Search This Blog

Sunday, September 13, 2015

The Natural Right of Flawless Encryption

Amid claims by U.S. officials that a “golden key” to all forms of encryption software is necessary to fight terrorism, a UN Report released in May asserts that securely encrypted communications among private citizens aren’t just permissible, but a human right. The report’s author, UC Irvine professor David Kaye, notes the problem of creating a weakness in all encryption systems for the U.S. government due to the high probability that any “golden key” access will likely end up in the hands of foreign governments and hackers, making the encryption useless.

Kaye’s pragmatic argument is valid, and popular among cryptographers and privacy advocates. But this argument doesn’t go far enough. Denying governments the right to crack encryption isn’t just defensible on pragmatic grounds. Encryption is a vital tool to prevent abuses of power since even the most benevolent governments have proven untrustworthy and unlikely to ensure the protection of rights when their interests fail to align with those of the governed.

State actors tend to subordinate the right of privacy to the expansion of their own information gathering. Regardless of states’ procedures designed to ensure individual rights are protected, the unchecked expansion of invasive capabilities that they naturally pursue indicate that there may be fundamental flaws in the democratic model. Air-tight encryption may be the only reliable antidote.

Privacy is a Natural Right

As libertarian scholar Michael Rozeff notes:

The origin of privacy is social necessity. Social cooperation and interaction, freely given, depend on it. Speech depends on it. Not being fearful depends on it. Operating as an autonomous person depends on it. No one can operate at all well without feeling that he can take a walk or a drive or say something in privacy, unmonitored by a State agency. To be monitored in all forms of private activities is a form of imprisonment! One may roam, but one is constantly under guard and subject to State intrusions.

As Rozeff indicates, a society that lacks the ability to communicate privately does not have free-thinking, autonomous individuals. It is populated by something more akin to inmates who have surrendered their sovereignty to the state and live in a tightly controlled environment where freedoms only exist at the discretion of administrators. A life where every action is taken looking over one’s shoulder doesn’t lend itself to building trust, social progress,  or otherwise growing a free society. The technical limitations imposed on states are among the least celebrated guarantors of human liberty; imperfect control of information forces states to build consensus and leaves them less able to establish totalitarian systems.

Privacy is an essential component of human liberty, but the United States Supreme Court has taken a half-hearted approach to protecting it. Constitutional law considers privacy highly contextual, and allow for tradeoffs between personal privacy and “public interests.” Currently, the standard set in 1967 by Katz v. United States establishes that a privacy right exists in a certain situation if it can be reasonably expected, and if society agrees that this expectation is reasonable. Subsequent rulings have affirmed this standard up through this year.

This is problematic in our densely interconnected world, since there isn’t broad agreement on what type of communication qualifies, nor a broad understanding of how technology works. The end result has been a Byzantine mess of case law leaving a trail of injustice in its wake, and a global surveillance apparatus that takes advantage of the confusion by growing its power in secret.

Elevating the right of privacy to that of a natural right protects the act of communication itself and ensures it is not dependent on ever-shifting context, according to NYU legal scholar Richard Epstein. Epstein notes that “a natural right is defined as an independent right not contingent on any situational or environmental factors. If privacy is a natural right, that right would apply to both the real and online worlds, equally to employees, students, library users, browsers, and consumers.” The contextual approach approved by the Supreme Court means “an individual’s right to privacy waxes and wanes based on what one is doing.”

The Snowden leaks in June 2013 revealed that the U.S. and its allies are disinterested in restraining themselves with warrants and Constitutional principles. This makes the “contextual” standard even more complicated, since individuals can now expect that they may well have no privacy rights at all. To prevent the right to privacy’s diminution into some curious historical artifact, a broad-based natural rights standard clearly makes more sense.

Constitutional law can only provide so many answers, and only within a framework of specific precedents. But if we consider that a person has a natural, rather than a contextual right to protect their communication or other information, it follows that a person has the right to defend their privacy with whatever tools are available, regardless of the needs of the state. Only air-tight encryption takes the burden of enforcement away from the state and enables the individual to defend his or her own natural right to privacy.

Governments Obey Incentives, Not Laws

The Snowden leaks proved that individuals must take responsibility for their own privacy by revealing an inherent problem at the heart of constitutional government. By revealing the inner workings of the surveillance state, the leaks showed us governments don’t obey constitutions or laws, per se. Like the rest of us mere mortals, state actors obey incentives. The FISA Act shows that Congress defers heavily to state power and seems mostly unconcerned with privacy rights. This helped to create a culture of apathy for privacy protection within the secretive administration of spying programs as well. One former FISA judge even said the FISA Court “has turned into something like an administrative agency,” rather than a proper court.

Given public ignorance, there seems to have been little incentive for legislators to keep a close eye on the NSA or develop a thorough understanding of the technology it employed. Where incentives are weak, government agents are unlikely to restrain their own behavior. And incentives for government actors to self-restrain are especially absent in the cloak-and-dagger world of “national security.” With incentives lacking, “going dark” and denying the state access to encrypted data seems the only reasonable protection.

Even if some democratic governments make a sincere attempt to follow their own laws, they will likely find themselves at a tactical disadvantage against more oppressive governments. As The Atlantic recently noted, “this new world is significantly imbalanced in favor of non-democratic nations — not because authoritarian states are more technologically sophisticated than their democratic counterparts, but because they are more institutionally flexible, opaque, unaccountable, and often corrupt.” The asymmetric nature of cyberwarfare means that even less oppressive states are likely to internally rationalize that violating privacy rights is necessary to battling spies, hackers, terrorists and other offenders.

In this context, it is clear that a golden key is a nuclear weapon against privacy; it ensures the state has the ability to violate privacy broadly and indiscriminately, without separating the innocent from the guilty. A key that opens every safe means that no safe can ever be secure from illegal search and seizure, given the impossibility of ensuring that governments will obey their own laws when acting under the veil of “national security” secrecy. This has already been shown in a number of instances, such as the secret infection of PCs all over the world with spyware. Any government that restrained its own use of the golden key would be at a tactical disadvantage, and would thus find itself in an unsustainable position.

Encryption is Power

Encryption is, at its core, a form of counter-power. It is a sword that can be wielded against an oppressor to expose its most nefarious activities, and a shield against injustice, able to protect a defendant against a meatgrinder justice system. Encryption protects information and buys the owner of that information options, time, leverage and influence. Encryption has become an essential tool of individual sovereignty, much like the printing press was for previous generations.

We have all heard the adage “knowledge is power.” In previous centuries, access to knowledge was tightly controlled by the clergy and state officials. In the Information Age, the ability to control access to knowledge ensures the empowerment of the individual even when the interests of the state are opposed. This is changing the relationship between the state and the individual in remarkable ways. In the past, the government could access virtually any information that you didn’t destroy or hide effectively. They could get a warrant and break into your home within a few minutes; if you had an extra-sturdy safe, they could smash their way in within a few hours or days. Governments around the world knew that escalation of force will get them what they want, sooner or later.

But that era ends with perfect encryption. AES-256 cannot currently be breached without the keys, no matter how much processing power a government agency commands. For perhaps the first time ever, an individual may, at will, keep any government in the world out of his private business with the ease and simplicity of logging into an email account. If the state knows information it wants is inaccessible, it must change course and negotiate, putting the owner in a new-found position of power.

The state would have you believe governance is merely the imposition of authority: You commit a crime, there is an penalty on the books that will be carried out that you have little control over. If you fail to claim certain income on your taxes, you owe a certain penalty. But it may be more accurate to say governance is a negotiation process by which government and governed come to an agreement according to their relative power positions. The state has imperfect knowledge and limited resources. It is sclerotic and bureaucratic. Given its limitations, it must under some conditions negotiate with those who break its rules — criminals, lawyers, whistleblowers, journalists, hackers, foreign states– in order to maintain legitimacy. As Wall Street bankers know, having leverage against the state can keep you out of prison. That leverage can also keep activists safe from abuses of power.

Once it’s written, encryption doesn’t respond to poorly written laws, corrupt judges, mad dictators, overzealous prosecutors, or racist cops. It is unconcerned with human failings and follows only mathematical laws. This might mean that terrible people will have the same protection, just as criminals and terrorists all use telephones, cars and other available technologies. But encryption programming is a language that can be learned by anyone. Even if every encryption standard in the world were banned or back-doored, any reasonably sophisticated criminal or terrorist organization would write their own.

Encryption is the Future of Freedom

Twenty years in, The Digital Age has personal autonomy perched on a razor’s edge. The way we treat privacy today will have repercussions in the future. An oppressive surveillance society is one possibility. But if we fully realize the potential in the tools we have to overcome centralized power, we can create a world where the vision of individual sovereignty philosophers have been developing since the days of Aristotle comes closer to reality than they had ever dreamed.

Evolving technology forces a real philosophical debate about rights, and should lead us to properly re-evaluate its role in our lives. The NSA has voiced fears about large swaths of the web “going dark” due to uncrackable encryption, providing safe haven to terrorists. Their concern is reasonable. But the alternative is a world where governments expand their power with near-impunity. Most state surveillance agencies would likely consider themselves virtually unstoppable, and the near-total reach of the global surveillance apparatus could change the relationship between man and state in horrifying ways. A well-funded, technologically proficient, opaque security state can do far more damage to liberty than any terrorist.

Governments do not have a right to see every communication on the web. They are endowed with police powers by individuals, who are the only holders of rights, in order to provide for the common good, at least in theory. Natural rights, by definition, exist whether governments recognize them or not, and in some cases must be defended in ways that contradict government interests. Even if the battle against terrorism, drug cartels, hackers, spies or other criminals becomes more difficult, “going dark” remains the right of all human beings.

[Published at the Center for a Stateless Society, Sep. 12, 2015]

No comments:

Post a Comment