Encryption: Law vs Science

by Joanne Matisonn, Governance Professional

The debate around Apple vs the FBI in regard to Apple’s failure to comply with a Court Order in California ordering Apple to assist the U.S Government in unlocking the iPhone of one of the shooters in the San Bernardino terrorist attack that took place on 2 December 2015 continues. So far, the debate has centred around security vs the right to privacy issue which I explored in my March 2016 editorial.

I watched a fascinating debate between Edward Snowden and Fareed Zakaria on Global Public Square on CNN recently, where the debate pivoted to one of law vs science following the proposed U.S.A. legislation mandating companies to immediately decrypt all communications when ordered to do so by a court. The law applies to everyone and finding the balance between the values of security and privacy is challenging.

Zakaria argued that government should have lawful access to encrypted messages or documents and that in fact there is no difference between access to bank records and iPhone data.  The parameters around what government should and should not be allowed to do and what information it should have access to should be clearly defined and supported by a court order.  These policy issues should be agreed to urgently.  In addition, weaknesses in information technology security need to be identified and security improved before a catastrophic incident occurs.  Wide access by government to break encryption codes lawfully to pursue criminal activity provides opportunities for criminal elements to also break encryption codes, threatening everyone’s privacy and security and therefore must be circumscribed.

Snowden acknowledged that encryption is problematic for addressing criminal activity but did not accept that government should be allowed access to all encrypted information even if it was supported by a court order. These are competing values.  He suggested that with patience, IT experts could break an encryption.  It is just a matter of science. He recommended that law enforcement use other avenues to pursue criminals such as online encryption platforms for black market drug sales.  This would be preferable as it would not weaken current encryption security.