This is a draft. It is “published” but the URL is not yet public. Please do not link or forward until this notice has been removed.
We’re hearing a lot lately about encrypted phones and other devices, including pleas from law enforcement to provide the government a “backdoor” to access encrypted devices to make it easier to investigate terrorism, child pornography and other horrendous crimes. What sometimes gets lost in the conversation is that the real purpose of encryption and other security tools is not to thwart law enforcement but to protect the users of the devices, including children, from unauthorized access by anyone, including stalkers, scam artists, bullies and predators as well as the overreach of governments around the world. In other words, encryption is not only about privacy and security but also about personal safety.
Keeping us safe
Some worry that encryption will make it harder for law enforcement to keep us safe, but I worry that a lack of encryption will make it harder for everyone, including children, to stay safe.
Phones and other digital devices can contain a great deal of personal information, including your current and previous locations, home address, your contacts, records of your calls and your texts, email messages and web searches. Such information, in the hands of a criminal, can not only lead to a violation of you or your child’s privacy, but safety as well. That’s why it’s important to have a strong passcode on your phone as well as a strong password on any cloud backup services such as an Apple account that gives users access to your iCloud backup or a Google account that allows someone to access your Android Device Manager page and much of the information on your phone. But even devices with strong passwords aren’t necessarily hacker proof, which is why it’s important that they be encrypted.
Purpose of encryption
Encryption adds a very important layer of protection because it makes it extremely difficult for unauthorized persons — including criminals — from hacking into your device. In simple terms, encryption software scrambles communications so that they can’t be understood by anyone unless they have the code (called a “key”) to decrypt them. In modern devices, this is all handled by the device’s operating system so that data, in most cases, is decrypted as soon as you log into the phone with your passcode. Having an encrypted phone protects your children by preventing bad guys from accessing information that could do them harm. It also prevents someone with access to your child’s encrypted phone and passcode protected phone from impersonating your child.
Needs and tools of law enforcement
Unfortunately, the discussion about encryption has mostly focused on the interest of law enforcement to be able to break into devices when investigating crimes. And it’s not uncommon for anti-encryption advocates to talk about child protection to justify their position on the premise that encryption makes it easier for predators and child pornographers to hide from the law. It’s true, encryption does present a challenge for law enforcement, but just because people have encrypted phones doesn’t mean that the cops are blind. For one thing, if there is any type of backup, which is often the case with today’s smartphones, law enforcement can obtain a warrant to require the custodians of the cloud servers where that information is stored to turn over relevant information. Also, virtually all communications on mobile devices passes through either a cellular phone carrier or an Internet service provider and there is a good chance that the information transmitted by the phone can be accessed, again with a proper legal order, from those companies. In addition, it is common for people to use text messaging, email services, social media sites or other cloud-based services which may also have a backup of the data that can be accessed with the proper authority. Authorities have plenty of other tools, including location data and metadata from cell phone carriers.
Bad guys always have access to encryption
Even if a device isn’t encrypted by the manufacturer, service provider or operating system maker, it is still possible for users, including predators and terrorists, to encrypt their communications using readily available encryption apps. There is even an encryption program that was written by Al Qaeda operatives to aid to enable terrorists to hide their plans. Encryption software and apps come from multiple countries so, even if the United States were to put a “backdoor” in programs from all U.S. companies, it would be possible for bad actors to use encryption tools from other parts of the world.
Pros and cons of “backdoor”
There are proposals to give the government and law enforcement ways to break through encryption to investigate crimes. Most of these proposals would require a court order.
While such a “backdoor” might enable law enforcement to obtain valuable information, it comes with big risks, which include both abuse by government itself as well as criminals foreign agents who might be able to get their hands on the backdoor itself or the data it can uncover. Such a backdoor would, almost certainly, consist of some type of digital access and, as we’ve seen over and over again, anything that’s digital and accessible online, can be hacked. The U.S. government’s Internal Revenue Service and Office of Personnel Management are but two examples of large institutions whose highly confidential data has been breached.
A 2015 paper, Keys under doormats: Mandating insecurity by requiring government access to all data and communications by some of the world’s leading cryptographers and cyber security experts, concluded, “millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws” adding that “criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend.”
It’s about our children’s and our safety
At the end of the day, encryption is about personal safety, including the safety of the millions of children who use smartphones and other encrypted devices and apps. Parents and child safety advocates should be supporting strong encryption while, at the same time, supporting law enforcement’s needs for adequate funding and support so that they can continue to do all they are doing to help protect our children.