Encryption is one of the most important tools of the modern web. It's what moves your data around from your device to a company's server securely and it's the reason your text messages and conversations aren't constantly being intercepted and leaked by hackers. Now the Trump administration is considering a potential ban on the technology, according to a report from Politico.
A number of officials reportedly took part in a National Security Council meeting this week to discuss paths to restricting or outright banning end-to-end encryption. There are two paths that are apparently on the table: making a statement that would establish the administration's official position on encryption in order to encourage working toward a middle-ground solution or asking Congress to draft a bill on the topic. No decision was made, per Politico, but the latter route may result in a ban on encryption, which could have far-reaching implications for your privacy.
To understand why end-to-end encryption is so essential, it's important to understand exactly how it works. When you do anything online — check your account balance in your banking app, visit a website, send a message to a friend, etc. — your device connects to a server that processes your action. Without encryption, that information is transferred in plaintext, meaning it is completely readable to anyone who might intercept it — your internet service providers, hackers, the government, you name it. When encrypted, there is essentially a secure tunnel created between your device and the server. You, as the sender, have a key associated with your device that allows you to see that information. The recipient also has a key that grants them the ability to decrypt the information when it reaches their device and read it. But anyone in between who manages to get their hands on the data will see nothing but a scrambled collection of numbers and letters.
Governments, particularly intelligence and law enforcement agencies, have grown to strongly dislike the prevalence of encryption, especially in messaging apps. The security measure makes it difficult, sometimes even impossible, to gain access to communications between people and has presented challenges in retrieving data from devices like smartphones and laptops. You may remember the issue being at the center of a standoff between the FBI and Apple back in 2016 when the tech company refused to help the government agency gain access to an iPhone that belonged to one of the people who carried out a mass shooting that killed 14 people in San Bernardino, California. Apple's smartphones are by default encrypted, making it impossible to gain access to the data without having the correct passcode — and guessing the passcode wrong too many times automatically wipes the device. These security protections were put in place to keep user information out of the hands of anyone who isn't supposed to have access to it. And that means the government as well as malicious actors.
The government, of course, believes that it shouldn't be viewed the same way as a hacker and has previously asked companies for backdoors that would allow them access to encrypted information. That simply isn't how encryption works, though. Creating any sort of gap in encryption instantly makes it unsecure, because if a way in exists for one party, it can potentially be used by another, unauthorized source. Bruce Schneier, a security technologist and Electronic Frontier Foundation board member, wrote of backdoors:
I can’t build an access technology that only works with proper legal authorisation, or only for people with a particular citizenship or the proper morality. The technology just doesn’t work that way. If a backdoor exists, then anyone can exploit it.
Dr. Andrea Little Limbago, the chief social scientist at data privacy firm Virtru and former technical lead at the Department of Defense, tells Mic that any legislation weakening encryption, be it a backdoor requirement or an outright ban on the privacy protocol, "would be an enormous blow to security and privacy, with significant negative effects on national and economic security as well." She explains that it would give nations around the world the go-ahead to follow the United States' lead and crack down on end-to-end encryption under the guise of national security "When the U.S. weakens security, it basically gives the green light for authoritarian regimes, criminal groups, and other malicious actors to compromise data and undermine civil liberties," she says.
If you think there are lots of data breaches now, just wait until encryption is restricted or prohibited. Without proper security protocols, potentially sensitive information transferred in plaintext would attract all sorts of interest from hackers. Even everyday communications between friends could become subject to prying eyes. "For consumers, the most direct impact would be on their own privacy when corresponding via messaging apps or email," Dr. Limbago says.
The most troubling part about the Trump administration's apparent interest in pushing a ban on encryption is that the current arrangement is working fine. Companies are able to protect user information from hackers and other malicious actors and often comply with government requests for user information when it is reasonable and a proper warrant has been obtained. The FBI has reportedly lied about the number of devices that law enforcement was unable to access in criminal cases to make the situation seem more urgent. It isn't. The push from the government to remove any friction between their access to people's information is, without question, excessive and unnecessary.
"There is no reason why a free society should weaken end-to-end encryption. The current collaborative arrangement between the private sector and the FBI covers the majority of cases of data access," Dr. Limbago explains. "Traditional statecraft and private-public partnerships work extremely well at obtaining the data required for investigations without undermining national security, democracy, privacy, and civil liberties."