From the Frontlines of the Second Crypto Wars

We’re currently living in the midst of the Second Crypto Wars. While that may sound like the title of a campy Star Wars knock-off from the ‘80s, it’s actually the most recent iteration of a long running debate over the ubiquity of strong encryption in consumer-grade devices and services. By ubiquitous strong encryption, I mean both the expanded availability of device encryption for smartphones, and end-to-end encryption of communications protocols with only the sender and recipient (but no third parties) holding keys.

This sort of strong encryption has proliferated for a variety of reasons. Hacks and data breaches are larger, more consequential, and more prevalent than ever. The last four years have also been marked by controversy over widespread government surveillance in the U.S. and elsewhere. These circumstances have caused consumers to demand, and technology companies to develop, the tools to protect sensitive personal and financial information—both online and offline—from those who consumers would prefer not have access. Today, strong encryption protects most online connections, all financial transactions, and an ever-increasing number of communications. It is the core of modern digital security.

Naturally, the renewed focus on product and platform security on behalf of consumers has led to a conflict, with the tech industry and consumer advocates on one side, and law enforcement (mostly) on the other. This version of the Crypto Wars was kicked off in 2014, when then-FBI Director James Comey gave voice to frustrations long-festering in the federal, state, and local law enforcement communities—that the increasing availability of encrypted smartphones and communications services would cause some set of their investigations to “go dark” without access to access to vital evidence. Law enforcement worldwide began seeking some technical solution, from backdoors to key escrow, that would somehow keep encryption secure while affording them access. Everyone from leading security technologists and consumer advocates to former intelligence community leaders and government experts realized this was a futile, dangerous, and legally dubious exercise, but law enforcement pressed on.

Setting aside the significant flaws in law enforcement’s premise, this phase of Crypto Wars 2.0 came to a head in early 2016, when the FBI sought to compel Apple to develop a tool to allow investigators to crack the encryption in an iPhone relevant to the investigation of a tragic terrorist shooting in San Bernardino. While the FBI eventually withdrew its demand after being approached by a third party, battle lines had been drawn, and the stage was seemingly set for decisive Congressional action. That action came in a widely derided piece of draft legislation called the “Compliance with Court Orders Act of 2016,” which eventually went nowhere.

And that’s where we stand today. Congress and the White House remain conflicted about the appropriate path forward, though there is a recognition in important Congressional quarters that weakening encryption and digital security is an unwise choice. Law enforcement and their advocates in government will continue to call for an “adult conversation” about their concerns of “going dark,” but the adults have gone and moved on to argue about a whole host of new and exciting developments in the digital security space.

Bijan Madhani

Bijan Madhani is Senior Policy Counsel at the Computer & Communications Industry Association. He concentrates primarily on privacy and surveillance policy,Mahdani-B cybersecurity, and Internet governance issues relating to free expression and open networks. Bijan previously focused on these matters as a law clerk with Senator Dianne Feinstein’s Judiciary Committee office, PBS, and the Department of Justice. He also recently spent time as counsel with the Food and Drug Administration, prior to which he worked as a Legal Fellow with CCIA. He received his J.D. in 2013 from American University Washington College of Law, where he was a Student Attorney in the Glushko-Samuelson Intellectual Property Law Clinic, President of the Intellectual Property Law Society, member of the editorial board for the National Security Law Brief, and a Fellow at the Program on Information Justice and Intellectual Property. He graduated from the University of California, Berkeley in 2010, where he studied Political Economy with a focus on decision analysis, edited the Berkeley Political Review, and interned with a leading political consultancy.

Read more posts by Bijan Madhani →