Encryption Advantage - HSS 2015

Notes/Explanation
This is an advantage stem that can be read with the Surveillance State Repeal Act and Secure Data Act
affirmatives (and others that we havent worked on yet). It accesses many of the other impact areas that
we have developed in other advantage files. This file contains the internal link stem for the advantage; the
impact scenarios are found in other advantage files and the solvency cards for a particular plan are found
in that affirmative file.
1AC Options
1AC Encryption Advantage Stem

Contention __ is Encryption
First, U.S. government attacks on encryption leave everyone
vulnerable, jeopardizing privacy and data security. There is no
such thing as a good guys only backdoor.
Doctorow 14 Cory Doctorow, journalist and science fiction author, Co-Editor of Boing Boing,
Fellow at the Electronic Frontier Foundation, former Canadian Fulbright Chair for Public Diplomacy at the
Center on Public Diplomacy at the University of Southern California, recipient of the Electronic Frontier
Foundations Pioneer Award, 2014 (Crypto wars redux: why the FBI's desire to unlock your private life
must be resisted, The Guardian, October 9th, Available Online at
http://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-the-fbis-desire-to-unlock-yourprivate-life-must-be-resisted, Accessed 06-24-2015)
Holder, the outgoing US attorney general, has joined the FBI and other law
enforcement agencies in calling for the security of all computer
systems to be fatally weakened. This isnt a new project the idea has been around since
Eric
the early 1990s, when the NSA classed all strong cryptography as a munition and regulated civilian use
of it to ensure that they had the keys to unlock any technological countermeasures you put around your
data.
In 1995, the Electronic Frontier Foundation won a landmark case establishing that code was a form of
protected expression under the First Amendment to the US constitution, and since then, the whole world
has enjoyed relatively unfettered access to strong crypto.
How strong is strong crypto? Really, really strong. When properly

implemented and secured by relatively long keys, cryptographic
algorithms can protect your data so thoroughly that all the computers
now in existence, along with all the computers likely to ever be
created, could labour until the sun went nova without uncovering the
keys by brute force ie trying every possible permutation of password.
The crypto wars of the early 1990s were fuelled by this realisation that
computers were changing the global realpolitik in an historically unprecedented way. Computational
crypto made keeping secrets exponentially easier than breaking
secrets, meaning that, for the first time in human history, the ability for
people without social or political power to keep their private lives truly
private from governments, police, and corporations was in our grasp.
The arguments then are the arguments now. Governments invoke the
Four Horsemen of the Infocalypse (software pirates, organised
crime, child pornographers, and terrorists) and say that unless they
can decrypt bad guys hard drives and listen in on their conversations,
law and order is a dead letter.
On the other side, virtually every security and cryptography expert
tries patiently to explain that theres no such thing as a back door
that only the good guys can walk through (hat tip to Bruce Schneier). Designing
a computer that bad guys cant break into is impossible to
reconcile with designing a computer that good guys can break into.
If you give the cops a secret key that opens the locks on your
computerised storage and on your conversations, then one day, people
who arent cops will get hold of that key, too. The same forces that led to bent cops
selling out the publics personal information to Glen Mulcaire and the tabloid press will cause those cops
successors to sell out access to the worlds computer systems, too, only the numbers of people who are
interested in these keys to the (United) Kingdom will be much larger, and theyll have more money, and
theyll be able to do more damage.
Thats really the argument in a nutshell. Oh, we can talk about whether the
danger is as grave as the law enforcement people say it is, point out that
only a tiny number of criminal investigations run up against
cryptography, and when they do, these investigations always find
another way to proceed. We can talk about the fact that a ban in the
US or UK wouldnt stop the bad guys from getting perfect crypto from
one of the nations that would be able to profit (while US and UK business suffered)
by selling these useful tools to all comers. But thats missing the point:
even if every crook was using crypto with perfect operational security,
the proposal to back-door everything would still be madness.
Because your phone isnt just a tool for having the odd conversation with
your friends nor is it merely a tool for plotting crime though it does duty in both cases. Your
phone, and all the other computers in your life, they are your digital
nervous system. They know everything about you. They have
cameras, microphones, location sensors. You articulate your social
graph to them, telling them about all the people you know and how you know them. They are
privy to every conversation you have. They hold your logins and
passwords for your bank and your solicitors website; theyre used to chat to your therapist and the
STI clinic and your rabbi, priest or imam.
That device tracker, confessor, memoir and ledger should be

designed so that it is as hard as possible to gain unauthorised
access to. Because plumbing leaks at the seams, and houses leak at the doorframes, and lie-lows lose
air through their valves. Making something airtight is much easier if it doesnt
have to also allow the air to all leak out under the right circumstances.
There is no such thing as a vulnerability in technology that can only
be used by nice people doing the right thing in accord with the rule of
law. The existing back doors in network switches, mandated under US laws
such as CALEA, have become the go-to weak-spot for cyberwar and
industrial espionage. It was Googles lawful interception backdoor that let the Chinese
government raid the Gmail account of dissidents. It was the lawful interception backdoor in Greeces
national telephone switches that let someone identity still unknown listen in on the Greek Parliament
and prime minister during a sensitive part of the 2005 Olympic bid (someone did the same thing the next
year in Italy).
The most shocking Snowden revelation wasnt the mass spying (we already
knew about that, thanks to whistleblowers like Mark Klein, who spilled the beans in 2005). It was the
fact that the UK and US spy agencies were dumping
$250,000,000/year into sabotaging operating systems, hardware, and
standards, to ensure that they could always get inside them if they
wanted to. The reason this was so shocking was that these spies were
notionally doing this in the name of national security but they were
dooming everyone in the nation (and in every other nation) to using
products that had been deliberately left vulnerable to attack by
anyone who independently discovered the sabotage.
There is only one way to make the citizens of the digital age secure,
and that is to give them systems designed to lock out everyone
except their owners. The police have never had the power to listen
in on every conversation, to spy upon every interaction. No system

that can only sustain itself by arrogating these powers can possibly
be called just.
Second, these government programs are an attack on
encryption itself. The damage is done even if agencies dont
abuse backdoors.
Gillmor 14 Dan Gillmor, Director of the Knight Center for Digital Media Entrepreneurship at the
Walter Cronkite School of Journalism and Mass Communication at Arizona State University, Fellow at the
Berkman Center for Internet & Society at Harvard University, recipient of the Electronic Frontier
Foundations Pioneer Award, 2014 (Law Enforcement Has Declared War on Encryption It Cant Break,
Future Tensea Slate publication, October 1st, Available Online at
http://www.slate.com/blogs/future_tense/2014/10/01/law_enforcement_has_declared_war_on_encryption_it_
can_t_break.html, Accessed 06-24-2015)
Suppose two suspected criminals happened to be the last two people

on Earth who could understand and speak a certain language. Would
law enforcement argue that they should only be permitted to speak in
a language that others could understand?
That's an imperfect but still useful analogy to a "debate" now taking place in
American policy circles, as law enforcement reminds us that it will never
be satisfied until it can listen in on everything we say and read
everything we createin real time and after the fact.
The spark for this latest tempest is Apple's announcement that iPhones
will henceforth be encrypted by default. Data on the device will be locked with a key
that only the phone user controls, not Apple. Meanwhile, Google's Android operating system
which, unlike Apple's iOS, has offered this functionality for several years now as an option will also
make device encryption the default setting in its next version.
Attorney General Eric Holder and FBI Director James Comey are leading the
how-dare-you chorus, with close harmony from the usual authoritarian
acolytes. Their goal can't only be to get Apple and Google to roll back this latest move, because as
many people have pointed out, almost all of what people keep on their phones is also stored in various
corporate cloud computers that law enforcement can pry open in a variety of ways, including a subpoena,
secret order in alleged national security cases, or outright hacking.
This is the launch of the latest, and

most alarming, attack on the idea of encryption itselfor at least
encryption the government can't easily crack. In particular, as the latest push to control
crypto makes clear, law enforcement wants so-called back doors into
users' devices: technology that users can't thwart, just in case the
police want to get in.
No, the longer-range objective seems plain enough.
Never mind that Congress has already said it doesnt expect communications providers to provide such
capabilities in most cases. Here's relevant language from the law:
A telecommunications carrier shall not be responsible for decrypting, or ensuring the
governments ability to decrypt, any communication encrypted by a subscriber or customer,
unless the encryption was provided by the carrier and the carrier possesses the information
necessary to decrypt the communication.
What's discouraging to people who believe in digital securitythat is,

security for our devices and our communications from criminals, business
competitors, and government spies who flout the Constitution, among
othersis law enforcement's disconnection from the reality that back
doors increase vulnerability. University of Pennsylvania researcher and
security expert Matt Blaze put it this way: Crypto backdoors are
dangerous even if you trust the government not to abuse them. We
simply don't know how to build them reliably.
The hackers of the worldcriminals, foreign governments, you name itwill be thrilled
if Holder, Comey and the no-privacy-for-you backup singers get their
way.
The other, even worse, disconnect is the implicit notion that there is no
measure we shouldnt take to guarantee our ability to stop and punish
crime. The Constitution, and especially the Bill of Rights, says we do take
some additional risks in order to have liberty. Why have we become so
paranoid and fearful as a society that wed even entertain the notion
that civil liberties mean next to nothing in the face of our fear?
[Insert Impact Module(s) and Solvency Card(s)]
1AC Long Open Letter Card

[If reading this impact, plug-in the relevant terminal impact
cards.]
U.S. government attacks on encryption decimate
cybersecurity, crush tech industry competitiveness, and
undermine global Internet freedom.
Open Letter 15 An Open Letter to President Obama co-signed by 36 civil society organizations
(including the American Civil Liberties Union, Electronic Frontier Foundation, Electronic Privacy Information
Center, and the Free Software Foundation), 48 technology companies and trade associations (including
Apple, Facebook, Google, Microsoft, and Yahoo), and 58 security and policy experts (including Jacob
Applebaum, Eric Burger, Joan Feigenbaum, and Bruce Schneier), the full list of signatories is available upon
request under the FYI: Open Letter To Obama header, 2015 (Open Letter to Obama, May 19 th, Available
Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 1-2)
We the undersigned represent a wide variety of civil society organizations

dedicated to protecting civil liberties, human rights, and innovation
online, as well as technology companies, trade associations, and
security and policy experts. We are writing today to respond to recent statements by some
Administration officials regarding the deployment of strong encryption technology in the
devices and services offered by the U.S. technology industry. Those officials have suggested that
American companies should refrain from providing any products that
are secured by encryption, unless those companies also weaken their
security in order to maintain the capability to decrypt their customers
data at the governments request. Some officials have gone so far as
to suggest that Congress should act to ban such products or mandate
such capabilities.
We urge you to reject any proposal that U.S. companies deliberately
weaken the security of their products. We request that the White
House instead focus on developing policies that will promote rather
than undermine the wide adoption of strong encryption technology.
Such policies will in turn help to promote and protect cybersecurity,
economic growth, and human rights, both here and abroad.
Strong encryption is the cornerstone of the modern information
economys security. Encryption protects billions of people every day
against countless threatsbe they street criminals trying to steal our phones and
laptops, computer criminals trying to defraud us, corporate spies trying to obtain our
companies most valuable trade secrets, repressive governments trying to stifle dissent, or
foreign intelligence agencies trying to compromise our and our allies most sensitive national
security secrets.
Encryption thereby protects us from innumerable criminal and

national security threats. This protection would be undermined by
the mandatory insertion of any new vulnerabilities into encrypted
devices and services. Whether you call them front doors or back doors, introducing
intentional vulnerabilities into secure products for the governments
use will make those products less secure against other attackers.
Every computer security expert that has spoken publicly on this
issue agrees on this point, including the governments own

experts.
In addition to undermining cybersecurity, any kind of vulnerability
mandate would also seriously undermine our economic security.
U.S. companies are already struggling to maintain international
trust in the wake of revelations about the National Security Agencys
surveillance programs. Introducing mandatory vulnerabilities into
American products would further push many customersbe they
domestic or international, [end page 1] individual or institutionalto turn
away from those compromised products and services. Instead, they
and many of the bad actors whose behavior the government is hoping to
impactwill simply rely on encrypted offerings from foreign
providers, or avail themselves of the wide range of free and open
source encryption products that are easily available online.
More than undermining every Americans cybersecurity and the
nations economic security, introducing new vulnerabilities to weaken
encrypted products in the U.S. would also undermine human rights and
information security around the globe. If American companies
maintain the ability to unlock their customers data and devices on
request, governments other than the United States will demand the
same access, and will also be emboldened to demand the same
capability from their native companies. The U.S. government, having
made the same demands, will have little room to object. The result
will be an information environment riddled with vulnerabilities that
could be exploited by even the most repressive or dangerous regimes.
Thats not a future that the American people or the people of the world
deserve.
The Administration faces a critical choice: will it adopt policies that
foster a global digital ecosystem that is more secure, or less? That
choice may well define the future of the Internet in the 21st century.
When faced with a similar choice at the end of the last century, during the socalled Crypto Wars, U.S. policymakers weighed many of the same concerns
and arguments that have been raised in the current debate, and correctly concluded
that the serious costs of undermining encryption technology
outweighed the purported benefits. So too did the Presidents Review
Group on Intelligence and Communications Technologies, who
unanimously recommended in their December 2013 report that the US
Government should (1) fully support and not undermine efforts to
create encryption standards; (2) not in any way subvert, undermine,
weaken, or make vulnerable generally available commercial software;
and (3) increase the use of encryption and urge US companies to do so,
in order to better protect data in transit, at rest, in the cloud, and in
other storage.
We urge the Administration to follow the Review Groups
recommendation and adopt policies that promote rather than
undermine the widespread adoption of strong encryption
technologies, and by doing so help lead the way to a more secure,

prosperous, and rights-respecting future for America and for the world.
1AC Short Open Letter Card

[If reading this impact, plug-in the relevant terminal impact
cards.]
U.S. government attacks on encryption hurt cybersecurity, the
economy, and human rights.
Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 1)
We the undersigned represent a wide variety of civil society organizations

dedicated to protecting civil liberties, human rights, and innovation
online, as well as technology companies, trade associations, and
security and policy experts. We are writing today to respond to recent statements by some
Administration officials regarding the deployment of strong encryption technology in the
devices and services offered by the U.S. technology industry. Those officials have suggested that
American companies should refrain from providing any products that
are secured by encryption, unless those companies also weaken their
security in order to maintain the capability to decrypt their customers
data at the governments request. Some officials have gone so far as
to suggest that Congress should act to ban such products or mandate
such capabilities.
We urge you to reject any proposal that U.S. companies deliberately
weaken the security of their products. We request that the White
House instead focus on developing policies that will promote rather
than undermine the wide adoption of strong encryption technology.
Such policies will in turn help to promote and protect cybersecurity,
economic growth, and human rights, both here and abroad.
1AC Civil Liberties Module

[If reading this impact, plug-in appropriate terminal impacts
privacy, journalism, bigotry, etc.]
Encryption is a fundamental human right. Without it, privacy
and freedom of speech are impossible.
ONeill 14 Patrick Howell O'Neill, Reporter who covers the future of the internet for The Daily Dot
the hometown newspaper of the internet, 2014 (Encryption shouldnt just be an election issueit
should be a human right, Kernel Magazine, October 19th, Available Online at
http://kernelmag.dailydot.com/issue-sections/staff-editorials/10587/encryption-humanright/#sthash.zpesaOpG.dpuf, Accessed 06-24-2015)
We are all born with certain inalienable rights. Now, the notion of free speechcore
to the entire idea of human rightsmust be constantly re-examined in the face of a rapidly changing world
where the most important speech increasingly takes place on the Internet.
Free speech isnt merely about the abstract idea of saying whatever you want. Its
the freedom to speak, ask questions, and seek knowledge without
anyone, hidden or otherwise, looking over your shoulder. In the digital age,
free speech is about being able to use the Internet unmolested by the
greedy eyes of corporations with incentive to sell your personal data,
hackers wanting to steal or destroy it, and massive regimes collecting
it all.
Everything a person does online is saved as data. The messages you
send, the websites you look at, the files you save are all data that can
live on forever. The only way to protect your most personal datayour
location, credit card numbers, political thoughts, medical queries, and everything else you do on a phone,
tablet, or computerfrom
malicious spying eyes is through encryption.

Thats why encryption should be considered a human right.
Modern encryptionat its core, really good mathematics that make it possible to protect your data so that
no computer can decrypt it without your go aheadis legally protected by a 1995 American court decision
that declared computer code constitutionally protected free speech. But many of the worlds top cops
continue to demonize encryption, saying it will inevitably enable and immunize criminals on massive
scales.
Criticisms of encryption coming from corners of power are louder now

than theyve been in two decades. Earlier this week, James B. Comey, director of the
Federal Bureau of Investigation (FBI), said that law enforcement agencies should have access to encrypted
communications, because the law hasnt kept pace with technology, and this disconnect has created a
significant public safety problem. He believes Apples new smartphone encryption puts its users beyond
the law.
What is bound to be one of the great political issues of this century is

only now beginning to enter the mainstream in a clear way. One day in
the not-too-distant future, cryptography will be an election issue.
Prominent politicians will debate louder than ever about privacy and
secrecy while voterseven moms and dadswill cast ballots with strong
encryption on their minds.
Thats not to say the debate hasnt already begun. The war over encryption is four
decades old. It dates back to the 1970s when a new invention called public key cryptography
definitively broke the governments monopoly on secrets. All of sudden, using free software that utilized
clever mathematics and powerful cryptography, normal people were able to keep data private from even
the most powerful states on the planet.
The war over encryptionmost notably the so-called crypto wars of the 1990ssaw the
American government try to make strong encryption a military-grade
weapon in the eyes of the law. Opposed chiefly by the Electronic Frontier
Foundation, courts declared computer code to be free speech and said the
governments regulations were unconstitutional.
Despite the landmark legal victory, the war over encryption has
continued to this day.
John J. Escalante, chief of detectives for the Chicago Police Department, has
called encryption mostly a tool of pedophilesa claim thats
disingenuous and misleading, if not outright dangerous. For one thing, many
city and federal police agents use encryption tools regularly, and
encryption stymied a total of nine police investigations last year. There
are plenty of ways to investigate crimes involving cryptography that
dont involve banning or curtailing it.
Theres no denying that these tools have some very ugly users.
However, for the few billion of us who want to keep our digital lives
private from unwanted eavesdroppers and hackers, being forcefully
grouped in with terrorists and pedophiles is a hard insult to stomach.
Encryption works to protect youand everyone elseonline. More than
that, its the best protection you have. There are simply no other
options that can compare.
If, for some reason, you assume a hack will never happen to you, let me give
you some perspective on the current state of digital security. 2014 is known in
information technology circles as the year of the breach because it has
boasted some of the biggest hacks in history. 2013 had a nickname
too: The year of the breach. Come to think of it, 2012 was called something
eerily similar: The year of the breach.
2011? You get the idea.
This isnt merely one year of massive security breaches, its an era of
profound digital insecurity in which sensitive personal datathe
information that can be put together to add up to a startlingly complete picture of our lives and thoughts
is under attack by criminals, corporations, and governments whose

sophistication, budget, and drive is only growing.
Consider the following, put forth by Eben Moglen, a law professor at Columbia University, in 2010:
Facebook
holds and controls more data about the daily lives and social
interactions of half a billion people than 20th-century totalitarian
governments ever managed to collect about the people they
surveilled.
The Internets architecture has also made it possible for businesses and
governments to fill giant data vaults with the ore of human existence
the appetites, interests, longings, hopes, vanities, and histories of
people surfing the Internet, often unaware that every one of their clicks
is being logged, bundled, sorted, and sold to marketers, the New York Times
journalist Jim Dwyer wrote in his new book, More Awesome Than Money. Together, they
amount to nothing less than a full psyche scan, unobstructed by law or
social mores.
When people like Comey suggest that law enforcement should have a
back door or golden key that allows cops to easily access all
encrypted communication, they are willfully ignoring the reality
shouted to them by the vast majority of the information technology industry.
You cant build a back door that only the good guys can walk
through, cryptographer Bruce Schneier wrote recently. Encryption protects against
cybercriminals, industrial competitors, the Chinese secret police, and
the FBI. Youre either vulnerable to eavesdropping by any of them, or
youre secure from eavesdropping from all of them.
When encryption becomes a campaign issue, thats going to go on the bumper stickers: You either
have real privacy and security for everyone or for no one.
The existing back doors in network switches, mandated under U.S. laws such as
CALEA, have become the go-to weak-spot for cyberwar and industrial
espionage, author Cory Doctorow wrote in the Guardian. It was Googles lawful interception
backdoor that let the Chinese government raid the Gmail account of dissidents. It was the lawful
interception backdoor in Greeces national telephone switches that let someoneidentity still unknown
listen in on the Greek Parliament and prime minister during a sensitive part of the 2005 Olympic bid
(someone did the same thing the next year in Italy).
If, like many Americans, you say you dont mind if the U.S. government
watches what you do online, take a step back and consider the bigger
picture.
The American government is not the only governmentnevermind
other organizationswatching and hacking people on the Internet.
China, Russia, Iran, Israel, the U.K., and every other nation online
decided long ago that cyberspace is a militarized country. All the
states with the necessary resources are doing vast watching and
hacking as well.
Encryption proved a crucial help to protesters during the Arab Spring. It
helps Iranian liberals push against their oppressive theocracy. From
African free speech activists to Chinese pro-democracy organizers to
American cops investigating organized crime, strong encryption saves
lives, aids law enforcement (ironic, huh?), protects careers, and helps
build a more free and verdant world. Journalistscitizen and professional
alikedepend on encryption to keep communications and sources
private from the people and groups they report on, making it
essential to an independent and free press.
The right to privacy, the right to choose what parts of yourself are exposed to the world, was described
over a century ago by the U.S. Supreme Court and held up as an issue of prime importance last year by
U.N. human rights chief Navi Pillay. Its something we all need to worry about.
Lacking good law, privacy is best defended by good technology. You

cannot truly talk about online privacy without talking about encryption.
Thats why many of the worlds biggest tech firms such as Google, Apple, and
Yahoo are adding strong encryption to some of their most popular products.
There is only one way to make the citizens of the digital age secure,
and that is to give them systems designed to lock out everyone except
their owners, Doctorow wrote. The police have never had the power to
listen in on every conversation, to spy upon every interaction. No
system that can only sustain itself by arrogating these powers can
possibly be called just.
In the digital age, encryption is our only guarantee of privacy.
Without it, the ideal of free speech could be lost forever.
1AC Cybersecurity Module

U.S. government attacks on encryption destroy cybersecurity.
Strong encryption is the cornerstone of the modern information

economys security. Encryption protects billions of people every day
against countless threatsbe they street criminals trying to steal our phones and
laptops, computer criminals trying to defraud us, corporate spies trying to obtain our
companies most valuable trade secrets, repressive governments trying to stifle dissent, or
foreign intelligence agencies trying to compromise our and our allies most sensitive national
security secrets.
Encryption thereby protects us from innumerable criminal and

national security threats. This protection would be undermined by
the mandatory insertion of any new vulnerabilities into encrypted
devices and services. Whether you call them front doors or back doors, introducing
intentional vulnerabilities into secure products for the governments
use will make those products less secure against other attackers.
Every computer security expert that has spoken publicly on this
issue agrees on this point, including the governments own
experts.
Cyber attacks are frequent and devastating. Every attack
increases the risk of existential catastrophe.
Nolan 15 Andrew Nolan, Legislative Attorney at the Congressional Research Service, former Trial
Attorney at the United States Department of Justice, holds a J.D. from George Washington University, 2015
(Cybersecurity and Information Sharing: Legal Challenges and Solutions, CRS Report to Congress, March
16th, Available Online at http://fas.org/sgp/crs/intel/R43941.pdf, Accessed 07-05-2015, p. 1-3)
Introduction
Over the course of the last year, a host of cyberattacks have been
perpetrated on a number of high profile American companies. In
January 2014, Target announced that hackers, using malware, had
digitally impersonated one of the retail giants contractors, stealing
vast amounts of dataincluding the names, mailing addresses, phone numbers or email
1
addresses for up to 70 million individuals and the credit card information of 40 million shoppers. 4
Cyberattacks in February and March of 2014 potentially exposed

contact and log-in information of eBays customers, prompting the online retailer
to ask its more than 200 million users to change their passwords. In September, it was
revealed that over the course of five months cyber-criminals tried to
steal the credit card information of more than fifty million shoppers of
the worlds largest home improvement retailer, Home Depot. One month later, J.P.
Morgan Chase, the largest U.S. bank by assets, disclosed that contact
information for about 76 million households was captured in a
5
cyberattack earlier in the year. In perhaps the most infamous cyberattack of

2014, in late November, Sony Pictures Entertainment suffered a significant
system disruption as a result of a brazen cyber attack that resulted
in the leaking of the personal details of thousands of Sony employees.
And in February of 2015, the health care provider Anthem Blue Cross
Blue Shield [end page 1] disclosed that a very sophisticated attack
obtained personal information relating to the companys customers
and employees.
The high profile cyberattacks of 2014 and early 2015 appear to be
indicative of a broader trend: the frequency and ferocity of
cyberattacks are increasing, posing grave threats to the national
interests of the United States. Indeed, the attacks on Target, eBay, Home
Depot, J.P. Morgan-Chase, Sony Pictures, and Anthem were only a few
of the many publicly disclosed cyberattacks perpetrated in 2014 and 2105.
Experts suggest that hundreds of thousands of other entities may have
suffered similar incidents during the same period, with one survey
indicating that 43% of firms in the United States had experienced a data
breach in the past year.14 Moreover, just as the cyberattacks of 2013
which included incidents involving companies like the New York Times,
Facebook, Twitter, Apple, and Microsoft were eclipsed by those that
occurred in 2014, the consensus view is that 2015 and beyond will
witness more frequent and more sophisticated cyber incidents. To
the extent that its expected rise outpaces any corresponding rise in the
ability to defend against such attacks, the result could be troubling
news for countless businesses that rely more and more on computers
in all aspects of their operations, as the economic losses resulting from
a single cyberattack can be extremely costly. And the resulting
effects of a cyberattack can have effects beyond a single companys
bottom line. As nations are becoming ever more dependent on
information and information technology, the threat posed by any one
cyberattack [end page 2] can have devastating collateral and
cascading effects across a wide range of physical, economic
and social systems. With reports that foreign nationssuch as
Russia, China, Iran, and North Koreamay be using cyberspace as a
new front to wage war, fears abound that a cyberattack could be
used to shut down the nations electrical grid, hijack a
commercial airliner, or even launch a nuclear weapon with a
single keystroke.24 In short, the potential exists that the United States
could suffer a cyber Pearl Harbor, an attack that would cause
physical destruction and loss of life and exposein the words of one
prominent cybersecurity expertvulnerabilities of staggering
proportions.
7
10
11
12
13
15
16
17
18
19
20
21
22
23
25
26
Cybersecurity outweighs terrorism.

CSM 14 Christian Science Monitor, 2014 (Feds hacked: Is cybersecurity a bigger threat than
terrorism?, Byline Harry Bruinius, November 10th, Available Online at
http://www.csmonitor.com/USA/2014/1110/Feds-hacked-Is-cybersecurity-a-bigger-threat-than-terrorismvideo, Accessed 07-06-2015)
While the terrestrial fears of terrorism and Ebola have dominated headlines,
American leaders are fretting about what may be even more serious
virtual threats to the nations security.
This year, hundreds of millions of private records have been exposed in an
unprecedented number of cyberattacks on both US businesses and the
federal government.
On Monday, just as President Obama arrived in Beijing to being a week-long summit with regional leaders,
Chinese hackers are suspected to have breached the computer networks of the US Postal Service, leaving
the personal data of more than 800,00 employees and customers compromised, The Washington Post
reports.
The data breach, which began as far back as January and lasted through mid-August, potentially exposed
500,000 postal employees most sensitive personal information, including names, dates of birth, and Social
Security numbers, the Postal Service said in a statement Monday. The data of customers who used the
Postal Services call center from January to August may have also been exposed.
"The FBI is working with the United States Postal Service to determine the nature and scope of this
incident," the federal law enforcement agency said in a statement Monday. Neither the FBI nor the Postal
Service, however, confirmed it was the work of Chinese hackers.
The breach did not expose customer payment or credit card information, the Postal Service said, but
hackers did gain access to its computer networks at least as far back as January. The FBI informed the
Postal Service of the hack in mid-September.
every organization connected to the

Internet is a constant target for cyber intrusion activity, said Postmaster
It is an unfortunate fact of life these days that
General Patrick Donahoe in a statement. The United States Postal Service is no different. Fortunately, we
have seen no evidence of malicious use of the compromised data and we are taking steps to help our
employees protect against any potential misuse of their data.
both intelligence officials and cybersecurity

experts say computer hackers now pose a greater threat to
national security than terrorists.
But the reported breach comes as
Since 2006, cyber-intruders have gained access to the private data of nearly 90 million people in federal
networks, the Associated Press reported in a major investigation published Monday.
Hackers have also accessed 255 million customer records in retail networks during this time, 212 million
customer records in financial and insurance industry servers, as well as 13 million records of those in
educational institutions, the AP reported.
The
increasing number of cyber-attacks in both the public and private

sectors is unprecedented and poses a clear and present danger to
our nations security, wrote Rep. Elijah Cummings (D) of Maryland, ranking member of the
House Committee on Oversight and Government Reform, in a letter to Postmaster General Donahoe on
Monday.
Only strong encryption can preserve cybersecurity.

Kehl et al. 15 Danielle Kehl, Senior Policy Analyst at the Open Technology Institute at the New
America Foundation, holds a B.A. in History from Yale University, with Andi Wilson, Policy Program
Associate at the Open Technology Institute at the New America Foundation, holds a Master of Global Affairs
degree from the Munk School at the University of Toronto, and Kevin Bankston, Policy Director at the Open
Technology Institute at the New America Foundation, former Senior Counsel and Director of the Free
Expression Project at the Center for Democracy & Technology, former Senior Staff Attorney at the
Electronic Frontier Foundation, former Justice William Brennan First Amendment Fellow at the American
Civil Liberties Union, holds a J.D. from the University of Southern California Law School, 2015 (Doomed To
Repeat History? Lessons From The Crypto Wars of the 1990s, Report by the Open Technology Institute at
the New America Foundation, June, Available Online at https://static.newamerica.org/attachments/3407-125/Lessons%20From%20the%20Crypto%20Wars%20of%20the
%201990s.882d6156dc194187a5fa51b14d55234f.pdf, Accessed 07-06-2015, p. 19)
Strong Encryption Has Become A Bedrock Technology That Protects

The Security Of The Internet
The evolution of the ecosystem for encrypted communications has also
enhanced the protection of individual communications and improved
cybersecurity. Today, strong encryption is an essential ingredient in

the overall security of the modern network, and adopting technologies like HTTPS is
increasingly considered an industry best-practice among major technology companies.177 Even the
report of the Presidents Review Group on Intelligence and
Communications Technologies, the panel of experts appointed by
President Barack Obama to review the NSAs surveillance activities after the 2013
Snowden leaks, was unequivocal in its emphasis on the importance of
strong encryption to protect data in transit and at rest. The Review
Group wrote that:
Encryption is an essential basis for trust on the Internet; without
such trust, valuable communications would not be possible.
For the entire system to work, encryption software itself must be
trustworthy. Users of encryption must be confident, and justifiably
confident, that only those people they designate can decrypt
their data. Indeed, in light of the massive increase in cyber-crime
and intellectual property theft on-line, the use of encryption
should be greatly expanded to protect not only data in transit,
but also data at rest on networks, in storage, and in the cloud.178
The report further recommended that the U.S. government should:
Promote security[] by (1) fully supporting and not
undermining efforts to create encryption standards; (2) making
clear that it will not in any way subvert, undermine, weaken, or
make vulnerable generally available commercial encryption; and
(3) supporting efforts to encourage the greater use of encryption
technology for data in transit, at rest, in the cloud, and in
storage.179
1AC Tech Competitiveness Module

U.S. government attacks on encryption destroy tech industry
competitiveness.
Online at https://static.newamerica.org/attachments/3138-113/Encryption_Letter_to_Obama_final_051915.pdf, Accessed 06-29-2015, p. 1-2)
In addition to undermining cybersecurity, any kind of vulnerability

mandate would also seriously undermine our economic security.
U.S. companies are already struggling to maintain international
trust in the wake of revelations about the National Security Agencys
surveillance programs. Introducing mandatory vulnerabilities into
American products would further push many customersbe they
domestic or international, [end page 1] individual or institutionalto turn
away from those compromised products and services. Instead, they
and many of the bad actors whose behavior the government is hoping to
impactwill simply rely on encrypted offerings from foreign
providers, or avail themselves of the wide range of free and open
source encryption products that are easily available online.
Only the plan can restore tech competitiveness. Federal action
is needed.
Castro and McQuinn 15 Daniel Castro, Vice President of the Information Technology and
Innovation Foundationa nonprofit, non-partisan technology think tank, former IT Analyst at the
Government Accountability Office, holds an M.S. in Information Security Technology and Management from
Carnegie Mellon University and a B.S. in Foreign Service from Georgetown University, and Alan McQuinn,
Research Assistant with the Information Technology and Innovation Foundation, holds a B.S. in Political
Communications and Public Relations from the University of Texas-Austin, 2015 (Beyond the USA Freedom
Act: How U.S. Surveillance Still Subverts U.S. Competitiveness, Report by the Information Technology &
Innovation Foundation, June, Available Online at http://www2.itif.org/2015-beyond-usa-freedom-act.pdf?
_ga=1.61741228.1234666382.1434075923, Accessed 07-05-2015, p. 7)
Conclusion
When historians write about this period in U.S. history it could very well be
that one of the themes will be how the United States lost its global
technology leadership to other nations. And clearly one of the factors
they would point to is the long-standing privileging of U.S. national
security interests over U.S. industrial and commercial interests when it
comes to U.S. foreign policy.
This has occurred over the last few years as the U.S. government has
done relatively little to address the rising commercial challenge to U.S.
technology companies, all the while putting intelligence gathering first
and foremost. Indeed, policy decisions by the U.S. intelligence community
have reverberated throughout the global economy. If the U.S.
tech industry is to remain the leader in the global marketplace, then the
U.S. government will need to set a new course that balances
economic interests with national security interests. The cost of inaction

is not only short-term economic losses for U.S. companies, but a wave
of protectionist policies that will systematically weaken U.S.
technology competiveness in years to come, with impacts on
economic growth, jobs, trade balance, and national security
through a weakened industrial base. Only by taking decisive steps
to reform its digital surveillance activities will the U.S. government
enable its tech industry to effectively compete in the global market.
1AC Internet Freedom Module

U.S. government attacks undermine global Internet freedom.
The plan is key to bolster U.S. credibility.
More than undermining every Americans cybersecurity and the

nations economic security, introducing new vulnerabilities to weaken
encrypted products in the U.S. would also undermine human rights and
information security around the globe. If American companies
maintain the ability to unlock their customers data and devices on
request, governments other than the United States will demand the
same access, and will also be emboldened to demand the same
capability from their native companies. The U.S. government, having
made the same demands, will have little room to object. The result
will be an information environment riddled with vulnerabilities that
could be exploited by even the most repressive or dangerous regimes.
Thats not a future that the American people or the people of the world
deserve.
Independently, weakening encryption makes global
authoritarianism easier.
Sanchez 14 Julian Sanchez, Senior Fellow specializing in technology, privacy, and civil liberties at
the Cato Institute, former Washington Editor for Ars Technica, holds a B.A. in Philosophy and Political
Science from New York University, 2014 (Old Technopanic in New iBottles, Cato at Libertya Cato
Institute blog, September 23rd, Available Online at http://www.cato.org/blog/old-technopanic-new-ibottles,
Accessed 06-29-2015)
there are lots of governments out there

that no freedom-loving person would classify as the good guys. Lets
pretendfor the sake of argument, and despite everything the experts tell usthat somehow it
were possible to design a backdoor that would open for Apple or Google
without being exploitable by hackers and criminals. Even then, it would
be awfully myopic to forget that our own government is not the only
one that would predictably come to these companies with legal
demands. Yahoo, for instance, was roundly denounced by American legislators for
coughing up data the Chinese government used to convict poet and
dissident Shi Tao, released just last year after nearly a decade in prison. Authoritarian
governments, of course, will do their best to prevent truly secure digital
technologies from entering their countries, but theyll be hard
pressed to do so when secure devices are being mass-produced for
western markets. An iPhone that Apple cant unlock when American
cops come knocking for good reasons is also an iPhone they cant
Second, and at the risk of belaboring the obvious,
unlock when the Chinese government comes knocking for bad ones. A
backdoor mandate, by contrast, makes life easy for oppressive
regimes by guaranteeing that consumer devices are exploitable by
defaultpresenting U.S. companies with a presence in those countries with a horrific choice between
enabling repression and endangering their foreign employees.
Case Backlines
They Say: Freedom Act Solves

The Freedom Act wasnt enough.
Castro and McQuinn 15 Daniel Castro, Vice President of the Information Technology and
Innovation Foundationa nonprofit, non-partisan technology think tank, former IT Analyst at the
Government Accountability Office, holds an M.S. in Information Security Technology and Management from
Carnegie Mellon University and a B.S. in Foreign Service from Georgetown University, and Alan McQuinn,
Research Assistant with the Information Technology and Innovation Foundation, holds a B.S. in Political
Communications and Public Relations from the University of Texas-Austin, 2015 (Beyond the USA Freedom
Act: How U.S. Surveillance Still Subverts U.S. Competitiveness, Report by the Information Technology &
Innovation Foundation, June, Available Online at http://www2.itif.org/2015-beyond-usa-freedom-act.pdf?
_ga=1.61741228.1234666382.1434075923, Accessed 07-05-2015, p. 1)
two years ago, ITIF described how revelations about pervasive

digital surveillance by the U.S. intelligence community could severely
harm the competitiveness of the United States if foreign customers turned
away from U.S.-made technology and services.1 Since then, U.S.
policymakers have failed to take sufficient action to address these
surveillance concerns; in some cases, they have even fanned the
flames of discontent by championing weak information security
practices.2 In addition, other countries have used anger over U.S.
government surveillance as a cover for implementing a new wave of
protectionist policies specifically targeting information technology. The
combined result is a set of policies both at home and abroad that
sacrifices robust competitiveness of the U.S. tech sector for vague
and unconvincing promises of improved national security.
ITIF estimated in 2013 that even a modest drop in the expected foreign
market share for cloud computing stemming from concerns about U.S.
surveillance could cost the United States between $21.5 billion and $35 billion by
2016.3 Since then, it has become clear that the U.S. tech industry as a
whole, not just the cloud computing sector, has underperformed
as a result of the Snowden revelations. Therefore, the economic impact
of U.S. surveillance practices will likely far exceed ITIFs initial $35 billion
estimate. This report catalogues a wide range of specific examples of
the economic harm that has been done to U.S. businesses. In short,
foreign customers are shunning U.S. companies. The policy
implication of this is clear: Now that Congress has reformed how the
National Security Agency (NSA) collects bulk domestic phone records and
allowed private firmsrather than the governmentto collect and
store approved data, it is time to address other controversial digital
surveillance activities by the U.S. intelligence community.4
Almost
They Say: Companies Solve

Government action is needed companies cant do it alone.
America Foundation, holds a B.A. in History from Yale University, with Kevin Bankston, Policy Director at the
Open Technology Institute at the New America Foundation, former Senior Counsel and Director of the Free
Civil Liberties Union, holds a J.D. from the University of Southern California Law School, Robyn Greene,
Policy Counsel specializing in surveillance and cybersecurity at the Open Technology Institute at the New
America Foundation, holds a J.D. from Hofstra University School of Law, and Robert Morgus, Program
Associate with the Cybersecurity Initiative and International Security Program at the New America
Foundation, 2014 (Surveillance Costs: The NSAs Impact on the Economy, Internet Freedom &
Cybersecurity, Report by the Open Technology Institute of the New America Foundation, July, Available
Online at https://static.newamerica.org/attachments/184-surveillance-costs-the-nsas-impact-on-theeconomy-internet-freedom-and-cybersecurity/Surveilance_Costs_Final.pdf, Accessed 07-05-2015, p. 13)
NSA surveillance programs are currently having a

serious, negative impact on the U.S. economy and threatening the
future competitiveness of American technology companies. Not only
are U.S. companies losing overseas sales and getting dropped from
contracts with foreign companies and governmentsthey are also
watching their competitive advantage in fast-growing industries like
cloud computing and webhosting disappear, opening the door for
foreign companies who claim to offer more secure alternative
products to poach their business. Industry efforts to increase
transparency and accountability as well as concrete steps to promote
better security by adopting encryption and other best practices are
positive signs, but U.S. companies cannot solve this problem
alone. Its not blowing over, said Microsoft General Counsel Brad
Smith at a recent conference. In June of 2014, it is clear it is getting worse, not
better.98 Without meaningful government reform and better
oversight, concerns about the breadth of NSA surveillance could lead
to permanent shifts in the global technology market and do lasting
damage to the U.S. economy.
It is abundantly clear that the
They Say: Alt Causes To Cybersecurity

Encryption is vital to every aspect of Internet security.
Schneier 15 Bruce Schneier, Chief Technology Officer for Counterpane Internet Security, Fellow
at the Berkman Center for Internet and Society at Harvard Law School, Program Fellow at the New America
Foundation's Open Technology Institute, Board Member of the Electronic Frontier Foundation, Advisory
Board Member of the Electronic Privacy Information Center, interviewed by Rob Price, 2015 (Bruce
Schneier: David Cameron's proposed encryption ban would 'destroy the internet', Business Insider, July
6th, Available Online at http://www.businessinsider.com/bruce-schneier-david-cameron-proposedencryption-ban-destroy-the-internet-2015-7, Accessed 07-20-2015)
BI: Are there any less obvious ways in which encryption helps people on a day-to-day basis?
Encryption secures everything we do on the Internet. It secures

our commerce. It secures our communications. It secures our
critical infrastructure. It secures our persons from criminal attack,
and it secures our countries from nation-state attack. In many
countries, it helps journalists, dissidents, and human rights
workers stay alive. In a world of pretty bad computer security, it is
the one thing that works well.
BS:
Backdoors devastate cybersecurity inherent complexity and

concentrated targets.
Crypto Experts 15 Harold Abelson, Professor of Electrical Engineering and Computer Science
at the Massachusetts Institute of Technology, Fellow of The Institute of Electrical and Electronics Engineers,
Founding Director of Creative Commons and the Free Software Foundation, holds a Ph.D. in Mathematics
from the Massachusetts Institute of Technology, et al., with Ross Anderson, Steven M. Bellovin, Josh
Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann,
Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner, qualifications of
these co-authors available upon request, 2015 (Keys Under Doormats: Mandating insecurity by requiring
government access to all data and communications, Massachusetts Institute of Technology Computer
Science and Artificial Intelligence Laboratory Technical Report (MIT-CSAIL-TR-2015-026), July 6 th, Available
Online at http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf, Accessed 0720-2015, p. 2-3)
the newly proposed requirement of

exceptional access to communications in todays more complex, global information
infrastructure. We find that it would pose far more grave security risks,
imperil innovation, and raise thorny issues for human rights and
international relations.
There are three general problems. First, providing exceptional access to communications
would force a U-turn from the best practices now being
deployed to make the Internet more secure. These practices include forward
The goal of this report is to similarly analyze
secrecy where decryption keys are deleted immediately after use, so that stealing the encryption key
used by a communications server would not compromise earlier or later communications. A related
technique, authenticated encryption, uses the same temporary key to guarantee confidentiality and to
verify that the message has not been forged or tampered with.
building in exceptional access would substantially increase

system complexity. Security researchers inside and outside government agree
that complexity is the enemy of security every new feature can
interact with others to create vulnerabilities. To achieve widespread
exceptional access, new technology features would have to be
deployed and tested with literally hundreds of thousands of developers
all around the world. This is a far more complex environment than the
electronic surveillance now deployed in telecommunications and Internet access
Second,
services, which tend to use similar technologies and are more likely to have the resources to manage
Features to permit law enforcement

exceptional access across a wide range of Internet and mobile
computing applications could be particularly problematic because their
typical use would be surreptitious making security testing difficult
and less effective.
Third, exceptional access would create concentrated targets that
could attract bad actors. Security credentials that unlock the data
would have to be retained by the platform provider, law enforcement
agencies, or some other trusted third party. If law enforcements keys
guaranteed access to everything, an attacker who gained access to
these keys would enjoy the same privilege. Moreover, law enforcements
stated need for rapid access to data would make it impractical to store
keys offline or split keys among multiple keyholders, as security engineers would
normally do with extremely high-value credentials. Recent attacks on the United States
Government Office of Personnel Management (OPM) show how much harm can arise
when many organizations rely on a single institution that itself has
security vulnerabilities. In the case of OPM, numerous federal agencies
lost sensitive data because OPM had insecure infrastructure. If service
providers implement exceptional [end page 2] access requirements
incorrectly, the security of all of their users will be at risk.
vulnerabilities that may arise from new features.
They Say: Alt Causes To Tech Industry

The plan restores trust in U.S. companies by prohibiting
attacks on encryption.
America Foundation, holds a B.A. in History from Yale University, with Kevin Bankston, Policy Director at the
Open Technology Institute at the New America Foundation, former Senior Counsel and Director of the Free
Civil Liberties Union, holds a J.D. from the University of Southern California Law School, Robyn Greene,
Policy Counsel specializing in surveillance and cybersecurity at the Open Technology Institute at the New
America Foundation, holds a J.D. from Hofstra University School of Law, and Robert Morgus, Program
Associate with the Cybersecurity Initiative and International Security Program at the New America
Foundation, 2014 (Surveillance Costs: The NSAs Impact on the Economy, Internet Freedom &
Cybersecurity, Report by the Open Technology Institute of the New America Foundation, July, Available
Online at https://static.newamerica.org/attachments/184-surveillance-costs-the-nsas-impact-on-theeconomy-internet-freedom-and-cybersecurity/Surveilance_Costs_Final.pdf, Accessed 07-05-2015, p. 40-41)
The U.S. government should not require or request that new

surveillance capabilities or security vulnerabilities be built into
communications technologies and services, even if these are intended
only to facilitate lawful surveillance. There is a great deal of evidence
that backdoors fundamentally weaken the security of hardware and
software, regardless of whether only the NSA purportedly knows about
said vulnerabilities, as some of the documents suggest. A policy statement from the Internet
Engineering Task Force in 2000 emphasized that adding a requirement for wiretapping will make affected
protocol designs considerably more complex. Experience has shown that complexity almost inevitably
jeopardizes the security of communications.355 More recently, a May 2013 paper from the Center for
Democracy and Technology on the risks of wiretap modifications to endpoints concludes that deployment
of an intercept capability in... communications services, systems and applications poses serious security
risks.356 The authors add that on balance mandating that endpoint software vendors build intercept
functionality into their products will be much more costly to personal, economic and governmental security
overall than the risks associated with not being able to wiretap all communications.357
While NSA
programs such as SIGINT Enablingmuch like proposals from domestic law enforcement agencies to
update the Communications Assistance for Law Enforcement Act (CALEA) to require digital wiretapping
capabilities in modern Internet-based communications services358 may
aim to [end page 40]

promote national security and law enforcement by ensuring that
federal agencies have the ability to intercept Internet communications,
they do so at a huge cost to online security overall.
Because of the associated security risks, the U.S. government should
not mandate or request the creation of surveillance backdoors in
products, whether through legislation, court order, or the
leveraging industry relationships to convince companies to
voluntarily insert vulnerabilities. As Bellovin et al. explain, complying with these
types of requirements would also hinder innovation and impose a
tax on software development in addition to creating a whole new
class of vulnerabilities in hardware and software that undermines
the overall security of the products.359 An amendment offered to the NDAA for Fiscal
Year 2015 (H.R. 4435) by Representatives Zoe Lofgren (D-CA) and Rush Holt (D-NJ) would have prohibited
The Lofgren-Holt proposal aimed to

prevent the funding of any intelligence agency, intelligence program,
or intelligence related activity that mandates or requests that a device
manufacturer, software developer, or standards organization build in a
inserting these kinds of vulnerabilities outright.360
backdoor to circumvent the encryption or privacy protections of its

products, unless there is statutory authority to make such a mandate or request.361 Although that
measure was not adopted as part of the NDAA, a similar amendment sponsored by Lofgren along with
Representatives Jim Sensenbrenner (D-WI) and Thomas Massie (R-KY), did make it into the House-approved
version of the NDAAwith the support of Internet companies and privacy organizations362passing on an
overwhelming vote of 293 to 123.363 Like Representative Graysons amendment on NSAs consultations
with NIST around encryption, it remains to be seen whether this amendment will end up in the final
legislative efforts are a

consistent with recommendations from the Presidents
Review Group that the U.S. government should not attempt to
deliberately weaken the security of commercial encryption products.
Such mandated vulnerabilities, whether required under statute or by
court order or inserted simply by request, unduly threaten innovation
in secure Internet technologies while introducing security flaws that
may be exploited by a variety of bad actors. A clear policy against
such vulnerability mandates is necessary to restore international
trust in U.S. companies and technologies.
appropriations bill that the President signs. Nonetheless, these
heartening sign and are
The plan restores confidence in the U.S. tech industry.

Sensenbrenner et al. 15 Jim Sensenbrenner, Member of the United States House of
Representatives (R-WI), with Thomas Massie, Member of the United States House of Representatives (RKY), and Zoe Lofgren, Member of the United States House of Representatives (D-CA), 2015
(Sensenbrenner, Massie & Lofgren Introduce Secure Data Act, Press Release, February 4 th, Available
Online at https://lofgren.house.gov/news/documentsingle.aspx?DocumentID=397873, Accessed 06-302015)
These "backdoors" can also be detrimental to American jobs. Other

countries buy less American hardware and software and favor their
domestic suppliers in order to avoid compromised American
products.
The Secure Data Act fixes this by prohibiting any agency from requesting
or compelling backdoors in services and products to assist with
electronic surveillance.
They Say: Alt Causes To Economy

Encryption backdoors destroy the Internet and the global
economy.
Venezia 15 Paul Venezia, Senior Contributing Editor at InfoWorld, has worked as a Network and
Systems Engineer for over 15 years, 2015 (Encryption with backdoors is worse than useless -- it's
dangerous, InfoWorld, July 13th, Available Online at
http://www.infoworld.com/article/2946064/encryption/encryption-with-forced-backdoors-is-worse-thanuseless-its-dangerous.html, Accessed 07-20-2015)
that these officials are even having this discussion is a bald

demonstration that they do not understand encryption or how
critical it is for modern life. They're missing a key point: The moment you force
any form of encryption to contain a backdoor, that form of encryption
is rendered useless. If a backdoor exists, it will be exploited by
criminals. This is not a supposition, but a certainty. It's not an
American judge that we're worried about. It's the criminals looking for
exploits.
We use strong encryption every single day. We use it on our banking
sites, shopping sites, and social media sites. We protect our credit card
information with encryption. We encrypt our databases containing
sensitive information (or at least we should). Our economy relies on strong
encryption to move money around in industries large and small.
The fact
Many high-visibility sites, such as Twitter, Google, Reddit, and YouTube, default to SSL/TLS encryption now.
When there were bugs in the libraries that support this type of encryption, the IT world moved heaven and
earth to patch them and eliminate the vulnerability. Security pros were sweating bullets for the hours,
days, and in some cases weeks between the hour Heartbleed was revealed and the hour they could finally
politicians with no grasp of the ramifications

want to introduce a fixed vulnerability into these frameworks. They are
threatening the very foundations of not only Internet commerce,
but the health and security of the global economy.
Put simply, if backdoors are required in encryption methods, the Internet
would essentially be destroyed, and billions of people would be put
at risk for identity theft, bank and credit card fraud, and any number of
other horrible outcomes. Those of us who know how the security
sausage is made are appalled that this is a point of discussion at any
level, much less nationally on two continents. Its abhorrent to
consider.
get their systems patched -- and now
They Say: Alt Causes To Privacy

Encryption is the lynchpin of freedom of opinion and
expression. Without it, intellectual privacy is impossible.
Fulton quoting Kaye 15 Deirdre Fulton, Staff Writer for Common Dreams, quoting David
Kaye, UN Special Rapporteur and author of a report about encryption released by the United Nations Office
of the High Commissioner for Human Rights, 2015 (No Backdoors: Online 'Zone of Privacy' is a Basic
Human Right, Common Dreams, May 29th, Available Online at
http://www.commondreams.org/news/2015/05/29/no-backdoors-online-zone-privacy-basic-human-right,
Encryption and anonymity tools, which help protect individuals' private

data and communications, are essential to basic human rights,
according to a report released Friday by the United Nations Office of the High
Commissioner for Human Rights.
Issued while U.S. lawmakers are engaged in heated debates over online privacy, data collection, and so-
the document recommends holding

proposed limits on encryption and anonymity to a strict standard: "If
they interfere with the right to hold opinions, restrictions must not be
adopted."
called 'back-door' surveillance methods,
The report, written by UN Special Rapporteur David Kaye, is based on questionnaire responses submitted
by 16 countries, opinions submitted by 30 non-government stakeholders, and statements made at a
meeting of experts in Geneva in March.
The document reads, in part: "Encryption and anonymity, todays leading

vehicles for online security, provide individuals with a means to protect their
privacy, empowering them to browse, read, develop and share
opinions and information without interference and enabling journalists,
civil society organizations, members of ethnic or religious groups,
those persecuted because of their sexual orientation or gender
identity, activists, scholars, artists and others to exercise the rights to
freedom of opinion and expression."
Kaye makes specific mention of tech tools such as Tor, a free software that
directs Internet traffic through a free, worldwide, volunteer network consisting of more than 6,000 servers
to conceal users' location and usage from anyone conducting online surveillance.
Such tools, the report continues, "create a zone of privacy to protect

opinion and belief. The ability to search the web, develop ideas and
communicate securely may be the only way in which many can
explore basic aspects of identity, such as ones gender, religion,
ethnicity, national origin or sexuality."
Among its many recommendations for states and corporations, the document advises that
governments "avoid all measures that weaken the security that
individuals may enjoy online."
It cites "broadly intrusive measures" such as the back-doors that tech
companies build into their products in order to facilitate law
enforcement access to encrypted content. In the U.S., FBI Director James Comey and
NSA chief Adm. Michael Rogers have both expressed support for backdoors and other restrictions on
encryption.
The problem with all of those approaches is that they "inject a basic
vulnerability into secure systems," Kaye told the Washington Post. "It results in
insecurity for everyone even if intended to be for criminal law

enforcement purposes."
Encryption is crucial to intellectual privacy.
Richards 15 Neil M. Richards, Professor of Law at the Washington University School of Law,
former law clerk to Chief Justice William H. Rehnquist, holds a J.D. and an M.A. in Legal History from the
University of Virginia, 2015 (How encryption protects our intellectual privacy (and why you should care),
Wired UK, January 7th, Available Online at
http://www.wired.co.uk/magazine/archive/2015/05/features/encryption-intellectual-privacy, Accessed 0716-2015)
As the debates about government surveillance and privacy continue,

some influential politicians (including the prime minister) have started to pick on
encryption.
Encrypted communications and files have long been an important element of digital security, but strong
crypto is coming under fire from those who claim it is a threat to our
safety, and that the security services must have mandated back doors to
our encrypted devices and communications.
The political argument is framed as one of safety couched in fear. Bad people
want to hurt us, and our security services claim a need to peer into the most intimate corners of our lives.
Encryption matters because it protects our intellectual privacy -our ability to be protected from surveillance or interference when we
are making sense of the world by thinking, reading and speaking
privately with those we trust. More and more, the acts of reading, thinking,
and private communication are mediated by electronic technologies like
computers, tablets, ebooks and smartphones. Whenever we shop, read, speak, and
think, we now do so using devices that create records of these
activities.
When we are watched, tracked and monitored, we act differently.
There's an increasing body of evidence that internet surveillance stops
us from reading unpopular or controversial ideas. Remember that our most
cherished ideas -- that people should control the government, that
heretics should not be burned at the stake and that all people are
equal were once unpopular and controversial ideas. A free society
should not fear dangerous ideas, and does not need complete
intellectual surveillance. Existing forms of surveillance and policing
are enough.
Encryption and intellectual privacy will of course make it more difficult
for the security services to do their jobs, but so too do our other civil
liberties of free speech, democratic control of the police and military,
and requiring a warrant before the government enters our homes or
reads our mail.
We are more secure when we have hope than when we are filled with
fear and treated like potentially naughty children. Encryption
promotes this kind of political security. It promotes other kinds of
security as well; after all, a back door for the government can also be a
back door for criminal hackers.
Fundamentally, intellectual privacy stops our lives from becoming

completely transparent, leaving room for diversity, eccentricity and
being able to think for ourselves. The technologies of strong encryption
are a powerful practical protection for these most vital of civil
liberties. Contrary to the politicians, a world without crypto would
definitely be less secure. It would also be less free and much less
interesting.
Privacy Outweighs Security

Freedom outweighs security in the context of encryption.
Zdziarski 14 Jonathan Zdziarski, considered one of the worlds foremost experts in iOS related
digital forensics and security, Principal Software Engineer at Accessdata Group LLC, former Senior Forensic
Scientist at Viaforensics, former Senior Research Scientist at Barracuda Networks, 2014 (The Politics
Behind iPhone Encryption and the FBI, Zdziarski's Blog of ThingsJonathan Zdziarskis blog, September
25th, Available Online at http://www.zdziarski.com/blog/?p=3894, Accessed 07-20-2015)
demanding back doors for law

enforcement is selfish. Its selfish in that they want a backdoor to
serve their own interests. Non law-enforcement types, such as Orin Kerr, a
While perhaps a heartfelt utopian ideal, the fact is that
reporter who wrote a piece in the Washington Post supporting FBI backdoors (and then later changed his
are being selfish by demanding that others give up their privacy to

make them feel safer. This is the absolute opposite of a society where
law enforcement serves the public interest. What Kerr, and anyone
supporting law enforcement back doors, really wants, is a society that
caters to their fears at the expense of others privacy.
While we individually choose to trust the law enforcement we come in
contact with, government only works if we inherently and
collectively distrust it on a public level. Our public policies and
standards should distrust those we have put in a position to watch over
us. Freedom only works when the power is balanced toward the
citizens; providing the government with the ability to choose to invade
our 1st, 4th and 5th Amendment rights is only an invitation to lose control of our
own freedom. Deep inside this argument is not one of public safety,
but a massive power grab away from the peoples right to privacy.
Whether everyone involved realizes that, it is privacy itself that is at stake.
Our founding fathers were aware that distrusting government was
essential to freedom, and thats why they used encryption. In fact, because of
mind),
their own example in concealing correspondence, one can make an even stronger case supporting
The constitution is the highest law of the

land its above all other laws. Historically, our founding fathers
guarded all instruments available that protect our freedom as beyond
the laws reach: The Press, Firearms, Assembly. These things provided information, teeth, and
consensus. Modern encryption is just as essential to our freedom as a
country as firearms, and are the teeth that guarantees our freedom of
speech and freedom from fear to speak and communicate.
Encryption today still just as vital to free speech as it was in the 1700s,
and to freedom itself. Whats at stake here is so much bigger than solving
a crime. The excuse of making us safer has been beaten to death as a
means to take away freedoms for hundreds of years. Dont be so
naive to think that this time, its any different.
encryption as an instrument of free speech.
Cybersecurity Outweighs Terrorism

Cybersecurity costs of weakened encryption outweigh counterterrorism benefits.
Doctorow 14 Cory Doctorow, journalist and science fiction author, Co-Editor of Boing Boing,
Fellow at the Electronic Frontier Foundation, former Canadian Fulbright Chair for Public Diplomacy at the
Center on Public Diplomacy at the University of Southern California, recipient of the Electronic Frontier
Foundations Pioneer Award, 2014 (A World of Control and Surveillance, Information Doesn't Want to Be
Free: Laws for the Internet Age, Published by McSweeneys, ISBN 9781940450285, p. 125-126)
The Edward Snowden leaks left much of the world in shock. Even the most
paranoid security freaks were astounded to learn about the scope of
the surveillance apparatus that had been built by the NSA, along with its
allies in the "Five Eyes" countries (the UK, Canada, New Zealand, and Australia).
The nontechnical world was most shocked by the revelation that the NSA was snaffling up such
unthinkable mountains of everyday communications. In some countries, the NSA is actively recording
every single cell-phone conversation, putting millions of indisputably innocent people under surveillance
without even a hint of suspicion.
in the tech world, the real showstopper was the news that the NSA and
the UK's spy agency, the GCHQ, had been spending $250 million a year on two
programs of network and computer sabotage BULLRUN, in the USA, and
EDGEHILL, in the UK. Under these programs, technology companies are
bribed, blackmailed, or tricked into introducing deliberate flaws into
their products, so that spies can break into them and violate their
users' privacy. The NSA even sabotaged U.S. government agencies,
such as the National Institute for Standards and Technology (NIST), a rock-ribbed expert body that
But
produces straightforward engineering standards to make sure that our digital infrastructure doesn't fall
NIST was forced to recall one of its cryptographic standards after it

became apparent that the NSA had infiltrated its process and
deliberately weakened the standard an act akin to deliberately
ensuring that the standard for electrical wiring was faulty, so that you
could start house fires in the homes of people you wanted to smoke
out during armed standoffs.
The sabotage shocked so many technology experts because they
understood that there was no such thing as a security flaw that could
be [end page 125] exploited by "the good guys" alone. If you weaken the
world's computer security the security of our planes and nuclear
reactors, our artificial hearts and our thermostats, and, yes, our phones
and our laptops, devices that are privy to our every secret then no
amount of gains in the War on Terror will balance out the costs
we'll all pay in vulnerability to crooks, creeps, spooks, thugs, perverts,
voyeurs, and anyone else who independently discovers these
deliberate flaws and turns them against targets of opportunity.
over.
The benefits of encryption outweigh the costs.

Friedersdorf 15 Conor Friedersdorf, Staff Writer for The Atlantic, 2015 (Do Encrypted Phones
Threaten National Security?, The Atlantic, July 15th, Available Online at
http://www.theatlantic.com/politics/archive/2015/07/does-encryption-threaten-national-security/398573/,
even granting that there are scenarios in which strong encryption

could result in costs that the public wouldnt have had to bear in an
alternative world with less privacy, a civil-liability framework would
have to account for the opposite sort of case, in which costs were
imposed on consumers or society by insufficiently strong encryption.
Say a foreign government, a terrorist organization, or black-hat hackers
compromise the smartphone exchanges of David Petraeus or Hillary Clinton
or the head of security at a nuclear power plant or a systems
administrator at the New York Stock Exchange. What costs will the
public bear that wouldnt exist in an alternative world with end-to-end
encryption? And what of the costs born by average citizens when their
privacy is compromised? I strongly suspect the costs of insecurity are much
higher than the costs that would be born in a world of end-to-end
encryption, though of course theres no way to prove that judgment definitively.
But
FYI: Open Letter To Obama

Civil society organizations that signed the Open Letter to
Obama include:
Access
Advocacy for Principled Action in Government
American-Arab Anti-Discrimination Committee (ADC)
American Civil Liberties Union
American Library Association
Benetech
Bill of Rights Defense Committee
Center for Democracy & Technology
Committee to Protect Journalists
The Constitution Project
Constitutional Alliance
Council on American-Islamic Relations
Demand Progress
Defending Dissent Foundation
DownsizeDC.org, Inc.
Electronic Frontier Foundation
Electronic Privacy Information Center (EPIC)
Engine
Fight for the Future
Free Press
Free Software Foundation
Freedom of the Press Foundation
GNOME Foundation
Human Rights Watch
The Media Consortium
New America's Open Technology Institute
Niskanen Center
Open Source Initiative
PEN American Center
Project Censored/Media Freedom Foundation
R Street
Reporters Committee for Freedom of the Press
TechFreedom
The Tor Project
U.S. Public Policy Council of Association for Computing Machinery World Privacy Forum
X-Lab
Companies and trade associations that signed the Open Letter

to Obama include:
ACT | The App Association
Adobe
Apple Inc.
The Application Developers Alliance
Automattic
Blockstream
Cisco Systems
Coinbase
Cloud Linux Inc.
CloudFlare
Computer & Communications Industry Association
Consumer Electronics Association (CEA)
Context Relevant
The Copia Institute
CREDO Mobile
Data Foundry
Dropbox
Evernote
Facebook
Gandi.net
Golden Frog
Google
HackerOne
Hackers/Founders
Hewlett-Packard Company
Internet Archive
Internet Association
Internet Infrastructure Coalition (i2Coalition)
Level 3 Communications
LinkedIn
Microsoft
Misk.com
Mozilla
Open Spectrum Inc.
Rackspace
Rapid7
Reform Government Surveillance
Sonic
ServInt
Silent Circle
Slack Technologies, Inc.
Symantec
Tech Assets Inc.
TechNet
Tumblr
Twitter
Wikimedia Foundation
Yahoo
Security and policy experts that signed the Open Letter to

Obama include:
Hal Abelson, Professor of Computer Science and Engineering, Massachusetts Institute of Technology
Ben Adida, VP Engineering, Clever Inc.
Jacob Appelbaum, The Tor Project
Adam Back, PhD, Inventor, HashCash, Co-Founder & President, Blockstream
Alvaro Bedoya, Executive Director, Center on Privacy & Technology at Georgetown Law
Brian Behlendorf, Open Source software pioneer
Steven M. Bellovin, Percy K. and Vida L.W. Hudson Professor of Computer Science, Columbia University
Matt Bishop, Professor of Computer Science, University of California at Davis
Matthew Blaze, Director, Distributed Systems Laboratory, University of Pennsylvania
Dan Boneh, Professor of Computer Science and Electrical Engineering at Stanford University
Eric Burger, Research Professor of Computer Science and Director, Security and Software Engineering
Research Center (Georgetown), Georgetown University
Jon Callas, CTO, Silent Circle
L. Jean Camp, Professor of Informatics, Indiana University
Richard A. Clarke, Chairman, Good Harbor Security Risk Management
Gabriella Coleman, Wolfe Chair in Scientific and Technological Literacy, McGill University
Whitfield Diffie, Dr. sc. techn., Center for International Security and Cooperation, Stanford University
David Evans, Professor of Computer Science, University of Virginia
David J. Farber, Alfred Filter Moore Professor Emeritus of Telecommunications, University of Pennsylvania
Dan Farmer, Security Consultant and Researcher, Vicious Fishes Consulting
Rik Farrow, Internet Security
Joan Feigenbaum, Department Chair and Grace Murray Hopper Professor of Computer Science, Yale
University
Richard Forno, Jr. Affiliate Scholar, Stanford Law School Center for Internet and Society
Alex Fowler, Co-Founder & SVP, Blockstream
Jim Fruchterman, Founder and CEO, Benetech
Daniel Kahn Gillmor, ACLU Staff Technologist
Robert Graham, creator of BlackICE, sidejacking, and masscan
Jennifer Stisa Granick, Director of Civil Liberties, Stanford Center for Internet and Society
Matthew D. Green, Assistant Research Professor, Johns Hopkins University Information Security Institute
Robert Hansen, Vice President of Labs at WhiteHat Security
Lance Hoffman, Director, George Washington University, Cyber Security Policy and Research Institute
Marcia Hofmann, Law Office of Marcia Hofmann
Nadim Kobeissi, PhD Researcher, INRIA
Joseph Lorenzo Hall, Chief Technologist, Center for Democracy & Technology
Nadia Heninger, Assistant Professor, Department of Computer and Information Science, University of
Pennsylvania
David S. Isenberg, Producer, Freedom 2 Connect

Douglas W. Jones, Department of Computer Science, University of Iowa
Susan Landau, Worcester Polytechnic Institute
Gordon Fyodor Lyon, Founder, Nmap Security Scanner Project
Aaron Massey, Postdoctoral Fellow, School of Interactive Computing, Georgia Institute of Technology
Jonathan Mayer, Graduate Fellow, Stanford University
Jeff Moss, Founder, DEF CON and Black Hat security conferences
Peter G. Neumann, Senior Principal Scientist, SRI International Computer Science Lab, Moderator of the
ACM Risks Forum
Ken Pfeil, former CISO at Pioneer Investments
Ronald L. Rivest, Vannevar Bush Professor, Massachusetts Institute of Technology
Paul Rosenzweig, Professorial Lecturer in Law, George Washington University School of Law
Jeffrey I. Schiller, Area Director for Security, Internet Engineering Task Force (1994-2003), Massachusetts
Institute of Technology
Bruce Schneier, Fellow, Berkman Center for Internet and Society, Harvard Law School
Micah Sherr, Assistant Professor of Computer Science, Georgetown University
Adam Shostack, author, Threat Modeling: Designing for Security
Eugene H. Spafford, CERIAS Executive Director, Purdue University
Alex Stamos, CISO, Yahoo
Geoffrey R. Stone, Edward H. Levi Distinguished Service Professor of Law, The University of Chicago
Peter Swire, Huang Professor of Law and Ethics, Scheller College of Business, Georgia Institute of
Technology
C. Thomas (Space Rogue), Security Strategist, Tenable Network Security
Dan S. Wallach, Professor, Department of Computer Science and Rice Scholar, Baker Institute of Public
Policy
Nicholas Weaver, Researcher, International Computer Science Institute
Chris Wysopal, Co-Founder and CTO, Veracode, Inc.
Philip Zimmermann, Chief Scientist and Co-Founder, Silent Circle
CPs
CISA CP
CISA doesnt solve cybersecurity.
Greenberg 15 Andy Greenberg, Senior Writer at Wired covering security, privacy, information
freedom, and hacker culture, 2015 (CISA Security Bill: An F for Security But an A+ for Spying, Wired,
March 20th, Available Online at http://www.wired.com/2015/03/cisa-security-bill-gets-f-security-spying/,
More False Warnings Than Real Threats
For those who value security over privacy, CISAs surveillance compromises might seem acceptable. But
questions persist about whether CISA would even do much to

improve security. Robert Graham, a security researcher and an early inventor of
intrusion prevention systems, says CISA will lead to sharing of more false
positives than real threat information. Skilled hackers, he says, know
how to evade intrusion prevention systems, intrusion detection
systems, firewalls, and antivirus software. Meanwhile, most data alerts
from systems shared under CISA will be false alarms. If we had seen
the information from the Sony hackers ahead of time, we still wouldnt
have been able to pick it out from the other information we were
getting, Graham says, in reference to the epic hack of Sony Pictures Entertainment late last year.
The reality is that even if you have the information ahead of time,
you really cant pick the needle from the haystack .
Graham points to the more informal information sharing that already
occurs in the private sector thanks to companies that manage the
security large client bases. Companies like IBM and Dell SecureWorks
already have massive cybersecurity information sharing systems
where they hoover up large quantities of threat information from their
customers, Graham wrote in a blog post Wednesday. This rarely allows them to
prevent attacks as the CISA bill promises. In other words, weve tried the
CISA experiment, and we know it doesnt really work.
In his statement excoriating CISA last week, Senator Ron Wydenthe only member of
the intelligence committee to vote against the billagreed. He wrote that CISA not only lacks
privacy protections, but that it will have a limited impact on US cybersecurity.
But Wyden went further than calling CISA ineffective. Citing its privacy loopholes, he questioned
the fundamental intention of the legislation as its currently written. If informationsharing legislation does not include adequate privacy protections then thats not a cybersecurity bill, he
wrote. Its
a surveillance bill by another name.
CISA is a net-negative for cybersecurity.

Granick 15 Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and
Society, former Civil Liberties Director at the Electronic Frontier Foundation, holds a J.D. from the University
of California Hastings College of the Law, 2015 (Sloppy Cyber Threat Sharing Is Surveillance by Another
Name, Just Security, June 29th, Available Online at http://justsecurity.org/24261/sloppy-cyber-threatsharing-surveillance/, Accessed 07-07-2015)
Normally, your email provider wouldnt be allowed to give this information over without your consent or a
The Senate may soon make another

attempt at passing the Cybersecurity Information Sharing Act, a bill that
search warrant. But that could soon change.
would waive privacy laws in the name of cybersecurity. In April, the US House of Representatives passed by
strong majorities two similar cyber threat information sharing bills. These bills grant companies immunity
for giving DHS information about network attacks, attackers, and online crimes.
Sharing information about security vulnerabilities is a good idea. Shared

vulnerability data empowers other system operators to check and see if they, too, have been attacked,
and also to guard against being similarly attacked in the future. Ive spent most of my career fighting for
researchers rights to share this kind of information against threats from companies that didnt want their
customers to know their products were flawed.
But, these bills gut legal protections against government fishing

expeditions exactly at a time when individuals and Internet companies
need privacy laws to get stronger, not weaker.
Worse, the bills arent needed. Private companies share threat data
with each other, and even with the government, all the time. The
threat data that security professionals use to protect networks from
future attacks is a far more narrow category of information than those
included in the bills being considered by Congress, and will only rarely
contain private information.
And none of the recent cyberattacks not Sony, not Target, and not the
devastating grab of sensitive background check interviews on government employees at the Office of
Personnel Management would have been mitigated by these bills.
None of this has stopped private companies from crowing about their need for corporate immunity, but it
We dont need to pass laws gutting

privacy rights to save cybersecurity.
These bills arent needed and arent designed to encourage sharing
the right kind of information. These are surveillance bills
masquerading as security bills.
should stop Congress from giving it to them.
Instead of removing (non-existent) barriers to sharing and undermining American privacy in the process
Congress should consider how to make sharing worthwhile. Ive been told by many entities, corporate
and academic, that they dont share with the government because the government doesnt share back.
Silicon Valley engineers have wondered aloud what value DHS has to offer in their efforts to secure their
employers services. Its not like DHS is setting a great security example for anyone to follow. OPMs
Inspector General warned the government about security problems that, left unaddressed, led to the OPM
breach.
And theres a very serious trust issue. We recently learned that the NSA is sitting on the domestic Internet
backbone, searching for foreign cyberthreats, helping the FBI and thinking about how to get authority to
scan more widely. You can see the lifecycle now. Vulnerable company reports a threat to DHS, NSA
programs its computers to search for that threat, vulnerable companys proprietary data gets sucked in by
FBI. Any company has to think at least twice about sharing how they are vulnerable with a government
that hoards security vulnerabilities and exploits them to conduct massive surveillance.
Cybersecurity is a serious problem, but its not going to get better

with Congress doing whatever it politically can instead of doing what it should. Its not going to get better
by neutering the few privacy protections we have. Good security is

supposed to keep your information safe. But these laws will make your
private emails and information vulnerable. Lawmakers have got to start listening to
experts, and experts are saying the same thing. Dont just do something,
do the right thing. And if you cant do the right thing, then dont do
anything at all.
NIST Golden Key CP

Permute: do both. Research on a Golden Key can continue, but
backdoors should be prohibited now.
Permute: do the counterplan. Its plan plus the except if a
Golden Key works provision isnt textually or functionally
competitive because a Golden Key is mathematically
impossible. This doesnt sever: the counterplan is no different
than except if 2+2=5.
Doesnt solve tech competitiveness. Holding out hope for a
Golden Key sends the signal that the U.S. is committed to
backdooring encryption. In response, international customers
will choose non-U.S. companies that can guarantee products
without backdoors.
A Golden Key is mathematically impossible experts.
Geller 15 Eric Geller, Deputy Morning Editor at The Daily Dotthe hometown newspaper of the
Internet, 2015 (The rise of the new Crypto War, The Daily Dot, July 10th, Available Online at
http://www.dailydot.com/politics/encryption-crypto-war-james-comey-fbi-privacy/, Accessed 07-20-2015)
To researchers who have spent their careers studying code, the FBIs
belief that it can shut down the development of strong cryptography is
ludicrous. Code, after all, is just math.
This all requires an idea that people just wont innovate in areas where
the government doesnt like them to, said Cohn. And thats really never
been the case.
Hall said, Youre basically trying to prevent people from doing certain
kinds of math.
Philip Zimmerman, the inventor of the widely used PGP encryption scheme, neatly summed up the
problem with government encryption limits when he told a 1996 Senate subcommittee hearing, Trying
to stop this is like trying to legislate the tides and the weather.
The mathematical nature of encryption is both a reassurance that it
cannot be banned and a reminder that it cannot be massaged to fit an
agendaeven agendas ostensibly meant to save lives. Software
engineers simply cannot build backdoors that do what the FBI wants
without serious security vulnerabilities, owing to the fundamental
mathematical nature of cryptography. It is no more possible for
the FBI to design a secure backdoor than it is for the National Weather
Service to stop a hurricane in its tracks.
No amount of presto change-o is going to change the math, Cohn
said. Some people say time is on their side; I think that math is on our
side when it comes to crypto.
* Cohn = Cindy Cohn, Executive Director and former Legal Director and General Counsel of the Electronic
Frontier Foundation, holds a J.D. from the University of Michigan Law School; Hall = Joseph Hall, chief
technologist at the Center for Democracy & Technology
Creating a law enforcement-only backdoor is technically

impossible.
Is there really no way to keep users' data secure while providing

backdoors to law enforcement?
BS: Yes, there really is no way.
Think of it like this. Technically, there is no such thing as a "backdoor to law
enforcement." Backdoor access is a technical requirement, and limiting
access to law enforcement is a policy requirement. As an engineer, I
cannot design a system that works differently in the presence of a
particular badge or a signed piece of paper. I have two options. I can
design a secure system that has no backdoor access, meaning neither
criminals nor foreign intelligence agencies nor domestic police can get
at the data. Or I can design a system that has backdoor access,
meaning they all can. Once I have designed this less-secure system
with backdoor access, I have to install some sort of policy overlay to
try to ensure that only the police can get at the backdoor and only
when they are authorized. I can design and build procedures and other
measures intended to prevent those bad guys from getting access, but
anyone who has followed all of the high-profile hacking over the past
few years knows how futile that would be.
There is an important principle here: we have one world and one Internet.
Protecting communications means protecting them from everybody.
Making communications vulnerable to one group means making them
vulnerable to all. There just isn't any way around that.
BI:
Backdoors are a terrible idea our ev cites the former DHS

Secretary.
Wheeler citing Chertoff 15 Marcy Wheeler, independent journalist writing about
national security and civil liberties, has written for the Guardian, Salon, and the Progressive, author of
Anatomy of Deceit about the CIA leak investigation, Recipient of the 2009 Hillman Award for blog
journalism, holds a Ph.D. in Comparative Literature from the University of Michigan, 2015 (Michael
Chertoff Makes the Case against Back Doors, Empty WheelDr. Marcy Wheelers blog, July 26th, Available
Online at https://www.emptywheel.net/2015/07/26/michael-chertoff-makes-the-case-against-back-doors/,
One of the more interesting comments at the Aspen Security Forum (one that has, as far as Ive seen, gone
Chertoff was asked about whether the

government should be able to require back doors. He provided this
response (his response starts at 16:26).
I think that its a mistake to require companies that are making hardware and
software to build a duplicate key or a back door even if you hedge it
with the notion that theres going to be a court order. And I say that for a number of
unreported) came on Friday when Michael
reasons and Ive given it quite a bit of thought and Im working with some companies in this area
too.
when you do require a duplicate key or some other form of

back door, there is an increased risk and increased
vulnerability. You can manage that to some extent. But it does prevent you from certain
kinds of encryption. So youre basically making things less secure for
ordinary people.
The second thing is that the really bad people are going to find apps and
tools that are going to allow them to encrypt everything without a
back door. These apps are multiplying all the time. The idea that
youre going to be able to stop this, particularly given the global
environment, I think is a pipe dream. So what would wind up
happening is people who are legitimate actors will be taking
somewhat less secure communications and the bad guys will
still not be able to be decrypted.
The third thing is that what are we going to tell other countries? When other
First of all, there is,
countries say great, we want to have a duplicate key too, with Beijing or in Moscow or someplace
else? The companies are not going to have a principled basis to refuse to do that. So thats going
to be a strategic problem for us.
we do not historically
organize our society to make it maximally easy for law
enforcement, even with court orders, to get information. We
often make trade-offs and we make it more difficult. If that were not
Finally, I guess I have a couple of overarching comments. One is
the case then why wouldnt the government simply say all of these [takes out phone] have to be
configured so theyre constantly recording everything that we say and do and then when you get
a court order it gets turned over and we wind up convicting ourselves. So I dont think socially we
do that.
And I also think that
experience shows were not quite as dark, sometimes, as
we fear we are. In the 90s there was a deb when encryption first became a big deal
debate about a Clipper Chip that would be embedded in devices or whatever your
communications equipment was to allow court ordered interception. Congress ultimately and the
President did not agree to that. And, from talking to people in the community afterwards, you
know what? We collected more than ever. We found ways to deal with that issue.
requiring
people to build a vulnerability may be a strategic mistake.
These are, of course, all the same answers opponents to back doors always offer
(and Chertoff has made some of them before). But Chertoffs answer is notable both
because it is so succinct and because of who he is: a long-time
prosecutor, judge, and both Criminal Division Chief at DOJ and
Secretary of Homeland Security. Through much of that career, Chertoff has
been the close colleague of FBI Director Jim Comey, the guy
pushing back doors now.
So its a little bit of a long-winded answer. But I think on this one, strategically, we,
Its possible hes saying this now because as a contractor hes being paid to voice the opinions of the tech
its not just

hippies and hackers making these arguments. Its also someone who,
for most of his career, pursued and prosecuted the same kinds of
people that Jim Comey is today.
industry; as he noted, hes working with some companies on this issue. Nevertheless,
A golden key system would create inherent vulnerabilities

experts.
Online at http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf, Accessed 0720-2015, p. abstract)
Twenty years ago, law enforcement organizations lobbied to require data and communication services to
engineer their products to guarantee law enforcement access to all data. After lengthy debate and
vigorous predictions of enforcement channels going dark, these attempts to regulate the emerging
Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law
enforcement agencies found new and more effective means of accessing vastly larger quantities of data.
Today we are again hearing calls for regulation to mandate the provision of exceptional access
mechanisms. In this report, a group of computer scientists and security experts, many of whom
participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing
extraordinary access mandates.
the damage that could be caused by law enforcement

exceptional access requirements would be even greater today than it
would have been 20 years ago. In the wake of the growing economic
and social cost of the fundamental insecurity of todays Internet
environment, any proposals that alter the security dynamics online
should be approached with caution. Exceptional access would force
Internet system developers to reverse forward secrecy design
practices that seek to minimize the impact on user privacy when
systems are breached. The complexity of todays Internet environment,
with millions of apps and globally connected services, means that new
law enforcement requirements are likely to introduce unanticipated,
hard to detect security flaws. Beyond these and other technical
vulnerabilities, the prospect of globally deployed exceptional access
systems raises difficult problems about how such an environment
would be governed and how to ensure that such systems would
respect human rights and the rule of law.
We have found that
Prefer our evidence we cite the worlds leading experts.

They cite people who dont understand math.
Online at http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf, Accessed 0720-2015, p. 1)
Political and law enforcement leaders in the United States and the United Kingdom
have called for Internet systems to be redesigned to ensure
government access to information even encrypted information. They argue
that the growing use of encryption will neutralize their investigative

capabilities. They propose that data storage and communications systems must be
designed for exceptional access by law enforcement agencies. These
proposals are unworkable in practice, raise enormous legal and
ethical questions, and would undo progress on security at a time
when Internet vulnerabilities are causing extreme economic harm.
As computer scientists with extensive security and systems
experience, we believe that law enforcement has failed to account for
the risks inherent in exceptional access systems. Based on our
considerable expertise in real-world applications, we know that
such risks lurk in the technical details. In this report we examine whether it is
technically and operationally feasible to meet law enforcements call for exceptional access without
causing large-scale security vulnerabilities. We take no issue here with law enforcements desire to execute
Our
strong recommendation is that anyone proposing regulations should first
present concrete technical requirements, which industry, academics,
and the public can analyze for technical weaknesses and for hidden
costs.
lawful surveillance orders when they meet the requirements of human rights and the rule of law.
Even the Presidents Review Group votes aff.

The Administration faces a critical choice: will it adopt policies that

foster a global digital ecosystem that is more secure, or less? That
choice may well define the future of the Internet in the 21st century.
When faced with a similar choice at the end of the last century, during the socalled Crypto Wars, U.S. policymakers weighed many of the same concerns
and arguments that have been raised in the current debate, and correctly concluded
that the serious costs of undermining encryption technology
outweighed the purported benefits. So too did the Presidents Review
Group on Intelligence and Communications Technologies, who
unanimously recommended in their December 2013 report that the US
Government should (1) fully support and not undermine efforts to
create encryption standards; (2) not in any way subvert, undermine,
weaken, or make vulnerable generally available commercial software;
and (3) increase the use of encryption and urge US companies to do so,
in order to better protect data in transit, at rest, in the cloud, and in
other storage.
We urge the Administration to follow the Review Groups
recommendation and adopt policies that promote rather than
undermine the widespread adoption of strong encryption
technologies, and by doing so help lead the way to a more secure,

prosperous, and rights-respecting future for America and for the world.
They Say: Research Still Good

The debate has already been decided. On our side is every
expert. On their side is wishful thinking. More research is
pointless.
McLaughlin 15 Jenna McLaughlin, Reporter and Blogger covering surveillance and national
security for The Intercept, former national security and foreign policy reporter and editorial fellow at
Mother Jones, 2015 (FBI Director Says Scientists Are Wrong, Pitches Imaginary Solution to Encryption
Dilemma, The Intercept, July 8th, Available Online at https://firstlook.org/theintercept/2015/07/08/fbidirector-comey-proposes-imaginary-solution-encryption/, Accessed 07-20-2015)
Testifying before two Senate committees on Wednesday about the threat he

says strong encryption presents to law enforcement, FBI Director James Comey
didnt so much propose a solution as wish for one.
Comey said he needs some way to read and listen to any communication for which hes gotten a court
order. Modern end-to-end encryption increasingly common following the revelations of mass surveillance
by NSA whistleblower Edward Snowden doesnt allow for that. Only the parties on either end can do the
decoding.
Comeys problem is the nearly universal agreement among

cryptographers, technologists and security experts that there is
no way to give the government access to encrypted communications
without poking an exploitable hole that would put confidential data, as
well as entities like banks and power grids, at risk.
But while speaking at Senate Judiciary and Senate Intelligence Committee hearings on Wednesday,
Comey repeatedly refused to accept that as reality.
A whole lot of good people have said its too hard maybe thats so, he said to the Intelligence
Committee. But my reaction to that is: Im not sure theyve really tried.
In a comment worthy of climate denialists, Comey told one senator:

Maybe the scientists are right. Ennnh, Im not willing to give up on that
yet.
He described his inability to make a realistic proposal as the act of a humble public servant. Were trying
to show humility to say we dont know what would be best.
Comey said American technologists are so brilliant that they surely

could come up with a solution if properly incentivized.
Julian Sanchez, a senior fellow at the Cato Institute, was incredulous about Comeys insistence that experts
are wrong: How does his head not explode from cognitive dissonance when he repeats he has no tech
expertise, then insists everyone who does is wrong? he tweeted during the hearing.
Prior to the committee hearings, a group of the worlds foremost

cryptographers and scientists wrote a paper including complex
technical analysis concluding that mandated backdoor keys for the
government would only be dangerous for national security. This is the
first time the group has gotten back together since 1997, the previous instance in which the FBI asked for
a technical backdoor into communications.
But no experts were invited to testify, a fact that several intelligence committee
members brought up, demanding a second hearing to hear from them.
Comey got little pushback from the panel, despite his lack of any
formal plan and his denial of science. Sen. Martin Heinrich, D-N.M., thanked him for his
display of humility in not presenting a solution, while Committee Chairman Richard Burr, R-N.C., said I
think you deserve a lot of credit for your restraint.
Comey at one point briefly considered the possibility of a world not like the one he imagined, then
concluded: If thats the case, then I think were stuck.
This arg is something anti-vaxxers would say. Researching

the impossible is good is not a net-benefit.
Whittaker 15 Zack Whittaker, Writer-Editor for ZDNet, CNET, and CBS News, 2015 (Why are we
still talking about backdoors in encryption? No, really, ZDNet, July 8th, Available Online at
http://www.zdnet.com/article/because-there-is-no-such-thing-as-a-secure-backdoor-gosh-darn-it/, Accessed
07-20-2015)
It's the conversation that just won't end.
In case you hadn't noticed, in recent months there's been fervent discussion both for and against
encryption, which has law enforcement and experts at odds.
The debate began in the wake of the Edward Snowden affair after Apple began encrypting iPhones and
iPads running the latest software. By cutting out Apple from the data demand process, law enforcement
must go directly to the device owner. That -- as you might imagine -- incensed law enforcement and
intelligence agencies, because that requires informing suspects that they're under investigation.
Without any congressional backing, the feds asked for the only thing they could: "backdoor" access to tech
companies' systems to pull data on suspected criminals and terrorists.
more than a dozen elite cryptographers and security experts

penned a letter effectively calling on the feds to stop flogging an already
dead horse.
On Tuesday,
From the report in The New York Times:

"The group -- 13 of the world's preeminent cryptographers, computer scientists and security
specialists -- will release the paper, which concludes there is no viable technical solution that
would allow the American and British governments to gain 'exceptional access' to encrypted
communications without putting the world's most confidential data and critical infrastructure in
danger."
Their argument is simple: there is no such thing as a secure backdoor.

If there's a way in that allows the feds to access data at will (even with
a warrant or court-order), hackers will inevitably find it and use it for
their own gain.
From Business Insider, widely-respected security expert Bruce Schneier
explained why there "really is no way" to keep users' data safe while
providing backdoors. He said:
"I have two options. I can design a secure system that has no backdoor access, meaning neither
criminals nor foreign intelligence agencies nor domestic police can get at the data. Or I can
design a system that has backdoor access, meaning they all can."
that should be the end of it. If the brightest minds in the world
cannot come up with something the FBI wants in its wildest dreams,
someone has to back down. You can't just push ahead with something
if it's not technically feasible.
But that's not stopping FBI director James Comey, who on Wednesday made his case -- for
And
the millionth time -- that encryption will prevent his agency (and others) from finding the bad guys.
In a brief (yet still rambling) opinion piece for Lawfare, the FBI director aimed for "healthy discussion" but
failed to retain his point once he promised he was "not a maniac (or so at least [his] family says so" -which, by the way, is exactly what a maniac would say.
Comey wrote:
"In universal strong encryption, I see something that is with us already and growing every day
that will inexorably affect my ability to do that job. It may be that, as a people, we decide the
benefits here outweigh the costs and that there is no sensible, technically feasible way to
optimize privacy and safety in this particular context, or that public safety folks will be able to do
their job well enough in the world of universal strong encryption."
At least he managed to avoid using the word "backdoor" in his piece. He redeemed himself when, in
Wednesday's testimony, Comey said that the FBI was "not seeking a backdoor." (For those not watching CSPAN, he then proceeded to describe a backdoor.)
At one point during his testimony, the FBI director specifically said, dodging the question by Sen John
Cornyn (R-TX), that he doesn't want to "scare people by saying I'm certain people will die."
He, and others, are blind to the fact that undermining encryption by
installing backdoors won't prevent crime. In a tweet, security expert and researcher
Matt Blaze, one of the cryptographers who also signed the aforementioned letter, said: " 'Crypto
causes crime' deserves no more consideration than 'vaccinations

cause disease'."
The debate on encryption that Comey wanted has come and gone
and he lost. He failed at the first hurdle. It's time to let it go.
Every proposal will get shot down. Researching them is a
stalling tactic.
You cant legislate the weather
Security researchers dont often wade into highly charged political

fights. They work with code, and code is apolitical. But the security
researchers who have followed the encryption debate say theyre tired
of watching the FBI either misunderstand or dismiss the technical
reality surrounding backdoors.
A lot of the arguments you hear from the FBI and the NSA come from
people most separated from technical reality, Hall said.
One major frustration is that the government hasnt laid out the
specifics of its desired intercept solution.
Comey and Deputy Attorney General Sally Yates continued to duck
questions about specifics at a July 8 Senate Judiciary Committee hearing, one of two Senate
encryption hearings at which Comey testified that day.
"We're not ruling out a legislative solution," said Yates, the second-ranking official at the Justice
Department, "but we think that the more productive way to approach this is to work with the industry"
on per-company solutions.
The governments position was that bad guys could use crypto and so therefore they needed to regulate
it, and our position was good guys need crypto in order to protect us from bad guys.
Later in the hearing, Comey suggested "some sort of regime where it's easier to compel people to unlock
their devices," though he acknowledged the inherent Fifth Amendment concerns of self-incrimination.
Perhaps the Snowden leaks and general public anxiety about surveillance have made the government
cautious. Perhaps it wants to cut deals with specific segments of the tech industry and it worries that going
public with its ideas will make private negotiations harder. Schoen said that he had heard of informal
contacts between the government and tech companies, with officials contacting businesses and saying,
We find such and such product objectionable or We want to make such and such a request about a
product.
Specific proposals expose the government to

specific criticism, and when that criticism comes from respected
researchers, it can kill a proposal in its infancy. For such a small device, the
But there is another possibility.
Clipper chip certainly casts a long shadow.

If you say, Well, I think that peoples crypto keys should be copied in this way and transformed in this
way, and then stored by this entity, Schoen said, then its very easy for security experts to say, Thats a
terrible risk for reasons X, Y, and Z, because attackers can attack it in this way.
Instead of offering specifics, FBI officials say they want more dialog with
Congress, the security community, and the public. But that appears to be little more
than a stalling tactic.
They Say: Crime/Terror Net-Benefit

Backdoors necessarily make systems insecure and increase the
risk of crime.
there are excellent security

reasons not to mandate backdoors. Indeed, had he looked to the original Crypto Wars of
First, as Kerr belatedly acknowledges in a follow-up post,
the 90s, he would have seen that this was one of the primary reasons similar schemes were almost
More or less by definition, a

backdoor for law enforcement is a deliberately introduced security
vulnerability, a form of architected breach: It requires a system to be
designed to permit access to a users data against the users wishes,
and such a system is necessarily less secure than one designed
without such a feature. As computer scientist Matthew Green explains in a
recent Slate column (and, with several eminent colleagues, in a longer 2013 paper) it is damn
near impossible to create a security vulnerability that can only be
exploited by the good guys. Activist Eva Galperin puts the point pithily: Once you
build a back door, you rarely get to decide who walks through it. Even
if your noble intention is only to make criminals more vulnerable to
police, the unavoidable cost of doing so in practice is making the
overwhelming majority of law-abiding users more vulnerable to
criminals.
uniformly rejected by technologists and security experts.
It is impossible to build a law enforcement only backdoor.

Attacks on encryption make crime easier, not harder.
Cohn 14 Cindy Cohn, Executive Director and former Legal Director and General Counsel of the
Electronic Frontier Foundation, holds a J.D. from the University of Michigan Law School, 2014 (EFF
Response to FBI Director Comey's Speech on Encryption, Electronic Frontier Foundation, October 17 th,
Available Online at https://www.eff.org/deeplinks/2014/10/eff-response-fbi-director-comeys-speechencryption, Accessed 06-24-2015)
Comey gave a speech yesterday reiterating the FBI's nearly

twenty-year-old talking points about why it wants to reduce the
security in your devices, rather than help you increase it. Here's EFF's
FBI Director James
response:
The FBI should not be in the business of trying to convince companies

to offer less security to their customers. It should be doing just the
opposite. But that's what Comey is proposingundoing a clear legal protection we
fought hard for in the 1990s.1 The law specifically ensures that a company is not
required to essentially become an agent of the FBI rather than serving
your security and privacy interests. Congress rightly decided that
companies (and free and open source projects and anyone else building our tools)
should be allowed to provide us with the tools to lock our digital
information up just as strongly as we can lock up our physical goods.
That's what Comey wants to undo.
It's telling that his remarks echo so closely the arguments of that era. Compare them, for example, with
this comment from former FBI Director Louis Freeh in May of 1995, now nearly twenty years ago:
[W]e're in favor of strong encryption, robust encryption. The country needs it, industry needs it.
We just want to make sure we have a trap door and key under some judge's authority where we
can get there if somebody is planning a crime.
the FBI is trying to convince the world that some fantasy

version of security is possiblewhere "good guys" can have a back
door or extra key to your home but bad guys could never use it.
Anyone with even a rudimentary understanding of security can tell
you that's just not true. So the "debate" Comey calls for is phony, and
we suspect he knows it. Instead, Comey wants everybody to have weak security,
so that when the FBI decides somebody is a "bad guy," it has no
problem collecting personal data.
That's bad science, it's bad law, it's bad for companies serving a
global marketplace that may not think the FBI is always a "good guy,"
and it's bad for every person who wants to be sure that their data is
as protected as possiblewhether from ordinary criminals hacking into
their email provider, rogue governments tracking them for politically
organizing, or competing companies looking for their trade secrets.
Now just as then,
Perhaps Comey's speech is saber rattling. Maybe it's an attempt to persuade the American people that
we've undertaken significant reforms in light of the Snowden revelationsthe U.S. government has not
and that it's time for the "pendulum" to swing back. Or maybe by putting this issue in play, the FBI may
hope to draw our eyes away from, say, its attempt to water down the National Security Letter reform that
Congress is considering. It's difficult to tell.
But if the FBI gets its way and convinces Congress to change the law , or
even if it convinces companies like Apple that make our tools and hold our data to weaken the security
they offer to us, we'll all end up less secure and enjoying less privacy. Or as
the Fourth Amendment puts it: we'll be be less "secure in our papers and effects."
For more on EFF's coverage of the "new" Crypto Wars, read this article focusing on the security issues we
wrote last week in Vice. And going back even earlier, a broader update to a piece we wrote in 2010, which
itself was was based on our fights in the 90s. If the FBI wants to try to resurrect this old debate, EFF will be
in strong opposition, just as we were 20 years ago. That's becausejust like 20 years ago the
Internet needs more, not less, strong encryption.

Even if a backdoor worked, it wouldnt enable real-time
access.
security researchers. They also remain

unconvinced that a backdoor with the other necessary qualities can even
be built.
The FBI often cites situations like child abductions or active terrorist
plots when it calls for backdoors. But such ongoing threats would
require real-time access to the backdoor mechanism. That real-time
access, experts said, is not realistic given how backdoors are built and
maintained.
Youre going to need to essentially perform very sensitive security
operations that are going to require a bunch of human steps really,
really fast, said Hall. A lot of these are going to be in airgapped facilities
[where servers are deliberately cut off from the Internet], and youre going to have to
Exploitation isnt the only thing that worries
jump the airgaps to get the keying material together in one place
thats probably also an airgapped facility.
Daniel Weitzner argued that there was simply no way to reconcile a
backdoors dual requirements of security and accessibility. If you
physically disperse keys across the country to make them easier for
law enforcement to reach, you add more venues for exploitation, he said.
If you put one hardware security module in the FBIs heavily guarded
Washington headquarters, you prevent disparate law-enforcement
groups from quickly accessing it to launch real-time monitoring
operations.
Im not even sure were good at doing that, keeping keys like that
technically secure, Green said. Im not sure we have any hardware thats
ever been put to that test.
* Hall = Joseph Hall, chief technologist at the Center for Democracy & Technology; Weitzner = Daniel
Weitzner, lecturer in the computer science department at the Massachusetts Institute of Technology; Green
= Matthew Green, assistant research professor at the Johns Hopkins Information Security Institute
Terrorism/Crime DA
They Say: Statistics/Anecdotes

Empirically, strong encryption doesnt foil law enforcement.
Their evidence is baseless fearmongering.
Board Member of the Electronic Privacy Information Center, 2014 (Stop the hysteria over Apple
encryption, CNN, October 31st, Available Online at http://www.cnn.com/2014/10/03/opinion/schneier-appleencryption-hysteria/index.html, Accessed 06-29-2015)
Last week Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be
that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass
security on the rest of it.
From now on, all the phone's data is protected. It can no longer be accessed by criminals, governments, or
rogue employees. Access to it can no longer be demanded by totalitarian governments. A user's iPhone
data is now more secure.
To hear U.S. law enforcement respond, you'd think Apple's move

heralded an unstoppable crime wave. See, the FBI had been using that
vulnerability to get into peoples' iPhones. In the words of cyberlaw professor Orin Kerr, "How is the public
interest served by a policy that only thwarts lawful search warrants?"
but that's the thing: You can't build a "back door" that only the good guys
can walk through. Encryption protects against cybercriminals,
industrial competitors, the Chinese secret police and the FBI. You're
either vulnerable to eavesdropping by any of them, or you're secure
from eavesdropping from all of them.
Back-door access built for the good guys is routinely used by the bad
guys. In 2005, some unknown group surreptitiously used the lawful-intercept capabilities built into the
Ah,
Greek cell phone system. The same thing happened in Italy in 2006.
In 2010, Chinese hackers subverted an intercept system Google had put into Gmail to comply with U.S.
government surveillance requests. Back doors in our cell phone system are currently being exploited by
the FBI and unknown others.
This doesn't stop the FBI and Justice Department from pumping up
the fear. Attorney General Eric Holder threatened us with kidnappers and
sexual predators.
The former head of the FBI's criminal investigative division went even
further, conjuring up kidnappers who are also sexual predators. And, of
course, terrorists.
FBI Director James Comey claimed that Apple's move allows people to place themselves beyond the law"
and also invoked that now overworked "child kidnapper." John J. Escalante, chief of detectives for the
Chicago police department now holds the title of most hysterical: "Apple will become the phone of choice
for the pedophile."
It's all bluster. Of the 3,576 major offenses for which warrants were
granted for communications interception in 2013, exactly one
involved kidnapping. And, more importantly, there's no evidence that
encryption hampers criminal investigations in any serious way. In
2013, encryption foiled the police nine times, up from four in 2012
and the investigations proceeded in some other way.
This is why the FBI's scare stories tend to wither after public scrutiny.
A former FBI assistant director wrote about a kidnapped man who
would never have been found without the ability of the FBI to decrypt
an iPhone, only to retract the point hours later because it wasn't
true.
We've seen this game before. During the crypto wars of the 1990s, FBI
Director Louis Freeh and others would repeatedly use the example of
mobster John Gotti to illustrate why the ability to tap telephones was so
vital. But the Gotti evidence was collected using a room bug, not a
telephone tap. And those same scary criminal tropes were trotted out
then, too. Back then we called them the Four Horsemen of the
Infocalypse: pedophiles, kidnappers, drug dealers, and terrorists.
Nothing has changed.
Official statistics disprove the link.
Franceschi-Bicchierai 15 Lorenzo Franceschi-Bicchierai, Staff Writer covering hacking,
information security, and digital rights at VICE Motherboard, former writer at Mashable and Danger Room
the Wired blog, holds an M.S. in Journalism from Columbia University, 2015 (Data Shows Little Evidence
for FBI's Concerns About Criminals 'Going Dark', Motherboard, July 1st, Available Online at
http://motherboard.vice.com/read/data-shows-little-evidence-for-fbis-concerns-about-criminals-going-dark,
government officials, led by the FBIs Director James

Comey, have been complaining that the rise of encryption technologies
would lead to a very dark place where cops and feds cant fight and stop criminals.
But new numbers released by the US government seem to contradict this
doomsday scenario.
In 2014, encryption thwarted four wiretaps out of 3,554, according to
an annual report published on Wednesday by the US agency that oversees
federal courts.
The report reveals that state law enforcement agencies encountered
encryption in 22 wiretaps last year. Out of those, cops were foiled on
only two occasions. As for the feds, they encountered encryption in just
three wiretaps, and could not decipher the intercepted
communications in two of them.
They're blowing it out of proportion, Hanni Fahkoury, an attorney at
the digital rights group Electronic Frontier Foundation (EFF), told Motherboard.
[Encryption] was only a problem in five cases of the more than 3,500
wiretaps they had up. Second, the presence of encryption was down by
almost 50 percent from the previous year.
So this is on a downward trend, not upward, he wrote in an email.
In fact, cops found less encryption last year than in the year prior. In
2013, state authorities encountered encryption in 41 cases, versus 22
in 2014. At the federal level, there were three cases of encryption in
2014, against none in 2013. (The report also refers to five federal wiretaps conducted in
In the last few months, several
previous years but only reported in 2014. Of those, the feds were able to crack the communications in
four of the five.)
The FBI did not respond to Motherboards request for comment.
Yet, other experts warn that the Wiretap Report is only a small window into the world of government
surveillance.
First of all, the FBI has been railing against encryption not just when its used for communications, but
especially when its used to safeguard data on the phone or computer. The whole recent debate was
spurred by Apples announcement that it wouldnt be able to unlock phones for the police anymore, and
that new iPhones would be encrypted by default. Wiretaps arent used to get that kind of data, but cover
mostly communications.
Moreover, the FBI has said in the past that it doesnt apply for wiretaps when it know it cant intercept the
targeted communications, according to Albert Gidari, a lawyer at Perkins Coie who has worked with
technology firms on surveillance matters, and Jonathan Mayer, a computer scientist and lawyer at Stanford
University.
The report is suggestive, but hardly conclusive, Mayer told Motherboard. Much
more telling, in
is that law enforcement and intelligence officials remain unable
to provide episodes where encryption frustrated an investigation.
So far, the FBI has yet to put forth a valid example where encryption
really thwarted an investigation. In fact, some of the examples cited by
Comey have been debunked in media reports.
my view,
This crypto debate continues to be a red herring because we really are uninformed about the facts that
the FBI contends supports their position, Gidari said.
The Wiretap Report contains other interesting information that shed a light on government surveillance
practices. Out of the more than 3,554 wiretaps authorized by judges, the vast majority of them (3,409 or
89 percent) were for drug related offenses. Homicide, in turn, was the reason behind only 4 percent of the
the wiretaps. And virtually all of them (96%) were for portable devices, such as cellphones.
Even if the Wiretap Report is just small a peek behind the scenes of
government surveillance, it shows that for now, at least when it comes
to wiretapping, the FBIs isnt really going dark.
Law enforcement can still get a warrant no link.
Cohn et al. 14 Cindy Cohn, Executive Director and former Legal Director and General Counsel
of the Electronic Frontier Foundation, holds a J.D. from the University of Michigan Law School, with Jeremy
Gillula, Staff Technologist at the Electronic Frontier Foundation, holds a Ph.D. in Computer Science from
Stanford University, and Seth Schoen, Senior Staff Technologist at the Electronic Frontier Foundation, 2014
(What Default Phone Encryption Really Means For Law Enforcement, Vice News, October 8th, Available
Online at https://news.vice.com/article/what-default-phone-encryption-really-means-for-law-enforcement,
The common misconception among the hysteria is that this decision

will put vital evidence outside the reach of law enforcement. But
nothing in this encryption change will stop law enforcement from seeking a
warrant for the contents of a phone, just as they seek warrants for the
contents of a laptop or desktop computer. Whether or not a person can
be required to unlock the device is a complicated question
intertwined with the right of due process and the right to avoid selfincrimination that ought to be carefully considered by a court in the
context of each individual situation.
Strong encryption decreases crime empirical data.
America Foundation, holds a B.A. in History from Yale University, with Andi Wilson, Policy Program
Associate at the Open Technology Institute at the New America Foundation, holds a Master of Global Affairs
degree from the Munk School at the University of Toronto, and Kevin Bankston, Policy Director at the Open
Technology Institute at the New America Foundation, former Senior Counsel and Director of the Free
Civil Liberties Union, holds a J.D. from the University of Southern California Law School, 2015 (Doomed To
Repeat History? Lessons From The Crypto Wars of the 1990s, Report by the Open Technology Institute at
the New America Foundation, June, Available Online at https://static.newamerica.org/attachments/3407-125/Lessons%20From%20the%20Crypto%20Wars%20of%20the
%201990s.882d6156dc194187a5fa51b14d55234f.pdf, Accessed 07-06-2015, p. 19)
there is now a significant body of evidence that, as Bob Goodlatte

argued back in 1997, Strong encryption prevents crime.180 This has become
particularly true as smartphones and other personal devices that store
vast amount of user data have risen in popularity over the past
Moreover,
decade. Encryption can stop or mitigate the damage from crimes like
identity theft and fraud targeted at smartphone users.181
They Say: Going Dark

No going dark link it is just rhetoric.
Kerry 14 Cameron F. Kerry, Distinguished Fellow in Governance Studies at the Center for
Technology Innovation at the Brookings Institution, former Visiting Scholar with the MIT Media Lab, former
General Counsel and Acting Secretary of the United States Department of Commerce, holds a J.D. from
Boston College Law School, 2014 (The Law Needs To Keep Up With Technology But Not At The Expense Of
Civil Liberties, Forbes, November 6th, Available Online at
http://www.forbes.com/sites/realspin/2014/11/06/the-law-needs-to-keep-up-with-technology-but-not-at-theexpense-of-civil-liberties/2/, Accessed 07-05-2015)
Going dark makes a good sound bite. But the neat phrase ignores
the fundamental reality that law enforcement and intelligence
agencies have been going bright. The digital era provides troves
of evidence that never existed before. IBM has estimated that
90% of the data in the world has been created in the last two to
three years and EMC projects this volume will increase sevenfold-fold
by 2020. This vast flood of informationemails, surveillance and traffic
cameras, transactions, mobile phone location data, and many other
sourcesprovides law enforcement with digital trails everywhere all
the time. Expanded use of encryption may obscure a portion of such
data, but that still leaves exabytes of information from which to
seek evidence.
Fears that encryption will cause agencies to go dark are
wrong and explained by loss aversion and the endowment
effect.
Swire and Ahmad 11 Peter Swire, C. William ONeill Professor of Law at the Moritz College
of Law of the Ohio State University, served as the Chief Counselor for Privacy in the Office of Management
and Budget during the Clinton Administration, holds a J.D. from Yale Law School, and Kenesa Ahmad, Legal
and Policy Associate with the Future of Privacy Forum, holds a J.D. from the Moritz College of Law of the
Ohio State University, 2011 (Going Dark Versus a Golden Age for Surveillance, Center for Democracy
& Technology, November 28th, Available Online at https://cdt.org/blog/%E2%80%98going-dark
%E2%80%99-versus-a-%E2%80%98golden-age-for-surveillance%E2%80%99/, Accessed 06-24-2015)
What explains the agencies sense of loss when the use of wiretaps has
expanded, encryption has not been an important obstacle, and
agencies have gained new location, contact, and other information? One
answer comes from behavioral economics and psychology, which has drawn
academic attention to concepts such as loss aversion and the
endowment effect. Loss aversion refers to the tendency to prefer
avoiding losses to acquiring gains of similar value. This concept also
helps explain the endowment effect the theory that people place
higher value on goods they own versus comparable goods they do not
own. Applied to surveillance, the idea is that agencies feel the loss of
one technique more than they feel an equal-sized gain from other
techniques. Whether based on the language of behavioral economics
or simply on common sense, we are familiar with the human tendency
to pocket our gains assume we deserve the good things that come
our way, but complain about the bad things, even if the good things
are more important.
A simple test can help the reader decide between the going dark and
golden age of surveillance hypotheses. Suppose the agencies had a
choice of a 1990-era package or a 2011-era package. The first package
would include the wiretap authorities as they existed pre-encryption,
but would lack the new techniques for location tracking, confederate
identification, access to multiple databases, and data mining. The
second package would match current capabilities: some encryptionrelated obstacles, but increased use of wiretaps, as well as the
capabilities for location tracking, confederate tracking and data
mining. The second package is clearly superior the new surveillance
tools assist a vast range of investigations, whereas wiretaps apply only
to a small subset of key investigations. The new tools are used far
more frequently and provide granular data to assist investigators.
Conclusion
Due to changing
technology, there are indeed specific ways that law enforcement and
national security agencies lose specific previous capabilities. These
specific losses, however, are more than offset by massive gains.
Public debates should recognize that we are truly in a golden age of
surveillance. By understanding that, we can reject calls for bad
encryption policy. More generally, we should critically assess a wide range
of proposals, and build a more secure computing and communications
infrastructure.
This post casts new light on government agency claims that we are going dark.
Encryption wont make law enforcement go dark. Were in a

Golden Age of Surveillance.
we should step back and maintain a little perspective about the

supposedly dire position of 21st century law enforcement. In his latest post in
the Apple series, Kerr invokes his influential equilibrium adjustment theory of
Fourth Amendment law. The upshot of Kerrs theory, radically oversimplified, is that
Fourth and finally,
technological changes over time can confer advantages on both police investigators and criminals seeking
to avoid surveillance, and the law adjusts over time to preserve a balance between the ability of citizens to
protect their privacy and the ability of law enforcement to invade it with sufficiently good reason. As I
technology does not necessarily provide

us with easy Goldilocks policy options: Sometimes there is just no good
way to preserve capabilities to which police have grown accustomed
without imposing radical restrictions on technologies used lawfully
by millions of peoplerestrictions which are likely to as prove futile in
the long run as they are costly. But this hardly means that evolving
technology is bad for law enforcement on net.
On the contrary, even if we focus narrowly on the iPhone, it seems clear that what Apple
taketh away from police with one hand, it giveth with the other: The
companys ecosystem considered as a whole provides a vast treasure
hope some of my arguments above illustrate,
trove of data for police even if that trove does not include backdoor
access to physical devices. The ordinary, unsophisticated criminal may be more able to
protect locally stored files than he was a decade ago, but in a thousand other ways, he can expect to be
far more minutely tracked in both his online and offline activities. An encrypted text messaging system
may be worse from the perspective of police than an unencrypted one, but it is it really any worse than a
system of pay phones that allow criminals to communicate without leaving any record for police to sift
activities that would once have left no

permanent trace by defaultfrom looking up information to moving
around in the physical world to making a purchasenow leave a trail of
digital breadcrumbs that would have sounded like a utopian fantasy to
an FBI agent in the 1960s. Law enforcement may moan that they are
going dark when some particular innovation makes their jobs more
difficult (while improving the security of law-abiding peoples private data), but when we
consider the bigger picture, it is far easier to agree with the experts who
have dubbed our era the Golden Age of Surveillance. Year after year,
through after the fact? Meanwhile
technology opens a thousand new windows to our government monitors. If we aim to preserve an
equilibrium between government power and citizen privacy, we should accept that it will occasionally
close one as well.
Encryption wont jeopardize law enforcement.

Board Member of the Electronic Privacy Information Center, 2014 (Stop the hysteria over Apple
encryption, CNN, October 31st, Available Online at http://www.cnn.com/2014/10/03/opinion/schneier-appleencryption-hysteria/index.html, Accessed 06-29-2015)
recent decades have given them an unprecedented

ability to put us under surveillance and access our data. Our cell
phones provide them with a detailed history of our movements. Our call
records, email history, buddy lists, and Facebook pages tell them who
we associate with. The hundreds of companies that track us on the
Internet tell them what we're thinking about. Ubiquitous cameras
capture our faces everywhere. And most of us back up our iPhone data on
iCloud, which the FBI can still get a warrant for. It truly is the golden
age of surveillance.
As for law enforcement? The
After considering the issue, Orin Kerr rethought his position, looking at this in terms of a technological-legal
trade-off. I think he's right.
Given everything that has made it easier for governments and others
to intrude on our private lives, we need both technological security and
legal restrictions to restore the traditional balance between
government access and our security/privacy. More companies should follow Apple's
lead and make encryption the easy-to-use default. And let's wait for some actual
evidence of harm before we acquiesce to police demands for
reduced security.
They Say: Above The Law

No above the law link bad argument.
Masnick 14 Mike Masnick, Founder and Chief Executive Officer of Floor64a software company,
Founder and Editor of Techdirt, 2014 (FBI Director Angry At Homebuilders For Putting Up Walls That Hide
Any Crimes Therein, Techdirt, September 26th, Available Online at
https://www.techdirt.com/articles/20140925/17303928647/fbi-director-angry-homebuilders-putting-upwalls-that-hide-any-crimes-therein.shtml, Accessed 07-05-2015)
Comey displayed not only a weak understanding of

privacy and encryption, but also what the phrase "above the law"
means, in slamming Apple and Google for making encryption a default:
On Thursday, FBI boss James
"I am a huge believer in the rule of law, but I am also a believer that no one in this country is
above the law," Comey told reporters at FBI headquarters in Washington. "What concerns me
about this is companies marketing something expressly to allow people to place themselves
above the law."
[....]
"There will come a day -- well it comes every day in this business -- when it will matter a great,
great deal to the lives of people of all kinds that we be able to with judicial authorization gain
access to a kidnapper's or a terrorist or a criminal's device. I just want to make sure we have a
good conversation in this country before that day comes. I'd hate to have people look at me and
say, 'Well how come you can't save this kid,' 'how come you can't do this thing.'"
nothing in what either Apple or Google is doing puts anyone "above

the law." It just says that those companies are better protecting the
privacy of their users. There are lots of things that make law
enforcement's job harder that also better protect everyone's privacy.
That includes walls. If only there were no walls, it would be much
easier to spot crimes being committed. And I'm sure some crimes happen
behind walls that make it difficult for the FBI to track down what
happened. But we don't see James Comey claiming that homebuilders are
allowing people to be "above the law" by building houses with
walls.
First of all,
"I get that the post-Snowden world has started an understandable pendulum swing," he said. "What I'm
worried about is, this is an indication to us as a country and as a people that, boy, maybe that pendulum
swung too far."
The "pendulum" hasn't swung at all. To date, there has been no

legal change in the surveillance laws post-Snowden. The pendulum is
just as far over towards the extreme surveillance state as it has been
since Snowden first came on the scene. This isn't the pendulum
"swinging too far." It's not even the pendulum swinging. This is just
Apple and Google making a tiny shift to better protect privacy.
As Christopher Soghoian points out, why isn't Comey screaming about the
manufacturers of paper shredders, which similarly allow their
customers to hide papers from "lawful surveillance?"
Wait, what?
They Say: Only For Criminals

Not only for criminals ridiculous argument.
Founder and Editor of Techdirt, 2014 (FBI Director Angry At Homebuilders For Putting Up Walls That Hide
Any Crimes Therein, Techdirt, September 26th, Available Online at
https://www.techdirt.com/articles/20140925/17303928647/fbi-director-angry-homebuilders-putting-upwalls-that-hide-any-crimes-therein.shtml, Accessed 07-05-2015)
But, of course, the freaking out continues. Over in the Washington Post, there's this bit of insanity:
Apple will become the phone of choice for the pedophile, said John J. Escalante, chief of
detectives for Chicagos police department. The average pedophile at this point is probably
thinking, Ive got to get an Apple phone.
Um. No. That's just ridiculous. Frankly, if pedophiles are even thinking about encryption, it's likely that they
already are using one of the many encryption products already on the market. And, again, this
demonizing of encryption as if it's only a tool of pedophiles and

criminals is just ridiculous. Regular everyday people use encryption
every single day. You're using it if you visit this very website. And it's increasingly
becoming the standard, because that's just good security.
They Say: Helps Terrorists

Encryption doesnt foster terrorism.
Won't the proliferation of encryption help terrorists?

No. It's the exact opposite: encryption is one of the things that protects us
from terrorists, criminals, foreign intelligence, and every other threat
on the Internet, and against our data and communications. Encryption
protects our trade secrets, our financial transactions, our medical
records, and our conversations. In a world where cyberattacks are
becoming more common and more catastrophic, encryption is one of
our most important defenses.
BI:
BS:
In 2010, the US Deputy Secretary of Defense William Lynn wrote: "Although the threat to intellectual
property is less dramatic than the threat to critical national infrastructure, it may be the most significant
Encryption protects against

intellectual property theft, and it also protects critical national
infrastructure.
What you're asking is much more narrow: won't terrorists be able to use encryption
to protect their secrets? Of course they will. Like so many other aspects of our society,
the benefits of encryption are general and can be enjoyed by both the
good guys and the bad guys. Automobiles benefit both long-distance
travelers and bank robbers. Telephones benefit both distant relatives and
kidnappers. Late-night all-you-can-eat buffets benefit both hungry
students and terrorists plotting their next moves.
This is simply reality. And there are two reasons it's okay. One, good people far
outnumber bad people in society, so we manage to thrive nonetheless.
And two, the bad guys trip themselves up in so many other ways that
allowing them access to automobiles, telephones, late-night
restaurants, and encryption isn't enough to make them successful.
Most of the time we recognize that harming the overwhelming number of honest
people in society to try to harm the few bad people is a dumb tradeoff. Consider an analogy: Cameron is unlikely to demand that cars redesign their engines so as to limit
cyberthreat that the United States will face over the long term."
their speeds to 60 kph so bank robbers can't get away so fast. But he doesn't understand the comparable
trade-offs in his proposed legislation.
Defense: terrorists will evade backdoors. Offense: theyll

exploit them to commit attacks.
Venezia 15 Paul Venezia, Senior Contributing Editor at InfoWorld, has worked as a Network and
Systems Engineer for over 15 years, 2015 (Encryption with backdoors is worse than useless -- it's
dangerous, InfoWorld, July 13th, Available Online at
http://www.infoworld.com/article/2946064/encryption/encryption-with-forced-backdoors-is-worse-thanuseless-its-dangerous.html, Accessed 07-20-2015)
The general idea coming from these camps is that terrorists use encryption to
communicate. Thus, if there are backdoors, then law enforcement can
eavesdrop on those communications. Leaving aside the massive
vulnerabilities that would be introduced on everyone else, its clear
that the terrorists could very easily modify their communications to
evade those types of encryption or set up alternative communication
methods. We would be creating holes in the protection used for trillions
of transactions, all for naught.
Citizens of a city do not give the police the keys to their houses. We do
not register our bank account passwords with the FBI. We do not
knowingly or specifically allow law enforcement to listen and record our
phone calls and Internet communications (though that hasnt seemed to matter). We
should definitely not crack the foundation of secure Internet
communications with a backdoor that will only be exploited by
criminals or the very terrorists that were supposedly trying to thwart.
Remember, if the government can lose an enormous cache of
extraordinarily sensitive, deeply personal information on millions of its
own employees, one can only wonder what horrors would be visited
upon us if it somehow succeeded in destroying encryption as well .
They Say: Helps ISIS

No, encryption isnt needed to stop ISIS. But it is vital to U.S.
cybersecurity.
Landau 15 Susan Landau, Professor of Cybersecurity Policy in the Department of Social Science
and Policy Studies at Worcester Polytechnic Institute, serves on the Computer Science Telecommunications
Board of the National Research Council, former Senior Staff Privacy Analyst at Google, former Distinguished
Engineer at Sun Microsystems, former faculty member at the University of Massachusetts at Amherst and
at Wesleyan University, has held visiting positions at Harvard, Cornell, Yale, and the Mathematical Sciences
Research Institute, holds a Ph.D. in Mathematics from the Massachusetts Institute of Technology, 2015
(Director Comey and the Real Threats, Lawfare, July 3rd, Available Online at
http://www.lawfareblog.com/director-comey-and-real-threats, Accessed 07-06-2015)
Conflation obscures issues. That's what's happening now with FBI Director
Comey's arguments regarding ISIS, Going Dark, and device encryption.
On Wednesday, Ben, quoting the director, discussed how the changes resulting from ISIS means we ought
to reexamine the whole encryption issue. "Our job is to find needles in a nationwide haystack, needles that
are increasingly invisible to us because of end-to-end encryption," Comey said. "This is the 'going dark'
problem in high definition."
The possibility of ISIS attacks

on US soil is very frightening. But as the New York Times reports, though the
organization inspires lone wolf terrorists, it doesn't organize them to
conduct their nefarious acts.
Encryption is not the difficulty in determining who the attackers might
be and where their intentions lie. But encryption is important in
combating our most serious national security concerns. I've quoted
Nope. Comey is looking at the right issue but in the wrong way.
William Lynn here before, but the point he made is directly relevant, and it bears repeating. The Deputy
Director of Defense wrote, "the
threat to intellectual property is less dramatic

than the threat to critical national infrastructure, [but] it may be the
most significant cyberthreat that the United States will face over the long
term."
The way you protect against such threats is communications and
computer security everywhere. This translates to end-to-end
encryption for communications, securing communications devices, etc.
This is why, for example, NSA has supported technological efforts to secure devices, communications, and
networks in the private sector.
Thoughts of an armed thug wielding a machete or shooting a

semiautomatic rifle at a Fourth of July parade or picnic are terrifying. But
one thing we expect out of government officials is rational thought and
a sense of priorities. Tackling ISIS domestically is difficult, but there is
no evidence that being able to listen to communications would have
helped prevent the attacks on Charlie Hebdo, in Tunisia, or other ISISinspired efforts. Meanwhile there is plenty of evidence that securing
our communications and devices would have prevented the breaches
at Anthem, OPM, and elsewhere. The latter are serious long-term
national security threats.
Securing the US means more than protecting against a knife-wielding
fanatic; it includes securing the economy and developing the
infrastructure that protects against long-term threats. We expect our
leaders to prioritize, putting resources to the most important threats
and making the choices that genuinely secure our nation. Director
Comey's comments mixing ISIS with discussions about

communications security and encryption do not rise to that level.
Theres no evidence that encryption empowers ISIS.
Wheeler 15 Marcy Wheeler, independent journalist writing about national security and civil
liberties, has written for the Guardian, Salon, and the Progressive, author of Anatomy of Deceit about the
CIA leak investigation, Recipient of the 2009 Hillman Award for blog journalism, holds a Ph.D. in
Comparative Literature from the University of Michigan, 2015 (Jim Comey May Not Be a Maniac, But He
Has a Poor Understanding of Evidence, Empty WheelDr. Marcy Wheelers blog, July 6th, Available Online
at https://www.emptywheel.net/2015/07/06/jim-comey-may-not-be-a-maniac-but-he-has-a-poorunderstanding-of-evidence/, Accessed 07-20-2015)
Apparently, Jim Comey wasnt happy with his stenographer, Ben Wittes. After having Ben write up Comeys
concerns on encryption last week, Comey has written his own explanation of his concerns about encryption
at Bens blog.
Here are the 3 key paragraphs.
2. There are many benefits to this. Universal strong encryption will protect all of usour
innovation, our private thoughts, and so many other things of valuefrom thieves of all kinds. We
will all have lock-boxes in our lives that only we can open and in which we can store all that is
valuable to us. There are lots of good things about this.
3. There are many costs to this. Public safety in the United States has relied for a couple centuries
on the ability of the government, with predication, to obtain permission from a court to access the
papers and effects and communications of Americans. The Fourth Amendment reflects a tradeoff inherent in ordered liberty: To protect the public, the government sometimes needs to be able
to see an individuals stuff, but only under appropriate circumstances and with appropriate
oversight.
4. These two things are in tension in many contexts. When the governments abilitywith
appropriate predication and court oversightto see an individuals stuff goes away, it will affect
public safety. That tension is vividly illustrated by the current ISIL threat, which involves ISIL
operators in Syria recruiting and tasking dozens of troubled Americans to kill people, a process
that increasingly takes part through mobile messaging apps that are end-to-end encrypted,
communications that may not be intercepted, despite judicial orders under the Fourth
Amendment. But the tension could as well be illustrated in criminal investigations all over the
country. There is simply no doubt that bad people can communicate with impunity in a world of
universal strong encryption.
Comey admits encryption lets people lock stuff away from criminals (and
supports innovation), and admits there are lots of good things about this. He
then introduces costs, without enumerating them. In a paragraph
purportedly explaining how the good things and costs are in
tension, he raises the ISIL threat as well as as an afterthought criminal
investigations all over the country.
Without providing any evidence about that tension.
As I have noted, the recent wiretap report raises real questions, at least
about the criminal investigations all over the country, which in fact
are not being thwarted. On that ledger, at least, there is no question: the
good things (AKA, benefits) are huge, especially with the million or so
iPhones that get stolen every year, and the costs are negligible, just
a few wiretaps law enforcement cant break.
I conceded we cant make the same conclusions about FISA orders or
the FBI generally because Comeys agencys record keeping is so bad (which
is consistent with all the rest of its record-keeping). It may well be that were not able to
access ISIL communications with US recruits because of encryption,
but simply invoking the existence of ISIL using end-to-end encrypted
mobile messaging apps is not evidence (especially because so much
evidence indicates that sloppy end-user behavior makes it possible for
FBI to crack this).
Especially after the FBIs 0-for-40 record about making claims about
terrorists since 9/11.
It may be that the FBI is facing increasing problems tracking ISIL. It
may even be though Im skeptical that those problems would outweigh the
value of making stealing iPhones less useful.
But even as he calls for a real debate, Comey offers not one bit of real
evidence to counter the crappy FBI reporting in the official reports to
suggest this is not more FBI fearmongering.
This argument is baseless fearmongering.
Mother Jones, 2015 (FBI and Comey Find New Bogeyman for Anti-Encryption Arguments: ISIS, The
Intercept, July 7th, Available Online at https://firstlook.org/theintercept/2015/07/07/fbi-finds-new-bogeymananti-encryption-arguments-isis/, Accessed 07-20-2015)
After months of citing hypothetical crimes as a reason to give law enforcement a magical key to unlock
Comey has latched onto a new

bogeyman: ISIS.
In a speech he gave in October 2014 as part of his coordinated push to make the case that the FBI
is going dark, Comey leaned on examples of kidnappers and child abusers
encrypted digital messages, FBI Director James
who texted details of their violent plots that law enforcement agents werent privy to.
But, as The Intercept reported shortly after, those examples were largely bogus and
had nothing to do with encryption.
Now, in a preview of his appearance Wednesday before the Senate Intelligence Committee, Comey
is playing the ISIS card, saying that it is becoming impossible for the FBI to stop the groups
recruitment and planned attacks. (He uses an alternate acronym, ISIL, for the Islamic State.)
The current ISIL threat involves ISIL operators in Syria recruiting and tasking dozens of troubled
Americans to kill people, a process that increasingly takes part through mobile messaging apps that are
end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the
Fourth Amendment, Comey wrote on Monday in a blog post on the pro-surveillance website Lawfare.
While providing no specific, independently confirmable examples,

Comey has claimed that FBI agents are currently encountering problems
because of encrypted communications as they track potential ISIS
sympathizers and radicals.
Comey has long argued that sophisticated encryption technology being implemented by tech giants,
including Google and Apple, will make it harder and harder for the FBI to track its targets. Encryption
scrambles the contents of digital communications, making it impossible for users without the key to read
messages in plain language.
Comey has vaguely indicated that he wants tech companies to build a special entrance to
communications: a specific passcode or key or combination of keys that only law enforcement can
use, when appropriate.
Privacy and cryptology experts have come out strongly against

Comeys suggestion, arguing that encryption makes people safer, and that creating a hole in
encryption for law enforcement creates a hole for criminals to go through, too.
They also note that law enforcement can thwart encryption in most
cases, and can supplement investigations with traditional methods
not involving surveillance.
The FBI have been trying to argue that the internet is going dark for several years now, and Congress
has not yet bought into their propositions, Amie Stepanovich, the U.S. policy manager for digital rights at
Access, an international pro-privacy organization, wrote in an email to The Intercept. Terrorist threats are
harder to substantiate and easier to use as justifications for additional funding, she wrote.
According to a Federal Courts report on wiretapping in 2014 published last

week, law enforcement personnel at the state and federal level were only
stymied by encryption on four wiretaps all year.
Neema Singh Guliani, legislative council for the American Civil Liberties Union, said she
thinks that report might be a reason Comey has switched from arguing about
the restrictions on federal law enforcement to focusing on the dangers posed by ISIS .
According to the report, encryption has not been a significant
impediment for law enforcement, Guliani wrote in an email. This represents a
decrease from prior years. Given this report, Comeys prior contention
that backdoors are needed for federal law enforcement needs is
unpersuasive.
Tiffiny Cheng, co-founder of Fight for the Future , a nonprofit dedicated to privacy
rights, said that Comey is fueling a culture of fear that enriches both
defense contractors and the agencies they support. The U.S. government has
not looked at data on efficacy to decide where the line between security and liberty should be, instead
they just shoot whatever they want from the mouth in order to stay in the game, she wrote in an email.
They Say: Garland, TX (Elton Simpson)

The Garland (Elton Simpson) example goes aff.
Mother Jones, 2015 (FBI and Comey Find New Bogeyman for Anti-Encryption Arguments: ISIS, The
Intercept, July 7th, Available Online at https://firstlook.org/theintercept/2015/07/07/fbi-finds-new-bogeymananti-encryption-arguments-isis/, Accessed 07-20-2015)
To the extent that Comey has mentioned any specific ISIS-related

investigation, it is one that doesnt support his argument.
In May, after two gunmen arrived at a controversial anti-Muslim exhibition
in Garland, Texas, and were slain by law enforcement before they could carry out their attack,
Comey publicly announced that the FBI had been tracking one of the wouldbe attackers, Elton Simpson, for months.
This is the going dark problem in living color. There are Elton Simpsons out there that I have not found
and I cannot see, he said.
But FBI surveillance didnt stop Elton Simpson the Garland Police
Department did. The local police never got the FBIs email, and if they
had, Garlands Police Chief Bates told NPR, the response would not
have been any different: Please note that the contents of that
email would not have prevented the shooting nor would it have
changed the law enforcement response in any fashion.
They Say: Benjamin Wittes

Wittess argument is terrible.
Cushing 15 Tim Cushing, Staff Writer for Techdirt, 2015 (NSA Apologist Offers Solutions To
'Encryption' Problem, All Of Which Are Basically 'Have The Govt Make Them Do It', Techdirt, July 15th,
Available Online at https://www.techdirt.com/articles/20150714/20210431643/nsa-apologist-offerssolutions-to-encryption-problem-all-which-are-basically-have-govt-make-them-do-it.shtml, Accessed 07-202015)
Wittes, one of the NSA apologists ensconced at Lawfare, has

written a long piece in defense of FBI head James Comey's assertions that
there must be some way tech companies can give him what he wants
without compromising the privacy and security of every nonterrorist/criminal utilizing the same broken encryption.
What he suggests is highly problematic, although he obviously
pronounces that word as "pragmatic." He implies the solution is
already known to tech companies, but that their self-interest outweighs
the FBI's push for a "greater good" fix.
Benjamin
The theory is that companies have every incentive for market reasons to protect consumer
privacy, but no incentives at all to figure out how to provide law enforcement access in the
context of doing so.
There's some truth to this theory. Tech companies are particularly wary of appearing to be complicit in
government surveillance programs as a couple of years of leaks have done considerable damage to their
prospects in foreign markets.
Wittes suggests the government isn't doing much to sell this broken encryption plan, despite Comey's
multiple statements on the dangers posed by encrypted communications. And he's right. If the
government truly wants a "fix," it needs to start laying the groundwork. It can't just be various intel/law
enforcement heads stating "we're not really tech guys" and suggesting tech companies put the time and
effort into solving their problems for them.
If we beginas the computer scientists dowith a posture of great skepticism as to the
plausibility of any scheme and we place the burden of persuasion on Comey, law enforcement,
and the intelligence community to demonstrate the viability of any system, the obvious course is
government-sponsored research. What we need here is not a Clipper Chip-type initiative, in which
the government would develop and produce a complete system, but a set of intellectual and
technical answers to the challenges the technologists have posed. The goal here should be an
elaborated concept paper laying out how a secure extraordinary access system would work in
sufficient detail that it can be evaluated, critiqued, and vetted; think of the bitcoin paper here as a
model. Only after a period of public vetting, discussion, and refinement would the process turn to
the question of what sorts of companies we might ask to implement such a system and by what
legal means we might ask.
Thus ends the intelligent suggestions in Wittes' thinkpiece. Everything else is exactly the sort of thing
Comey keeps hinting at, but seems unwilling to actually put in motion. It's the government-power elephant
in the room. Actually, several elephants. It's the underlying, unvocalized threat that lies just below the
surface of Comey's government-slanted PR efforts.
them.
Wittes just goes through the trouble of vocalizing
gives Comey's chickenshit, ignorant sales pitch a completely

disingenuous, self-serving reading. Comey has refused to
acknowledge the fact that what he's seeking is not actually possible.
He claims he doesn't have the tech background to make more
informed assertions while simultaneously insisting the solution exists
and could easily be found if only these tech companies were willing to
apply themselves.
First, he
[Comey] is talking in very different language: the language of performance requirements. He

wants to leave the development task to Silicon Valley to figure out how to implement
government's requirements. He wants to describe what he needsdecrypted signal when he has
a warrantand leave the companies to figure out how to deliver it while still providing secure
communications in other circumstances to their customers.
The advantage to this approach is that it potentially lets a thousand flowers bloom. Each company
might do it differently. They would compete to provide the most security consistent with the
performance standard. They could learn from each other. And government would not be in the
position of developing and promoting specific algorithms. It wouldn't even need to know how the
task was being done.
In Wittes' estimation, Comey is being wise and promoting open

innovation, rather than just refusing to openly acknowledge that his
desire to access and intercept communications far exceeds his desire
to allow millions of non-criminals access to safer connections and
communications.
Wittes goes on to offer a handful of "solutions" to the Second Crypto War. Not a
single one includes the government growing up and learning to deal
with the new, encrypted status quo. He follows up the one useful suggestion
government research exploring the feasibility of the proposed encryption bypass with one of his worst
ideas:
If you simply require the latter [law enforcement access] as a matter of law, [tech companies] will
devote resources to the question of how to do so while still providing consumer security. And
while the problems are hard, they will prove manageable once the tech giants decide to work
them hardrather than protesting their impossibility.
There's not a worse idea out there than making certain forms of
encryption illegal to use in the United States. But Wittes tries his hardest to
find equally awful ideas. Like this one, which would open tech companies to an entire new
area of liability.
Another, perhaps softer, possibility is to rely on the possibility of civil liability to incentivize
companies to focus on these issues. At the Senate Judiciary Committee hearing this past week,
the always interesting Senator Sheldon Whitehouse posed a question to Deputy Attorney General
Sally Yates about which I've been thinking as well: "A girl goes missing. A neighbor reports that
they saw her being taken into a van out in front of the house. The police are called. They come to
the home. The parents are frantic. The girl's phone is still at home." The phone, however, is
encrypted.
Wittes quotes Whitehouse's statements, in which he compares encryption to industrial

pollution and suggests tech companies not the criminal in question; not the
investigators who are seemingly unable to explore other options be held liable for the
criminal's actions. Wittes poses a rhetorical question one that assumes most of America wants
what Comey wants.
Might a victim of an ISIS attack domestically committed by someone who communicated and
plotted using communications architecture specifically designed to be immune, and specifically
marketed as immune, from law enforcement surveillance have a claim against the provider who
offered that service even after the director of the FBI began specifically warning that ISIS was
using such infrastructure to plan attacks? To the extent such companies have no liability in such
circumstances, is that the distribution of risk that we as a society want?
Holding companies responsible for the actions of criminals is

completely stupid. Providing encryption to all shouldn't put companies
at risk of civil suits. The encryption isn't being provided solely for use
by bad guys. It makes no more sense than holding FedEx responsible
for shipments of counterfeit drugs. And yet, we've seen our government do exactly that,
in essence requiring every affected private company to act as deputized law enforcement entities, despite
Wittes feels the best solutions

involve the government forcing companies to bend to its will, and
provide compromised encryption under duress.
The final solution proposed by Wittes is to let everything go to hell and assume the
political landscape along with tech companies' "sympathies" will shift accordingly. This would be the
"let's hope for the tragic death of a child" plan:
there being no logical reason to put them in this position.
[W]e have an end-to-end encryption issue, in significant part, because companies are trying to
assure customers worldwide that they have their backs privacy-wise and are not simply tools of
NSA. I think those politics are likely to change. If Comey is right and we start seeing law
enforcement and intelligence agencies blind in investigating and preventing horrible crimes and
significant threats, the pressure on the companies is going to shift. And it may shift fast and hard.
Whereas the companies now feel intense pressure to assure customers that their data is safe
from NSA, the kidnapped kid with the encrypted iPhone is going to generate a very different sort
of political response. In extraordinary circumstances, extraordinary access may well seem
reasonable.
If this does happen, Wittes' assumption will likely be correct. Politicians have never been shy about
capitalizing on tragedies to nudge the government power needle. This will be no different. One wonders
why no one has come forward with a significantly compelling tragedy by this point, considering the wealth
of encryption options currently on the market. A logical person would assume this lack of compelling
anecdotal evidence would suggest encryption really hasn't posed a problem yet -- especially considering
the highly-motivated sales pitches that have been offered nonstop since Google and Apple's
The "problem" Comey and others so

desperately wish to "solve" remains almost entirely theoretical at this
point.
But the FBI and others aren't going to wait until the next tragedy. They
want the path of least resistance now. The solutions proposed by
Wittes are exactly the sort of thing they'd be interested in: expanded
government power and increased private sector liability. This is why
Comey has no solution to offer. There is none. There is only the
option of making companies do what he wants, but he's too wary of
public backlash to actually say these things out loud. Wittes has saved
him the trouble and proven himself no more trustworthy than those
who want easy access, no matter the negative implications or
unintended consequences of these actions.
announcement of their encryption-by-default plans.
Wittes relies on a flawed analogy. Encrypted communications

arent an ungovernable space.
Friedersdorf 15 Conor Friedersdorf, Staff Writer for The Atlantic, 2015 (How Dangerous Is
End-to-End Encryption?, The Atlantic, July 14th, Available Online at
http://www.theatlantic.com/politics/archive/2015/07/nsa-encryption-ungoverned-spaces/398423/, Accessed
07-12-2015)
Technologists warn that there is no way to build in a backdoor just for

law enforcement, much as theres no way to outfit a safe with a
backdoor that only the FBI can open. If encryption is weakened so that
government can, in theory, access anyones data with a warrant, then in
practice, everyones communications will be vulnerable to Chinese
hackers, the Russian government, and NSA employees operating
beyond constitutional bounds without individualized warrants.
Over at Lawfare, Benjamin Wittes, who tends to favor increasing rather than circumscribing
governmental powers that relate to national security, muses at length on this question. Would it
be a good idea to have a world-wide communications infrastructure that is, as Bruce Schneier has aptly put
it, secure from all attackers? he asks. That is, if we could snap our fingers and make all device-to-device
communications perfectly secure against interception from the Chinese, from hackers, from the FSB but
also from the FBI even wielding lawful process, would that be desirable? Or, in the alternative, do we want
to create an internet as secure as possible from everyone except government investigators exercising their
legal authorities with the understanding that other countries may do the same?
He finds it useful to consider that question before deciding whether it is even possible to secure the
Internet against everyone except lawful government investigators.
For now, lets play along.
He says that the answer is not a close call.
The belief in principle in creating a giant world-wide network on which surveillance is technically
impossible is really an argument for the creation of the world's largest ungoverned space, he writes. I
understand why techno-anarchists find this idea so appealing. I can't imagine for moment, however, why
anyone else would.
He goes on to attempt an analogy:

Consider the comparable argument in physical space: the creation of a city in which authorities
are entirely dependent on citizen reporting of bad conduct but have no direct visibility onto what
happens on the streets and no ability to conduct search warrants (even with court orders) or to
patrol parks or street corners. Would you want to live in that city? The idea that ungoverned
spaces really suck is not controversial when you're talking about Yemen or Somalia. I see nothing
more attractive about the creation of a worldwide architecture in which it is technically impossible
to intercept and read ISIS communications with followers or to follow child predators into
chatrooms where they go after kids.
before even considering whether a governmentonly backdoor is possible and cost-effective, it seems to me that Wittess
analysis is flawed.
The problem lies in the limits of his analogy.
In an ungoverned territory like Somalia, bad actors can take violent
physical actions with impunitysay, seizing a cargo ship, killing the captain, and taking
hostages. If authorities were similarly helpless on Americas streets if gangs
could rob or murder pedestrians as they pleased, and police couldnt see or do a thing that would,
indeed, be dystopian. But when communications are encrypted, the
ungoverned territory does not encompass actions, violent or otherwise, just
thoughts and their expression.
No harm is done within the encrypted space.
To be sure, plots planned inside that space can do terrible damage in the
real worldbut so can plots hatched by gang members on public
streets whispering into one anothers ears, or Tony Soprano out on his
boat, having swept it for FBI bugs.
Even at this conceptual level,
Wittess argument justifies government surveillance of

everyones thoughts. His argument is terrible.
Friedersdorf 15 Conor Friedersdorf, Staff Writer for The Atlantic, 2015 (How Dangerous Is
End-to-End Encryption?, The Atlantic, July 14th, Available Online at
http://www.theatlantic.com/politics/archive/2015/07/nsa-encryption-ungoverned-spaces/398423/, Accessed
07-12-2015)
I wonder what Wittes would make of a different analogy.
In the absence of end-to-end encryptionindeed, even if it becomes a universally

available toolthe largest ungoverned space in the world wont be Somalia
or the Internet, but the aggregate space between the ears of every
human being on planet earth.
No authority figure can see into my brain, or the brain of Chinese
human-rights activist Liu Xiaobo, or the brains of ISIS terrorists, or the
brains of Black Lives Matter protestors, or the brains of child
pornographers, or the brains of Tea Partiers or progressive activists or
whoever it is that champions your political ideals. If government had
access to all of our thoughts, events from the American Revolution to
the 9/11 terrorist attacks wouldve been impossible. Reflecting on this
vast ungoverned territory, does Wittes still regard as uncontroversial
the notion that ungoverned spaces really suck? More to the point, if its
ever technically possible, would he prefer a world in which government
is afforded a backdoor into my brain, yours, and those of the next
Osama bin Laden, MLK, and Dylann Storm Roof?
To be clear, I dont mean to assert that backdoor access to digital communications is just like equivalent
say that end-to-end encryption is the norm going

forward. Do readers think that America would be more like Somalia? Or
more like todays America, only with greater privacy for thoughts,
papers, and personal effects that enables both significant goods and
harms?
As in contemporary Americaand unlike in Somaliaterrorists, child
pornographers, and other serious criminals would have to operate
outside ungoverned spaces to harm any innocents. The threats they
pose can be adequately addressed there.
access to our brains. But
They Say: Cyrus Vance

Vance is wrong.
OConnor 14 Nuala OConnor, President and Chief Executive of the Center for Democracy &
Technology, former Global Privacy Leader at General Electric, former Vice President of Compliance &
Consumer Trust and Associate General Counsel for Data & Privacy Protection at Amazon.com, former
Deputy Director of the Office of Policy & Strategic Planning, Chief Privacy Officer, and Chief Counsel for
Technology at the United States Department of Commerce, former Chief Privacy Officer at the Department
of Homeland Security, holds a J.D. from Georgetown University Law Center, 2014 (Apple and Google are
helping to protect our privacy, Letter To The Editor Washington Post, October 2nd, Available Online at
http://www.washingtonpost.com/opinions/apple-and-google-are-helping-to-protect-ourprivacy/2014/10/02/ea35524a-4824-11e4-a4bf-794ab74e90f0_story.html, Accessed 07-05-2015)
When law enforcement officials ask technology companies to make

technology less secure in the name of public safety, they are asking for
weakened privacy protections that leave citizens open to hacking and
fraud.
In his Sept. 28 Sunday Opinion piece, Can you catch me now? Good, Cyrus R. Vance Jr., the district
attorney of Manhattan, argued that Apple and Google are preventing law
enforcement from obtaining critical evidence stored on smartphones as a result
of the companies new encryption-by-default approach. This is not true. Law
enforcement, with a warrant, can access phone backups stored on a
hard drive or in the cloud. Law enforcement also can access with a
warrant any data stored by a company on behalf of a user. Further, a
court can order a person to unlock his or her phone.
People are aware of threats to privacy and personal information stored
electronically, including from unscrupulous hackers and thieves and
invasive government surveillance. We should encourage stronger
device security to reduce crime, rather than support weaker standards
that open people to outside attacks.
Apple and Google deserve kudos for stepping up to better secure and
protect our personal communications and privacy.
They Say: Ronald Hosko

Hosko is wrong.
Lee 14 Timothy B. Lee, Senior Editor covering technology at Vox, previously covered technology
policy for the Washington Post and Ars Technica, former Adjunct Scholar at the Cato Institute, holds a
Masters in Computer Science from Princeton University, 2014 (The government says iPhone encryption
helps criminals. They're wrong., Vox, September 29th, Available Online at
https://www.vox.com/2014/9/29/6854679/iphone-encryption-james-comey-government-backdoor,
Comey suggested that law enforcement access to the contents of smartphones

would be essential to savings lives in terrorism and kidnapping cases. But
his speech was short on specific examples where encryption actually
thwarted or would have thwarted a major police investigation.
Last week, former FBI official Ronald Hosko wrote an op-ed in the Washington Post offering
a concrete example of a case where smartphone encryption would have
thwarted a law enforcement investigation and cost lives. "Had this technology
been in place," Hosko wrote, "we wouldnt have been able to quickly identify which phone lines to tap. That
delay would have cost us our victim his life."
There's just one problem: Hosko was wrong. In the case he cited, the
police had not used information gleaned from a seized smartphone.
Instead, they used wiretaps and telephone calling records methods
that would have been unaffected by Apple's new encryption feature.
The Washington Post was forced to issue a correction.
Indeed, while law enforcement groups love to complain about ways that
encryption and other technologies have made their jobs harder,
technology has also provided the police with vast new troves of
information to draw upon in their investigations. With the assistance of cell phone providers, law
enforcement can obtain detailed records of a suspect's every move. And consumers increasingly use
cloud-computing services that store emails, photographs, and other private information on servers where
they can be sought by investigators.
So while smartphone encryption could make police investigations a bit

more difficult, the broader trend has been in the other direction:
there are more and more ways for law enforcement to gain information
about suspects. There's no reason to think smartphone encryption will be
a serious impediment to solving crimes.
They Say: Stanley Crovitz

Crovitz is totally wrong.
Founder and Editor of Techdirt, 2014 (Ridiculously Misinformed Opinion Piece In WSJ Asks Apple And
Google To Make Everyone Less Safe, Techdirt, November 24th, Available Online at
https://www.techdirt.com/articles/20141124/07011329232/ridiculously-misinformed-opinion-piece-wsjasks-apple-google-to-make-everyone-less-safe.shtml, Accessed 07-20-2015)
Crovitz still gets to publish opinion

pieces in the WSJ. And while I often find them interesting, any time he touches on
technology in almost any manner, he seems to fall flat on his face, often in
embarrassing ways such as the time he insisted the internet was invented by companies
without government support (yes, he really argued that). Crovitz has also been strongly prosurveillance state for years. He's attacked Wikileaks and Chelsea Manning by blatantly taking
quotes out of context, and then last year, writing a column about the Snowden leaks that
showed he doesn't understand even the basic facts. Crovitz tends to
see the world the way he wants to see it, rather than the way it really
is.
His latest is no exception, repeating a bunch of bogus or debunked claims
to argue that the tech industry should happily insert back doors into
technology to aid in surveillance. He kicks it off by both repeating the
false claim concerning how "subway bomber" Najibullah Zazi was caught, but also
totally misunderstanding the difference between encrypting data on a
device and encrypting data in transit:
Former Wall Street Journal publisher L. Gordon
Its a good thing Najibullah Zazi didnt have access to a modern iPhone or Android device a few
years ago when he plotted to blow up New York City subway stations. He was caught because his
email was tapped by intelligence agenciesa practice that Silicon Valley firms recently decided
the U.S. government is no longer permitted.
Apple , Google, Facebook and others are playing with fire, or in the case of Zazi with a plot to blow
up subway stations under Grand Central and Times Square on Sept. 11, 2009. An Afghanistan
native living in the U.S., Zazi became a suspect when he used his unencrypted Yahoo email
account to double-check with his al Qaeda handler in Pakistan about the precise chemical mix to
complete his bombs. Zazi and his collaborators, identified through phone records, were arrested
shortly after he sent an email announcing the imminent attacks: The marriage is ready.
Except, no. It wouldn't have mattered if he had a modern iPhone or

Android device because whether or not email is encrypted is entirely
unrelated to whether or not data on the device is encrypted. What
Apple and Google are promising now is to encrypt data on the device.
Even if that was turned on, if you send an unencrypted email, it's still
available to be viewed. Crovitz is comparing two completely different
things and doesn't seem to realize it. What kind of standards does the
WSJ have when it allows such false arguments to be published
uncritically?
Furthermore, the fact that Zazi sent an unencrypted email via Yahoo was a different issue. And Yahoo
encrypted all its email connections a while ago, and no one freaked out at the time. Even so, that's
law enforcement and the intelligence community can

and do still read emails with a warrant. And, as was made clear by many in the
analysis of the Zazi case, he had been watched by law enforcement for a while.
The phone encryption that Google and Apple are discussing would
have had no impact whatsoever on the Zazi case. So why even bring it up, other
unimportant, because
than pure surveillance state FUD?
to someone as ignorant of the basics as Crovitz, it's an opportunity

to double down.
But,
The Zazi example (he pleaded guilty to conspiracy charges and awaits sentencing) highlights the
risks that Silicon Valley firms are taking with their reputations by making it impossible for
intelligence agencies or law enforcement to gain access to these communications.
Intelligence agencies and law enforcement would

still have access to communications in transit just not data held on
his phone directly (which they wouldn't have unless they got the phone itself). Second, it still
wouldn't be "impossible" to get the information. They could either
crack the encryption or issue a subpoena ordering the phone's owner
to unlock the data (or potentially face a potential contempt of court ruling). While there are some
Except, again, that's not true.
5th Amendment concerns with that latter route, it's still not "impossible." And it's not about
communications.
Crovitz is just totally ignorant of what he's writing about.
Crovitzs argument requires banning math.

Kocher 15 Paul Kocher, President and Chief Scientist of Cryptography Research, Inc.a
cryptography company specializing in applied cryptographic engineering, Member of the National
Academy of Engineering and the National Cyber Security Hall of Fame, 2015 (Its Still 2+2=4 for NSA and
ISIS, Wall Street Journal Letter to the Editor, July 14th, Available Online at
http://www.wsj.com/articles/its-still-2-2-4-for-nsa-and-isis-1436908138, Accessed 07-20-2015)
Crovitz is puzzled that Silicon Valley cant stop terrorists from

using strong encryption (Why Terrorists Love Silicon Valley, Information Age, July 6). The
reason is simple. Encryption methods are nothing more than
mathematics. Silicon Valley companies cannot make mathematics
work differently for terrorists.
Mr. Crovitz imagines our government might seek to ban unbreakable
crypto. Software, compilers, math textbooks and other widely available
materials that make it simple for individuals to create their own crypto
would all have to be tightly regulated. Terrorists could, of course, still use
codewords or abstract poetry, so these would naturally need to be
banned. Identical laws would also have to be passed and enforced in
every country.
L. Gordon
Crovitzs argument doesnt make sense. The FBI still has many
investigative tools.
Yakowicz 15 Will Yakowicz, Staff Writer for Inc. magazine, holds a B.A. in Journalism and English
Literature from New York University, 2015 (What the Government Gets Wrong About Cybersecurity, Inc.,
July 7th, Available Online at http://www.inc.com/will-yakowicz/is-data-encryption-really-the-enemy-fbiclaims.html, Accessed 07-20-2015)
A Senate Judiciary Committee hearing on Wednesday is set to put a spotlight on the fine line tech
companies must walk between keeping users' data private and making it available to the government in
matters of national security.
Snowden's revelations about the National Security Agency's surveillance programs,

coupled with a deluge of data breaches, led to an outcry for better
privacy and security measures. Tech companies listened, and have
been beefing up security features in consumer products. In May, Apple, Facebook, Google,
Edward
and others sent a letter to President Obama urging him to shoot down proposals that would force them to
enfeeble the security of their products to help law enforcement access encrypted data more easily.
On the other side of the debate, FBI director James
Comey has waged a campaign
against encryption, stating that if his agency cannot intercept internet communications, it will not
be able to save citizens from terror attacks. During a speech, Comey said, "encryption threatens to lead all
of us to a very dark place."
Crovitz, a former publisher of the The Wall Street Journal, echoed

Comey's concerns in an op-ed in the WSJ entitled, "Why Terrorists Love Silicon Valley."
Earlier this week, L. Gordon
The column contends that tech companies have made consumer products too secure with end-to-end
encryption. Crovitz says when the FBI asked tech companies to find a way to balance privacy encryption
and court-ordered legal searches, the technologists said it was impossible.
"Terror attacks are increasingly planned online, outside the reach of intelligence and law enforcement,"
Crovitz writes. "Once a recruit is identified, ISIS tells him to switch to an encrypted smartphone. Legal
wiretaps are useless because the signal is indecipherable. Even when the devices are lawfully seized
through court orders, intelligence and law-enforcement agencies are unable to retrieve data from them."
Not only is this kind of language irresponsible, linking encryption to

terrorism, Crovitz's fearmongering article seems to hold up Comey's
campaign against encryption as the unvarnished truth. Data encryption
will not result in the U.S. getting attacked. Compelling tech businesses
to tear down basic privacy measures in the service of fighting terrorism
is a move back to a surveillance state.
Post-9/11 fear led to a decade of mass surveillance. Considering how
little was accomplished, it's clear that relying on access to data and
monitoring electronic communications is not the only way to prevent
terrorist plots. Cyberattacks have started to cross over into the
physical worldbecause smartphones, appliances, and our country's infrastructure are all
connected to the internet, our nation's security actually depends on
encryption.
Meanwhile, encryption appears to have done little to foil law enforcement's
use of wire and electronic surveillance to bring down terrorists.
According to the United States Courts' Wiretap Report 2014, instances of
encrypted devices interfering with wiretaps decreased nearly by half
from 2013 to 2014. Moreover, the report also found that last year the vast
majority of wiretaps were granted for investigations into drug deals,
not potential terrorist plots.
The FBI's claim of being crippled if tech companies don't allow them to
monitor electronic communications is a stretch, says David Gorodyansky, cofounder of virtual private network provider AnchorFree. " It would presume the FBI was
completely useless before the internet was created," he says.
AnchorFree helps its 350 million users surf the Web anonymously to prevent hackers from stealing their
identity, advertising firms from selling their search history, and governments from censoring online activity.
By default, the company does not collect any data on its users. When law enforcement agencies serve
AnchorFree with subpoenas, it complies but has little information to share.
Gorodyansky says greater dialogue between businesses, consumers, and government agencies can help to
achieve a balance between privacy and public safety. He says if he were to be involved in these
conversations, he would propose a system where every internet user has a default right to privacy and
encryption. But that right can be lost if a user sets off a trigger like visiting a terrorist website, talking
about or searching ways to make bombs, or other actions of that nature.
only 1 percent of people use the internet for criminal

purposes. So why should everyone else be subject to invasions of
privacy? To illustrate his point, he mentions a friend of his who traveled to North Korea, where he
He estimates that
noticed that none of the homes had curtains or blinds in the windows. When he asked why, his guide told
him that if you cover your windows you have something to hide.
"In
North Korea, you have to keep your windows wide open so people
can look inside," Gorodyansky says. "Is that the society we want to create
here?"
Crovitz is lying about the Louisiana case.

Founder and Editor of Techdirt, 2014 (Ridiculously Misinformed Opinion Piece In WSJ Asks Apple And
Google To Make Everyone Less Safe, Techdirt, November 24th, Available Online at
https://www.techdirt.com/articles/20141124/07011329232/ridiculously-misinformed-opinion-piece-wsjasks-apple-google-to-make-everyone-less-safe.shtml, Accessed 07-20-2015)
Since then, U.S. and British officials have made numerous trips to Silicon Valley to explain the
dangers. FBI Director James Comey gave a speech citing the case of a sex offender who lured a
12-year-old boy in Louisiana in 2010 using text messages, which were later obtained to get a
murder conviction. There should be no one in the U.S. above the law, Mr. Comey said, and also
no places within the U.S. that are beyond the law.
The Louisiana case? That was debunked a day later, and it

wasn't because of access to the kind of information that would now be
encrypted. As noted by the Intercept:
In another case, of a Lousiana sex offender who enticed and then killed a 12-year-old boy, the
big break had nothing to do with a phone: The murderer left
behind his keys and a trail of muddy footprints, and was stopped
nearby after his car ran out of gas.
Next thing you know, Crovitz will argue that all shoes should come
pre-muddied so that law enforcement can track them. After all, how could law
Again, different issue.
enforcement track down criminals who don't leave a trail of muddy footprints?
Then Crovitz shifts to his own personal worldview -- insisting that the public actually doesn't want privacy
or protection from the snooping eyes of government. He insists, the truth is the public really wants to be
spied on.
It looks like Silicon Valley has misread public opinion. The initial media frenzy caused by the
Edward Snowden leaks has been replaced by recognition that the National Security Agency is
among the most lawyered agencies in the government. Contrary to initial media reports, the NSA
does not listen willy-nilly to phone and email communications.
Last week, the Senate killed a bill once considered a sure thing. The bill would have created new
barriers to the NSA obtaining phone metadata to connect the dots to identify terrorists and
prevent their attacks. Phone companies, not the NSA, would have retained these records. There
would have been greater risks of leaks of individual records. An unconstitutional privacy advocate
would have been inserted into Foreign Intelligence Surveillance Court proceedings.
First off, no, the USA Freedom Act was never "a sure thing." From the very beginning, it was considered a
massive long shot. And, no it would not have "created new barriers" -- it would have merely made it clear
that the NSA can't simply collect everyone's data in the hopes of magically sifting through the haystack
and finding connections. Also, Crovitz is flat out wrong (again!) that this would have led to a "greater risk"
because the phone companies held the data. While this was the key talking point among those who voted
against it, it's simply incorrect. The telcos already retain that information. The bill made no changes to
what information telcos could and would retain. It only said that they shouldn't also have to ship all that
data to the NSA as well. There was no increased risk. Saying so is -- once again -- trumpeting Crovitz's
ignorance.
Furthermore, the idea that the public is miraculously comfortable with the government spying on them...
based on the government voting against curtailing government surveillance is simply ludicrous. It doesn't
even pass a basic laugh test. The Pew Research poll that tracks this issue most closely continues to show
that the vast majority of people are against NSA surveillance on American data, and the numbers who feel
that way have been growing consistently since the first of the Snowden revelations.
But let me repeat the assertion Crovitz made here, just to remind everyone of how idiotic it is: he's saying
that the public is now comfortable with surveillance because Congress voted down surveillance reform.
And he thinks this is obvious.
The lesson of the Snowden accusations is that citizens in a democracy make reasonable trade-offs
between privacy and security once they have all the facts. As people realized that the rules-bound
NSA poses little to no risk to their privacy, there was no reason to hamstring its operations.
Likewise, law-abiding people know that there is little to no risk to their privacy when
communications companies comply with U.S. court orders.
Facts, huh? It's kind of funny that he'd argue for the facts when he seems to be lacking in many of them.
And he's wrong. There is tremendous risk to privacy, as illustrated by the fact that the NSA regularly
abused its powers to spy on Americans. Furthermore, he ignores (or is ignorant of the fact) that much of
the data the NSA collects is also freely available to the CIA and FBI -- and that the FBI taps into it so often
that it doesn't even track how many times it dips into the database.
And of course, none of this even bothers to point out that the reason why Google and Apple are increasing
encryption is because it makes us all much safer from actual everyday threats -- including the very threats
that the NSA and others in law enforcement keep warning us about. Making us all safer is a good thing,
though, not to L. Gordon Crovitz, apparently.
Crovitz is either woefully clueless and misinformed or he's

purposely misleading the American public. Neither reflects well on
him or the Wall Street Journal.
They Say: Stewart Baker

Baker is wrong.
After Apple announced it was expanding the scope of what types of data would be encrypted on devices
running iOS 8, the law enforcement community was set ablaze with indignation. When Google followed suit
and announced that Android L would also come with encryption on by default, it added fuel to the fire.
Law enforcement officials have angrily decried Apple and Google's

decisions, using all sorts of arguments against the idea of default
encryption (including the classic "Think of the children!" line of reasoning). One former NSA
and Department of Homeland Security official even suggested that because
China might forbid Apple from selling a device with default encryption,
the US should forbid Apple from doing so here.
A former high-ranking American security official claiming the US should
match China in restricting the use of privacy-enhancing technology is
disconcerting, to put it mildly.
They Say: Washington Post 14

The Washington Post is wrong.
Unfortunately, that hasn't stopped law enforcement from twisting the nature of the Apple and Google
announcements in order to convince the public that default encryption on mobile devices will bring about a
doomsday scenario of criminals using "technological fortresses" to hide from the law. And sadly, some
the Washington Post published an

editorial calling for Apple and Google to use "their wizardry" to "invent a kind of
secure golden key they would retain and use only when a court has approved a search warrant."
While the Post's Editorial Board may think technologists can bend
cryptography to their every whim, it isn't so. Cryptography is about
math, and math is made up of fundamental laws that nobody, not even
the geniuses at Apple and Google, can break. One of those laws is that any key,
even a golden one, can be stolen by ne'er-do-wells. Simply put, there is
no such thing as a key that only law enforcement can use any key
creates a new backdoor that becomes a target for criminals,
industrial spies, or foreign adversaries.
people seem to be buying this propaganda. Last week,
The Golden Key is impossible.

Poulsen 14 Kevin Poulsen, Senior Editor at Wired, former hacker who developed SecureDrop,
2014 (Apples iPhone Encryption Is a Godsend, Even if Cops Hate It, Wired, October 8th, Available Online
at http://www.wired.com/2014/10/golden-key/, Accessed 07-05-2015)
However it got there, Apple has come to the right place. Its a basic axiom of information security that
data at rest should be encrypted. Apple should be lauded for reaching that state with the iPhone. Google
should be praised for announcing it will follow suit in a future Android release.
In a much-discussed
editorial that ran Friday, The Washington Post sided with law enforcement.
Bizarrely, the Post acknowledges backdoors are a bad ideaa back door can
and will be exploited by bad guys, too and then proposes one in the very next
sentence: Apple and Google, the paper says, should invent a secure golden key that would let police
And yet, the argument for encryption backdoors has risen like the undead.
decrypt a smartphone with a warrant.
The paper doesnt explain why this golden key would be less
vulnerable to abuse than any other backdoor. Maybe its the name, which
seems a product of the same branding workshop that led the Chinese government to name its Internet
censorship system the golden shield. Whats not to like? Everyone loves gold!
Implicit in the Posts argument is the notion that the existence of the
search warrant as a legal instrument obliges Americans to make their
data accessible: that weakening your crypto is a civic responsibility
akin to jury duty or paying taxes. Smartphone users must accept that they cannot be
above the law if there is a valid search warrant, writes the Post.
This talking point, adapted from Comeys press conference, is an insult to anyone
savvy enough to use encryption. Both Windows and OS X already support strong full-disk
crypto, and using it is a de facto regulatory requirement for anyone handling sensitive consumer or
medical data. For the rest of us,
its common sense, not an unpatriotic slap to the
face of law and order.

This argument also misunderstands the role of the search warrant. A
search warrant allows police, with a judges approval, to do something
theyre not normally allowed to do. Its an instrument of permission,
not compulsion. If the cops get a warrant to search your house,
youre obliged to do nothing except stay out of their way. Youre not
compelled to dump your underwear drawers onto your dining room
table and slash open your mattress for them. And youre not placing
yourself above the law if you have a steel-reinforced door that
doesnt yield to a battering ram.
They Say: Washington Post 15

The Post editorial board has zero technical expertise.
Whittaker 15 Zack Whittaker, Writer-Editor for ZDNet, CNET, and CBS News, 2015 (After
Washington Post rolls out HTTPS, its editorial board bemoans encryption debate, ZDNet, July 19th,
Available Online at http://www.zdnet.com/article/after-washington-post-rolls-out-https-its-editorial-boarddecries-encryption-debate/, Accessed 07-20-2015)
There's hope that by the time the Washington Post's editorial board takes a
third crack at the encryption whip, it might say something worthwhile.
Late on Saturday, the The Washington Post's editorial board published what initially read as a scathing
anti-encryption and pro-government rhetoric opinion piece that scolded Apple and Google (albeit a
somewhat incorrect assertion) for providing "end-to-end encryption" (again, an incorrect assertion) on their
devices, locking out federal authorities investigating serious crimes and terrorism.
the editorial came up with nothing.

It was a bland and mediocre follow-up to a similar opinion piece, which was
called "staggeringly dumb" and "seriously embarrassing" for proposing
a "golden key" to bypass encryption.
Read to the end, and you'll find
Critically, what the Post gets out of this editorial remains widely unknown, perhaps with the exception of
riling up members of the security community. It's not as though the company is particularly invested in
either side. Aside the inaccuracies in the board's opinion, and the fair (and accurate) accusation that the
article said "nothing" (one assumes that means nothing of "worth" or "value"), it's hypocritical to make
more than one statement on this matter while at the same time becoming the first major news outlet to
start encrypting its entire website.
The board's follow-up sub-600 worded note did not offer anything new, but reaffirmed
its desire to see both tech companies and law enforcement "reconcile the competing imperatives" for
privacy and data access, respectively. (It's worth noting the board's opinion does not represent every
journalist or reporter working at the national daily, but it does reflect the institution's views on the whole.)
Distinguished security researcher Kenn White, dismissed the editorial in

just three words: "Nope. No need."
Because right now, there is no viable way allow both encrypted services
while allowing police and federal agencies access to that scrambled
information through so-called "backdoor" means. Just last week, a group of 13 of
the world's preeminent cryptographers and security researchers
released a paper (which White linked to in his tweet) explaining that "such access
will open doors through which criminals and malicious nation-states
can attack the very individuals law enforcement seeks to defend."
In other words: if there's a secret way in for the police and the feds, who's to say a hacker won't find it,
too?
The Post's own decision to roll out encryption across its site seems
bizarre considering the editorial board's conflicting views on the
matter.
Such head-scratching naivety prompted one security expert to ask
anyone who covers security at the Post to "explain reality" to the
board. Because, clearly, the board isn't doing its job well if on two
separate occasions it's fluffed up reporting on a subject with zero
technical insight.
If the board, however, needs help navigating the topic, there is no doubt a virtual long line of security
experts, academics, and researchers lining up around the block ready to assist. At least then there's hope
the board can strike it third-time lucky in covering the topic.
The Post cites no evidence ignore it.

Cushing 15 Tim Cushing, Staff Writer for Techdirt, 2015 (Washington Post Observes Encryption
War 2.0 For Several Months, Learns Absolutely Nothing, Techdirt, July 20th, Available Online at
https://www.techdirt.com/articles/20150719/19031331697/washington-post-observes-encryption-war-20several-months-learns-absolutely-nothing.shtml, Accessed 07-20-2015)
Last October -- following Apple and Google's announce of encryption-by-default for iOS and Android
devices -- was greeted with law enforcement panic, spearheaded by FBI director James Comey, who has
yet to find the perfect dead child to force these companies' hands.
The Washington Post editorial board found Comey's diatribes supereffective! It published a post calling for some sort of law enforcementonly, magical hole in Apple and Google's encryption.
How to resolve this? A police back door for all smartphones is undesirable a back door can
and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google
could invent a kind of secure golden key they would retain and use only when a court has
approved a search warrant. Ultimately, Congress could act and force the issue, but wed rather
see it resolved in law enforcement collaboration with the manufacturers and in a way that
protects all three of the forces at work: technology, privacy and rule of law.
When is a "back door" not a "back door?" Well, apparently when an editorial
board spells it G-O-L-D-E-N K-E-Y. It's the same thing, but in this particular
pitch, it magically isn't, because good intentions. Or something.
Months later, the debate is still raging. But it's boiled down to two
arguments:
1. This is impossible. You can't create a "law enforcement only"
backdoor in encryption. It's simply not possible because a backdoor is
a backdoor and can be used by anyone who can locate the door
handle.
2. No, it isn't. Please see below for citations and references:
[the article includes several paragraph breaks to indicate that there are, in fact, no citations or references]
The FBI is at an impasse. Comey firmly believes this is possible, despite

openly admitting he has zero evidence to back this claim up. When
asked for specifics, Comey defers to "smart tech guys" and their
warlock-like skills.
Sensing James Comey might be struggling a bit, the editorial board of the Washington
Post is once again riding to the rescue. And they've brought the same
level of cluelessness with them. (h/t to Techdirt reader Steve R.)
Mr. Comeys assertions should be taken seriously. A rule-of-law society cannot allow sanctuary for
those who wreak harm. But there are legitimate and valid counter arguments from software
engineers, privacy advocates and companies that make the smartphones and software. They say
that any decision to give law enforcement a key known as exceptional access would
endanger the integrity of all online encryption, and that would mean weakness everywhere in a
digital universe that already is awash in cyberattacks, thefts and intrusions. They say that a
compromise isnt possible, since one crack in encryption even if for a good actor, like the police
is still a crack that could be exploited by a bad actor. A recent report from the Massachusetts
Institute of Technology warned that granting exceptional access would bring on grave security
risks that outweigh the benefits.
After providing some statements opposing its view on the matter -- most notably an actual research paper
written by actual security researchers -- the editorial board continues on to declare this all irrelevant.
The tech companies are right about the overall importance of encryption, protecting consumers
and insuring privacy. But these companies ought to more forthrightly acknowledge the legitimate
needs of U.S. law enforcement.
And by "forthrightly acknowledge," the board means "give law enforcement what it wants, no matter the
potential damage." After all, what's PERSONAL safety, security and a handful of civil liberties compared to
"legitimate needs of law enforcement?"
All freedoms come with limits; it seems only proper that the vast freedoms of the Internet be
subject to the same rule of law and protections that we accept for the rest of society.
Your rights end where law enforcement's "legitimate needs" begin. Except they don't. The needs of law
enforcement don't trump the Bill of Rights. The needs of law enforcement don't automatically allow it to
define the acceptable parameters of the communications of US citizens.
The editorial finally wraps up by calling for experts in the field to resolve this issue:
This conflict should not be left unattended. Nineteen years ago, the National Academy of Sciences
studied the encryption issue; technology has evolved rapidly since then. It would be wise to ask
the academy to undertake a new study, with special focus on technical matters, and
recommendations on how to reconcile the competing imperatives.
The WaPo editorial board is no better than James Comey. It can cite
nothing in support of its view but yet still believes it's right. And just
like Comey, the board is being wholly disingenuous in its "deferral" to
security researchers and tech companies. It, like Comey, wants to hold
two contradictory views.
Tech/security researchers are dumb when they say this problem
can't be solved.
Tech/security researchers are super-smart and can solve this
problem.
So, they (the board and Comey) want to ignore the "smart guys" when they say
this is impossible, but both are willing to listen if they like the answers
they're hearing.
Politics DA
No Link Under The Radar

Encryption flies under the radar no link.
The encryption hearing attracted scant attention on Capitol Hill

certainly nowhere near as much press as the Republican Partys endless
Benghazi hearings. While many representatives lambasted Hess and Conley
for their dubious arguments, the issue failed to break out into the
mainstream. Encryption is not a sexy issue, even if it has huge
ramifications for privacy and civil liberties. Higher-profile, more
partisan fights are consuming Washington right now; lawmakers
would rather attend hearings and deliver speeches about those
issues. Thats the way to rile up voters, score endorsements, and
secure donations.
No Link Obama
Either Obama wont spend political capital on encryption or his
new position will quickly end the debate.
Divided government
As Comey, Rogers, and other national-security officials campaign for backdoors,
one important
voice has been largely absent from the debate.

I lean probably further in the direction of strong encryption than some do inside of law enforcement,
President Barack Obama told Recodes Kara Swisher on Feb. 15, shortly after Obama spoke at the White
House summit on cybersecurity and consumer protection in Silicon Valley.
Obamas interview with Swisher marked a rare entrance for the president
into the backdoor debate, which has pitted his law-enforcement
professionals against the civil libertarians who were encouraged by his
historic 2008 election and disappointed by his subsequent embrace of the
surveillance status quo.
If the president felt strongly enough about strong encryption, he could
swat down FBI and NSA backdoor requests any time he wanted. White
House advisers and outside experts have offered him plenty of policy
cover for doing so. The Presidents Review Group on Intelligence and Communications
Technologies, which Obama convened in the wake of the Snowden disclosures, explicitly discouraged
backdoors in its final report.
The review group recommended fully supporting and not undermining efforts to create encryption
standards, ... making clear that [the government] will not in any way subvert, undermine, weaken, or
make vulnerable generally available commercial encryption, and supporting efforts to encourage the
greater use of encryption technology for data in transit, at rest, in the cloud, and in storage.
The report also warned of serious economic repercussions for American businesses resulting from a
growing distrust of their capacity to guarantee the privacy of their international users. It was a general
warning about the use of electronic surveillance, but it nevertheless applies to the potential fallout from a
backdoor mandate.
The White Houses own reports on cybersecurity and consumer privacy

suggest that the president generally supports the use of encryption . To
the extent that youve heard anything from the White House and from
the president, its in favor of making sure that we have strong
encryption and that were building secure, trustworthy systems, said
Weitzner, who advised Obama as U.S. deputy chief technology officer for Internet policy from 2011 to
2012.
Weitzner pointed out that the president had subtly quashed a push for backdoors by the previous FBI
director, Robert Mueller.
Mueller hoped that the administration would end up supporting a very substantial [Internet-focused]
expansion of CALEA, Weitzner said. That didnt happen, and despite the fact that you had the FBI
director come out very strongly saying [criminals] were going dark, the administration never took a
position as a whole in support of that kind of statutory change. You can read between the lines.
Obamas reluctance to directly confront his FBI chief reflects the

bureaus long history of autonomy in debates over law-enforcement
powers, said a former Obama administration official.
Its pretty well understood that the FBI has a certain amount of
independence when theyre out in the public-policy debate advocating
for whatever they think is important, the former official said.
The White House is reviewing "the technical, geopolitical, legal, and economic implications"
of various encryption proposals, including the possibility of legislation, administration
Obama may also be waiting

until the latest round of the Crypto Wars has progressed further.
The White House tends to get involved in debates once theyve
matured, he said. If you jump in on everything right up front, the
volume can become unmanageable. I know that theres a lot of attention being paid, and
officials told the Washington Post this week. Weitzner said that
I think thats the right thing to do at this point.
The presidents noncommittal stance has earned him criticism from

pro-encryption lawmakers who say that their fight would be much
easier if the commander-in-chief weighed in. The best way to put all
this to bed, Hurd said, would be for the president to be very clear saying
that he is not interested in pursuing backdoors to encryption and
believes that this is the wrong path to go, in order to squash the
debate once and for all.
If Obama ever formally came out against backdoors, it would represent
a significant shift away from decades of anti-encryption government
policies, including undermining industry-standard security tools and
attacking tech companies through public bullying and private hacking.

Encryption Advantage - HSS 2015

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Encryption Advantage - HSS 2015

Uploaded by

Copyright:

Available Formats

Notes/Explanation

1AC Encryption Advantage Stem

How strong is strong crypto? Really, really strong. When properly

That device tracker, confessor, memoir and ledger should be

in on every conversation, to spy upon every interaction. No system

Suppose two suspected criminals happened to be the last two people

This is the launch of the latest, and

What's discouraging to people who believe in digital securitythat is,

1AC Long Open Letter Card

We the undersigned represent a wide variety of civil society organizations

Encryption thereby protects us from innumerable criminal and

issue agrees on this point, including the governments own

technologies, and by doing so help lead the way to a more secure,

1AC Short Open Letter Card

We the undersigned represent a wide variety of civil society organizations

1AC Civil Liberties Module

malicious spying eyes is through encryption.

Criticisms of encryption coming from corners of power are louder now

What is bound to be one of the great political issues of this century is

is under attack by criminals, corporations, and governments whose

Lacking good law, privacy is best defended by good technology. You

1AC Cybersecurity Module

Strong encryption is the cornerstone of the modern information

Encryption thereby protects us from innumerable criminal and

Cyberattacks in February and March of 2014 potentially exposed

cyberattack earlier in the year. In perhaps the most infamous cyberattack of

Cybersecurity outweighs terrorism.

http://www.csmonitor.com/USA/2014/1110/Feds-hacked-Is-cybersecurity-a-bigger-threat-than-terrorismvideo, Accessed 07-06-2015)

every organization connected to the

both intelligence officials and cybersecurity

increasing number of cyber-attacks in both the public and private

Only strong encryption can preserve cybersecurity.

Strong Encryption Has Become A Bedrock Technology That Protects

cybersecurity. Today, strong encryption is an essential ingredient in

1AC Tech Competitiveness Module

In addition to undermining cybersecurity, any kind of vulnerability

economic interests with national security interests. The cost of inaction

1AC Internet Freedom Module

More than undermining every Americans cybersecurity and the

there are lots of governments out there

They Say: Freedom Act Solves

two years ago, ITIF described how revelations about pervasive

They Say: Companies Solve

NSA surveillance programs are currently having a

They Say: Alt Causes To Cybersecurity

Encryption secures everything we do on the Internet. It secures

Backdoors devastate cybersecurity inherent complexity and

the newly proposed requirement of

building in exceptional access would substantially increase

Features to permit law enforcement

They Say: Alt Causes To Tech Industry

The U.S. government should not require or request that new

aim to [end page 40]

The Lofgren-Holt proposal aimed to

backdoor to circumvent the encryption or privacy protections of its

legislative efforts are a

The plan restores confidence in the U.S. tech industry.

These "backdoors" can also be detrimental to American jobs. Other

They Say: Alt Causes To Economy

that these officials are even having this discussion is a bald

politicians with no grasp of the ramifications

They Say: Alt Causes To Privacy

Encryption and anonymity tools, which help protect individuals' private

the document recommends holding