom is suddenly facing all this attention is telling – users expect secure remote communications technology elsewhere, and now they demand it from their teleconferencing services. As privacy demands grow along with the market for work from home technologies, it is vital that policymakers assure the integrity of encryption.
Governing from Home
Finally, with the COVID-19 crisis pushing congressional leadership to keep members away from each other to prevent the spread of the disease, the debate has resurfaced again for Congress to consider remote voting. As always, the prospect of Congress moving to mobile brings with it questions surrounding cybersecurity. Can our current hardware and software capabilities adequately protect remote voting by members of Congress? The answer is probably yes, so long as public policy enables strong encryption that protects both smart devices and personal communications.
These are the types of problems that App Association members solve for their clients. They bring traditionally offline functions and institutions into the mobile space, with secure communications and remote platform functionality. App Association members generally build software products that meet the dynamic needs of their clients, consistent with the relevant legal and logistical constraints. Tackling a set of problems like remote voting for Congress is fundamentally the same, perhaps just broadening the scope of security and reliability implications. But the underlying security measures and infrastructure available now are equal to the task if leveraged properly.
One of the reasons Members of Congress view remote voting as a real possibility is that they have become familiar with the daily use of strong security measures that protect their personal communications, media files, and financial activity—whether stored on their devices or communicated securely over the internet. These features are thanks in large part to the centralized nature of software platforms, along with the availability of reliable network connectivity and technical protection measures like encryption. They are the reason we unlock our devices with our faces to access the most sensitive portions of our lives, including everything from our messages with loved ones to our financial and economic activities.
The obvious question is, if we rely on the current ecosystem—including device and end-to-end encryption—to protect everything from military communications to financial transactions, why can’t we rely on it to protect congressional votes? There is no compelling reason why not, especially if we are talking about securing the votes of just 535 (435 House members plus 100 Senators) individuals. However, if we succumb to arguments that law enforcement should be granted a special means of accessing even the most secure communications and devices—we make the task of securing votes a lot harder. The presence of such a key would be far too great a temptation, attracting independent and state-backed bad actors alike, and would be quickly targeted and potentially stolen.
Opponents may argue that congressional voting could be subject to special rules and excepted from special access requirements imposed on other products. But unfortunately, the availability of a key to unlock some devices puts other devices and communications at risk, especially if voting is to occur via some mechanism accessed by representatives’ existing devices. It would make little conceptual sense to mandate the encryption of representatives’ votes but not the device sitting in their pocket. As we’ve made clear, interrupting encrypted communications anywhere is a short-sighted idea. The key to securing any remote voting system, as with work and learn from home technologies, is to eliminate weak points across the board.