This piece was co-written with Cyrus Rassool and was published on Bloomberg Government on August 29, 2016.
What if the DNC email hack wasn’t? That is, what if it wasn’t a big deal? What if hackers hadn’t been able to expose the credit card and social security numbers of donors and home addresses of some Democratic representatives, representing very real – and potentially dangerous – consequences for their personal privacy and safety? Had the DNC been using email and data encryption, the hacker would have also needed to access individual private keys to get to any message or file content. Encryption makes us all safer: improving our own digital security gives us a “herd immunity,” inoculating those in our networks with whom we communicate, work, and interact.
But encryption has been demonized and set up in a false dichotomy with security. It’s been falsely identified as a party-line issue–a charge which many in the GOP who’ve also had their emails hacked may dispute. We have not done a good enough job of telling Americans how encryption keeps them safe, their data private and our networks secure.
An issue this complex and important that affects the most intimate corners of our lives deserves an honest discussion to help us reach a conclusion in our own best interests, but the American public is getting a message of fear, which promotes misunderstanding and doubt instead.
What do we mean? Over the past year, opponents of encryption have used terrorist attacks in the US and Europe to call for “backdoors” around encrypted communications. But in several of these instances, it was later revealed that terrorists were communicating in the clear – without encryption. But some policymakers have pressed for those backdoors, despite widespread agreement from security experts that creating backdoors will ultimately weaken encryption for everyone, since it’s impossible to create an access point solely for law enforcement without making a system more vulnerable to potential hackers.
While nominally supporting the use of encryption, FBI Director James Comey has claimed, “there is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption.” He, and others within the FBI, worry that terrorists are “going dark”; that the widespread availability of advanced encryption and other security technologies in everyday consumer products lead to an inability to track, monitor and stop criminals.
But the facts tell a different story. For the second year in a row, the number of times US government wiretaps encountered encryption decreased. A February 2016 study from Harvard University’s Berkman Klein Center for Internet and Society also questions claims from government officials that intelligence-gathering communications channels are “going dark.” Their report details how the rise of connected sensors in machines and appliances and market forces and commercial interests will actually give law enforcement more opportunities to surveill potential targets, not less.
As incidents of cyber attacks continue to grow–or when people call for them, as Donald Trump brazenly invited Vladimir Putin to “find” and publish Hillary Clinton’s missing State Department emails following the DNC hack–we must have the necessary tools, including encryption, to securely protect our data. Supporters of encryption therefore include not only privacy advocates and computer science experts, but also those working in the security sector, such as former NSA and CIA Director Michael Hayden, who stated, “America is more secure — America is more safe — with unbreakable end-to-end encryption.” Hayden is right. Widespread adoption of strong encryption protects our data, privacy and online identities.
This November, US voters will elect a new president and a new Congress. It’s time to send leaders to Washington who are committed to making encryption more ubiquitous and user-friendly, who will consult with tech experts prior to drafting legislation and be champions for the nation’s security and privacy online. As a global leader, the US must set the tone on encryption. Right now, as lawmakers around the world weigh dangerous bills that would weaken encryption, we need to ensure that our citizens can depend on our government and business leaders to safeguard our information by encrypting them by default and ensuring that privacy settings are accessible, available and easy to understand. Until everyone moves forward on strong encryption, we’ll continue to see our networks (whether of the most powerful political parties or of the average user) vulnerable to outside attack.
Ilana Ullman 