海角大神

When it comes to聽cryptowars 2.0, the FBI still can鈥檛 admit that it鈥檚 on the wrong side of history.

Ever since Apple and Google announced last fall that new iPhone and Android phones would be encrypted by default, FBI Director James Comey has been complaining that the growing prevalence of encrypted devices and Internet services will prevent law enforcement from obtaining the data it needs for its investigations.

While it鈥檚 sparked a yearlong聽policy battle聽between Washington and Silicon Valley over encryption, Mr. Comey and his colleagues still have yet to reveal much in the way of聽concrete examples聽in which strong encryption is causing the kinds of problems that they fear 鈥撀爓hile there鈥檚 plenty of reason to think聽it聽will actually聽stop more crimes聽than it will shield from scrutiny.

To be honest, the crypto聽鈥渄ebate鈥澛爏hould not be much of a debate at this point. Just as they did during聽the cryptowars of the 1990s,聽a broad coalition of聽tech companies, privacy advocates, and security experts have made clear that the US government mandating that our digital products have built-in surveillance 鈥渂ackdoors鈥� (or 鈥渇ront doors,鈥� as Comey would prefer we call them) would be bad for cybersecurity, innovation, human rights, and the American economy. Even聽the White House聽seems to recognize that pushing for such a mandate is a bad idea.

But that hasn鈥檛 stopped Comey from painting an apocalyptic picture, in聽blog posts聽and in聽Congressional testimony, of a world of 鈥渦niversal strong encryption鈥� where every bit of data is beyond the reach of the cops, and chaos reigns. 鈥淎s all of our lives become digital, the logic of encryption is all of our lives will be covered by strong encryption,鈥� he said in a聽speech聽earlier this year. 鈥淭herefore all of our lives 鈥� including the lives of criminals and terrorists and spies, will be in a place that is utterly unavailable to court-ordered process.鈥�

Sounds scary, doesn鈥檛 it? Don鈥檛 be afraid, though. The 鈥渦niversal encryption鈥� scare-story being sold by the FBI 鈥� where one day every communication will be secured by end-to-end encryption 鈥� isn鈥檛 going to happen anytime soon. 聽And, ironically, it鈥檚 the FBI鈥檚 own latest argument in the encryption debate that demonstrates why it isn鈥檛 going to happen.

Comey floated this聽new argument聽at a cybersecurity hearing on Capitol Hill last week, responding to the聽chorus of security experts聽that have concluded that it鈥檚 not possible to engineer back doors for government surveillance of encrypted data without also diminishing security against other, less savory attackers.

In that hearing, Comey noted that plenty of Internet communications services don鈥檛 strongly encrypt all the way from the sender to the receiver (i.e., 鈥渆nd-to-end鈥� encryption) as done by messaging services such as Facebook鈥檚 Whatsapp or Apple鈥檚 iMessage, but instead store in the cloud and maintain their own access to users鈥� data for business purposes, such as scanning e-mail contents to serve ads. Those companies, in turn, are able to respond to government demands for that data.

鈥淚鈥檝e never heard anybody say those companies are fundamentally insecure and fatally flawed from a security perspective,鈥� Comey continued. The implicit message: If we all think that Gmail is secure enough, or Facebook private messages or Twitter direct messages, why can鈥檛 everyone just build their services that way?

By my count, FBI and Justice Department officials repeated some variation of this argument at least five times at聽an event on the encryption debate hosted by Passcode聽earlier this week. 聽

As the Justice Department鈥檚 Kiran Raj, senior counsel to the deputy attorney general, argued there: 鈥淭here are large companies, for example, some of the commercial e-mail providers, where they use strong encryption to protect the e-mails when they鈥檙e in transit 鈥� but for their own business purposes they have to be able to access the underlying content and they do that for a variety of reasons. One is potentially to serve you advertisements, [or] for data security 鈥� they can scan malware, so they can scan for spam, and things of that nature.

鈥淎nd so when we look out and see that there are companies now that have figured out how to do that balance 鈥� how to ensure strong protections and security for their data but also have access to it 鈥� it鈥檚 difficult when we hear [from security experts] that it鈥檚 technically impossible to do this,鈥� Mr. Raj continued.

This may be a superficially attractive argument for some. But it completely misses the point of what security experts are actually arguing. Even more importantly, it utterly undermines Comey鈥檚 fearful vision of universal encryption-driven anarchy.

The fact is, Comey and his colleagues are absolutely right: There are a wide variety of very popular services that do not deploy end-to-end encryption as feature, so they can offer other features for which there is enormous consumer demand. Such features include the ability to easily store and search all of your messages from multiple devices, or to have the service provider sort for spam or viruses, or to use services for free by letting the companies make their money from targeted ads based on your message content. 聽

In other words, there is serious market demand for 鈥� and thus much money to be made, and much incentive for companies to offer 鈥� features that rely on data聽not聽being end-to-end encrypted, data that can then be handed over to government agents with a search warrant.

That simple technical and economic fact is not going to change, which means there will聽always聽be huge data troves 鈥� e-mail accounts, social media accounts, data backups, photo archives 鈥� that the government can still obtain. 聽

Therefore the 鈥渦niversal encryption鈥� narrative isn鈥檛 a realistic prediction at all; it鈥檚 just a dystopian fantasia meant to scare politicians and voters. Nor is the government 鈥済oing dark鈥�; rather, it鈥檚 enjoying a Golden Age for surveillance, and that Golden Age isn鈥檛 ending any time soon 鈥� even if there will also always be some companies offering end-to-end encrypted services to those who value security as a feature more than those other features.

And that鈥檚 the key: People will always want and need to treat different communications differently, using different types of services with different types of features. Just as in the real world, where we keep some letters in a permanent file while other things we would only say in a whisper that鈥檚 never to be heard again, so, too, in the online world do we use Twitter for one kind of communication, Gmail for another, and Whatsapp for another, balancing features like accessibility and security and searchability and cost accordingly. 聽

No one is saying that Gmail is 鈥渇atally insecure,鈥� but unencrypted messages stored on an e-mail server will always be more vulnerable to a聽Sony-style hack聽or a nosy boyfriend who鈥檚 stolen your password than communications that are ephemeral and end-to-end encrypted. 聽

Many (but not all) people, for many (but not all) messages, are willing to make that trade-off based on the expectation that the security of Internet giants like Google and Microsoft will hold off all but the most well-resourced, state-sponsored attackers. (Notably, both companies鈥� computers were successfully聽penetrated聽a few years ago by Chinese intelligence, who ironically went straight for their lawful intercept systems in order to find out who the US government was spying on.) 聽

But in the end, it鈥檚 our choice 鈥� our decision.

FBI Director Comey, however, wants to put his hands on the scale and decide that trade-off for us 鈥� for every American and for every communication. In the process, he wants to push the entire Internet in a direction that would be bad for cybersecurity, bad for innovation, bad for our digital economy and bad for global competitiveness. Bad for you. Bad for me. Bad for the Internet.

We shouldn鈥檛 let him.

Kevin Bankston is the director of New America's Open Technology Institute, a nonprofit technology policy center dedicated to fostering stronger and more open communities by building a stronger and more open Internet. Follow him on Twitter @kevinbankston.