Strong Encryption has a Posse

Perhaps the largest and most diverse coalition ever of tech companies, digital rights advocates, and security experts yesterday asked the Obama administration to support strong encryption and resist calls to weaken security mechanisms by requiring “backdoor” access or escrow of encryption keys. This issue is dear to CDT’s heart; CDT coordinated the original expert report in 1997, “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption,” and an expert report in 2013 entitled “CALEA II: Risks of Wiretap Modifications to Endpoints.” The consistent message from the technical community has been clear: backdoors reduce security, they are trivially engineered around, they don’t work, and there will always be methods to easily create or obtain software without backdoors.

We gladly signed on to this effort to support strong encryption and to reject mandates that would weaken security.

The letter – organized by The Open Technology Institute at New America – points out that officials in President Obama’s administration have been arguing tech companies should weaken security and encryption controls in recent months, most recently by NSA Director Rogers. The coalition argues that the White House should reject any policy that might compromise technical security mechanisms:

“We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad.”

The power of this statement is amplified by the list of those signed on to it. I can’t think of a similar area of technology policy where there was such a broad and deep showing of stakeholders, including major technology companies and technology advocacy organizations with 58 of the top experts in the law and technology of computer and network security. I’m especially heartened to see such a strong showing of top security experts including two of the inventors of modern public key cryptography (Diffie and Rivest). At CDT we believe strongly that domain experts should be involved in policy conversations, and we helped coordinate expert sign-on to this letter by cryptographers, computer scientists, and computer and network security experts.

There should be no mistaking the statement’s conclusion: we are at a critical juncture where the Administration must chose between shoring up technical security in the future or weakening what trust we do have in our growing computer and network infrastructure by requiring systems be surveillance-ready.