Amid claims by U.S. officials that a “golden key” to all forms of encryption software is necessary to fight terrorism, a
UN Report
released in May asserts that securely encrypted communications among
private citizens aren’t just permissible, but a human right. The
report’s author, UC Irvine professor David Kaye, notes the problem of
creating a weakness in all encryption systems for the U.S. government
due to the high probability that any “golden key” access will likely end
up in the hands of foreign governments and hackers, making the
encryption useless.
Kaye’s pragmatic argument is valid, and popular among cryptographers
and privacy advocates. But this argument doesn’t go far enough. Denying
governments the right to crack encryption isn’t just defensible on
pragmatic grounds. Encryption is a vital tool to prevent abuses of power
since even the most benevolent governments have proven untrustworthy
and unlikely to ensure the protection of rights when their interests
fail to align with those of the governed.
State actors tend to subordinate the right of privacy to the
expansion of their own information gathering. Regardless of states’
procedures designed to ensure individual rights are protected, the
unchecked expansion of invasive capabilities that they naturally pursue
indicate that there may be fundamental flaws in the democratic model.
Air-tight encryption may be the only reliable antidote.
Privacy is a Natural Right
As libertarian scholar
Michael Rozeff notes:
The origin of privacy is social
necessity. Social cooperation and interaction, freely given, depend on
it. Speech depends on it. Not being fearful depends on it. Operating as
an autonomous person depends on it. No one can operate at all well
without feeling that he can take a walk or a drive or say something in
privacy, unmonitored by a State agency. To be monitored in all forms of
private activities is a form of imprisonment! One may roam, but one is
constantly under guard and subject to State intrusions.
As Rozeff indicates, a society that lacks the ability to communicate
privately does not have free-thinking, autonomous individuals. It is
populated by something more akin to inmates who have surrendered their
sovereignty to the state and live in a tightly controlled environment
where freedoms only exist at the discretion of administrators. A life
where every action is taken looking over one’s shoulder doesn’t lend
itself to building trust, social progress, or otherwise growing a free
society. The technical limitations imposed on states are among the least
celebrated guarantors of human liberty; imperfect control of
information forces states to build consensus and leaves them less able
to establish totalitarian systems.
Privacy is an essential component of human liberty, but the United
States Supreme Court has taken a half-hearted approach to protecting it.
Constitutional law considers privacy highly contextual, and allow for
tradeoffs between personal privacy and “public interests.” Currently,
the standard set in 1967 by
Katz v. United States
establishes that a privacy right exists in a certain situation if it
can be reasonably expected, and if society agrees that this expectation
is reasonable. Subsequent rulings have affirmed this standard up through
this year.
This is problematic in our densely interconnected world, since there
isn’t broad agreement on what type of communication qualifies, nor a
broad understanding of how technology works. The end result has been a
Byzantine mess of case law leaving a trail of injustice in its wake, and
a global surveillance apparatus that takes advantage of the confusion
by growing its power in secret.
Elevating the right of privacy to that of a natural right protects
the act of communication itself and ensures it is not dependent on
ever-shifting context, according to NYU legal scholar Richard Epstein.
Epstein
notes
that “a natural right is defined as an independent right not contingent
on any situational or environmental factors. If privacy is a natural
right, that right would apply to both the real and online worlds,
equally to employees, students, library users, browsers, and consumers.”
The contextual approach approved by the Supreme Court means “an
individual’s right to privacy waxes and wanes based on what one is
doing.”
The Snowden leaks in June 2013 revealed that the U.S. and its allies are
disinterested
in restraining themselves with warrants and Constitutional principles.
This makes the “contextual” standard even more complicated, since
individuals can now expect that they may well have no privacy rights at
all. To prevent the right to privacy’s diminution into some curious
historical artifact, a broad-based natural rights standard clearly makes
more sense.
Constitutional law can only provide so many answers, and only within a
framework of specific precedents. But if we consider that a person has a
natural, rather than a contextual right to protect their communication
or other information, it follows that a person has the right to defend
their privacy with whatever tools are available, regardless of the needs
of the state. Only air-tight encryption takes the burden of enforcement
away from the state and enables the individual to defend his or her own
natural right to privacy.
Governments Obey Incentives, Not Laws
The Snowden leaks proved that individuals must take responsibility
for their own privacy by revealing an inherent problem at the heart of
constitutional government. By revealing the inner workings of the
surveillance state, the leaks showed us governments don’t obey
constitutions or laws, per se. Like the rest of us mere mortals, state
actors obey incentives. The FISA Act shows that Congress defers heavily
to state power and seems mostly
unconcerned
with privacy rights. This helped to create a culture of apathy for
privacy protection within the secretive administration of spying
programs as well. One
former FISA judge even said the FISA Court “has turned into something like an administrative agency,” rather than a proper court.
Given public ignorance, there seems to have been
little incentive for legislators
to keep a close eye on the NSA or develop a thorough understanding of
the technology it employed. Where incentives are weak, government agents
are unlikely to restrain their own behavior. And incentives for
government actors to self-restrain are especially absent in the
cloak-and-dagger world of “national security.” With incentives lacking,
“going dark” and denying the state access to encrypted data seems the
only reasonable protection.
Even if some democratic governments make a sincere attempt to follow
their own laws, they will likely find themselves at a tactical
disadvantage against more oppressive governments. As
The Atlantic
recently noted, “this new world is significantly imbalanced in favor of
non-democratic nations — not because authoritarian states are more
technologically sophisticated than their democratic counterparts, but
because they are more institutionally flexible, opaque, unaccountable,
and often corrupt.” The asymmetric nature of cyberwarfare means that
even less oppressive states are likely to internally rationalize that
violating privacy rights is necessary to battling spies, hackers,
terrorists and other offenders.
In this context, it is clear that a
golden key
is a nuclear weapon against privacy; it ensures the state has the
ability to violate privacy broadly and indiscriminately, without
separating the innocent from the guilty. A key that opens every safe
means that no safe can ever be secure from illegal search and seizure,
given the impossibility of ensuring that governments will obey their own
laws when acting under the veil of “national security” secrecy. This
has already been shown in a number of instances, such as the secret
infection of PCs all over the world with
spyware.
Any government that restrained its own use of the golden key would be
at a tactical disadvantage, and would thus find itself in an
unsustainable position.
Encryption is Power
Encryption is, at its core, a form of counter-power. It is a sword
that can be wielded against an oppressor to expose its most nefarious
activities, and a shield against injustice, able to protect a defendant
against a meatgrinder justice system. Encryption protects information
and buys the owner of that information options, time, leverage and
influence. Encryption has become an essential tool of individual
sovereignty, much like the printing press was for previous generations.
We have all heard the adage “knowledge is power.” In previous
centuries, access to knowledge was tightly controlled by the clergy and
state officials. In the Information Age, the ability to control access
to knowledge ensures the empowerment of the individual even when the
interests of the state are opposed. This is changing the relationship
between the state and the individual in remarkable ways. In the past,
the government could access virtually any information that you didn’t
destroy or hide effectively. They could get a warrant and break into
your home within a few minutes; if you had an extra-sturdy safe, they
could smash their way in within a few hours or days. Governments around
the world knew that escalation of force will get them what they want,
sooner or later.
But that era ends with perfect encryption.
AES-256
cannot currently be breached without the keys, no matter how much
processing power a government agency commands. For perhaps the first
time ever, an individual may, at will, keep any government in the world
out of his private business with the ease and simplicity of logging into
an email account. If the state knows information it wants is
inaccessible, it must
change course and negotiate, putting the owner in a new-found position of power.
The state would have you believe governance is merely the imposition
of authority: You commit a crime, there is an penalty on the books that
will be carried out that you have little control over. If you fail to
claim certain income on your taxes, you owe a certain penalty. But it
may be more accurate to say governance is a negotiation process by which
government and governed come to an agreement according to their
relative power positions. The state has imperfect knowledge and limited
resources. It is sclerotic and bureaucratic. Given its limitations, it
must under some conditions negotiate with those who break its rules —
criminals, lawyers, whistleblowers, journalists, hackers, foreign
states– in order to maintain legitimacy. As Wall Street bankers
know, having leverage against the state can keep you out of prison. That leverage can also keep activists safe from abuses of power.
Once it’s written, encryption doesn’t respond to poorly written laws,
corrupt judges, mad dictators, overzealous prosecutors, or racist cops.
It is unconcerned with human failings and follows only mathematical
laws. This might mean that terrible people will have the same
protection, just as criminals and terrorists all use telephones, cars
and other available technologies. But encryption programming is a
language that can be learned by anyone. Even if every encryption
standard in the world were banned or back-doored, any reasonably
sophisticated criminal or terrorist organization would write their own.
Encryption is the Future of Freedom
Twenty years in, The Digital Age has personal autonomy perched on a
razor’s edge. The way we treat privacy today will have repercussions in
the future. An oppressive surveillance society is one possibility. But
if we fully realize the potential in the tools we have to overcome
centralized power, we can create a world where the vision of individual
sovereignty philosophers have been developing since the days of
Aristotle comes closer to reality than they had ever dreamed.
Evolving technology forces a real philosophical debate about rights,
and should lead us to properly re-evaluate its role in our lives. The
NSA has voiced fears about large swaths of the web “going dark” due to
uncrackable encryption, providing safe haven to terrorists. Their
concern is reasonable. But the alternative is a world where governments
expand their power with near-impunity. Most state surveillance agencies
would likely consider themselves virtually unstoppable, and the
near-total reach of the global surveillance apparatus could change the
relationship between man and state in horrifying ways. A well-funded,
technologically proficient, opaque security state can do far more damage
to liberty than any terrorist.
Governments do not have a right to see every communication on the
web. They are endowed with police powers by individuals, who are the
only holders of rights, in order to provide for the common good, at
least in theory. Natural rights, by definition, exist whether
governments recognize them or not, and in some cases must be defended in
ways that contradict government interests. Even if the battle against
terrorism, drug cartels, hackers, spies or other criminals becomes more
difficult, “going dark” remains the right of all human beings.
[Published at the Center for a Stateless Society, Sep. 12, 2015]