Encryption backdoors put us all at risk

The security of the Internet as we know it is based on encryption – so why are authorities trying to break it?

In the midst of escalating fears about national security, there’s another war brewing – and this one is about our digital privacy. Encryption technologies, the tools that keep our information safe from prying eyes, are under attack.

Around the globe, encryption is being positioned as a tool for evil doers, in an attempt to make us willing to sacrifice our privacy and security. From the FBI’s arguments against encryption in the U.S., to the “Snooper’s Charter” currently being debated in the U.K., this narrative has continued to grow over the past year as law enforcement agencies struggle to keep up with the with the increasing popularity of privacy technologies since Edward Snowden revealed the extent of government mass surveillance.

Let’s be clear about one thing: encryption tools are not to blame – they are keeping us safe, every day, in more ways than we realize. But now spy agency leaders are exploiting the public's security fears, to whip up hysteria about encryption. In other words, the very tools we use to keep ourselves secure are now being presented to us as the enemy.

It’s shortsighted, and ineffective.

Here's why encryption should be seen as friend, not foe:

1) Encryption is what keeps us – innocent people with a lot to lose – safe from malicious activities online.

First and foremost, encryption is all about ensuring an online environment that keeps innocent citizens safe and secure. And part of that safety comes from the ability to have secure, private communications, and keep our data away from prying eyes.

It’s not a secret that illegal activities are taking place online. That's why it's essential that citizens can rely on secure encryption technologies to protect our information from these criminal actions. This is about the protection of vulnerable data: The confidentiality of your clients, the privacy of your health records, and the security of your financial information.

Privacy breaches are growing increasingly rampant. From a hard drive containing personal information and mental health records of students lost in B.C., to foreign governments hacking government websites, our information is consistently at risk, and we need effective tools to keep it safe.

It’s easy to believe you have “nothing to hide” when imagining that the only people reading your emails or accessing your banking information, are those you’ve provided access. But what happens when your unencrypted private records are suddenly they’re open to anyone, anywhere, with even modest hacking skills? That’s why encryption is crucial – it ensures that your information is safe, and only accessed by those to whom you’ve given permission.

We can’t always protect where our information goes. But encryption helps us to ensure that it remains secure even if it falls into the wrong hands.

2) A secret backdoor “just for the good guys” is just. not. possible.

Encryption is based on it being unbreakable – by anyone. The second we weaken these security tools to one entity, we weaken them to everyone.

A backdoor, or a “golden key,” which government agencies like the NSA have been advocating for, would undercut the security of encryption so that if and when the government deems necessary, they (or the companies operating these technologies), could decrypt our secure communications and files.

The problem with this is that building in backdoors for the government to access information when it needs it renders these technologies entirely useless. If there’s a “secret key” the government can access, there’s a secret key that other governments and hackers can access. Encryption is based on math, not morals and good vs. evil. Weakening encryption to one group makes it more susceptible to everyone – including the malicious actors we’re working so hard to protect ourselves from.

3) We can’t keep sacrificing our rights and freedoms every time we get scared.

In the wake of an attack, particularly something as tragic as those seen recently in Paris or San Bernardino, it’s difficult to not just respond from a place of fear. Threats and attacks are visceral; threats to our rights are intangible, and the consequences are often not felt for years to come.

After 9/11, legislation was introduced in multiple countries around the world, including the U.S. and Canada, to amp up security and surveillance mechanisms. But the NSA’s resulting metadata collection program (which finally ended in November, 2015), was not able to demonstrate a single incident in which it had an impact, in the past 14 years.

In the tragic attacks in Paris last November, many of the individuals suspected were already known to authorities, and Turkish officials had also repeatedly warned France of the threat of another individual. Yet nothing was done.

I highlight this not to point fingers – but to simply highlight that having information isn’t enough. Having the right information, and the capacity to do something with it, matters. Having targeted, effective intelligence is imperative. The evidence consistently shows that untargeted mass surveillance of entire populations is not just a grave threat to our democratic rights, it's also quite simply ineffective.

Making all of our private communications and activities vulnerable is not the answer.

The bottom line is this: encryption is not there to protect criminals – but to protect us from them. To understand the importance of digital privacy, of any personal data, is to understand the need for encryption. If we don’t have the ability to keep information safe, we might as well just strip away our passwords, and set all of our personal information to publish directly to public.

To learn more about how you can take action at SaveCrypto.org.