The Ultimate Encryption Debate

07/13/2015 04:19 pm ET Updated Jul 13, 2016

I have been called "irresponsible" by one of the greatest cryptographers, the famous Ronald Rivest of MIT. (His name provided the "R" in RSA, a computer security firm and a widely used encryption scheme, on both of which he worked.) I gained that dubious distinction for arguing that a new form of encryption is not merely the techies' major gift to terrorists and criminals -- but also a gross violation of the constitution! Hence, it should be outlawed. Rivest states that "it is irresponsible for Etzioni to reach the conclusions he does without providing a plausible technical approach to achieving his stated goal (banning strong encryption) that doesn't incur immense costs to our national security."

What happened is that the techies developed a new form of encryption -- I call it the ultimate encryption -- that only the sender and receiver can decipher. Apple built it into its phone so both the information stored in the phone and the messages sent are completely secure. (If you forget the password, Apple cannot help you, because it cannot decode the information encrypted in the new way). Google and other tech companies are following suit.

Senior law enforcement officials in the U.S. and UK have have expressed alarm about the risks posed by these developments. FBI Director James Comey warned that the advance of "default encryption settings and encrypted devices and networks" will have "very serious consequences for law enforcement and national security agencies at all levels." There were akin to "building cars whose trunks the government could not open" and put terrorist and kidnappers "beyond [the reach of] the law."

Government officials hence asked the tech firms to ensure their capacity to "comply with lawful court orders" by incorporating a "lawful intercept solution" into their products. However, on July 6, 15 computer security specialists including Rivest responded that any such changes would damage our security -- because whatever backdoor they would provide the government to read the encrypted information -- could also be used by cyber criminals. I argued, on the other hand, that the damage ultimate encryption inflicts on security is too high a cost to pay -- and that it should be treated as an "inherently dangerous product," as we treat plastic guns, which we ban because the TSA cannot detect them.

The main point here is that the Constitution never banned all searches; it states that only unreasonable ones are prohibited. And it provides a way to establish what is responsible: show a judge that there is sufficient evidence to hold that a particular person may be a terrorist or a serious criminal. This is the gold standard civil libertarians and libertarians have insisted on for decades.

Now come Professor Rivest and a few of his colleagues, consulting no one -- no public, no court or legislature -- and declaring that they are entitled to prevent the Constitution from being applied. They will provide one and all with a ready-made way to prevent the government from doing any searches on smart phones and the communications and transactions of their owers even when these searches are perfectly legal and necessary. To put it differently: we are accustomed to draw on the constitution to protect us from government overreach. Here we ought to note that we need to draw on the Constitution in order to have the government that can protect us.

As to my not providing a technical solution, it actually is completely reasonable for me and you to challenge what Rivest, et al. are doing without having a fix, just as it is ok for us to demand that someone stop spreading Ebola even if we do not have a suitable vaccine. But I do have a solution for end-to-end encryption of communications: make it a two step process. Have the client send an encrypted message to Apple. Have Apple re-encrypt the message and send it to its final recipient -- and keep a copy (encrypted of course) in a new Apple vault. To further enhance security, Apple would keep the passwords and identities of the senders and recipients in a different vault than the content of the messages themselves. It would allow the government to read the content of a person's messages only on presenting a court-authorized search warrant based on individualized suspicion. (If you don't trust FISA -- some other federal court). And Apple should invite the Israelis to provide the new vault with the security measures they used to protect the secrets of Dimona for decades from leaking.

Mr. Rivest is welcome to do better. But if he is a responsible American, he has a duty to help do his best to find a reasonable balance between privacy and security and not to slaughter one on the altar of the other. He who sacrifices security for sake of privacy will have neither.

Amitai Etzioni is a University Professor and professor of International Relations at The George Washington University. His book Privacy in a Cyber Age was published by Palgrave Macmillan on June 17, 2015, and his paper Ultimate Encryption is available on the Social Science Research Network. For more information, you can follow him on Facebook, Twitter, and YouTube. To subscribe to his monthly newsletter, send an e-mail to icps@gwu.edu