As the legal dispute between the FBI and Apple continues to dominate headlines, there's a great deal that privacy advocates and consumers should be concerned about. What if the FBI gets it way? Does that set a terrible precedent that will trickle beyond cases involving terrorism? Is this the first step towards opening a backdoor into encryption? How will that decision impact the tech sector? The litany of questions goes on and on.
But rather than focusing on the potential worst-case scenarios, here are four reasons that, no matter the outcome of the legal battle being waged, we should be optimistic about the future of encryption.
1. There are still plenty of encryption platforms outside the reach of the U.S. government.
A recent report from the renowned cybersecurity expert Bruce Schneier identified "865 hardware or software products incorporating encryption from 55 different countries." Of that total, 546 encryption products were from foreign-based producers, with almost half of those products offered for free. Clearly, the United States has no effective means for putting the encryption genie back in the bottle. This should come as no surprise in an age of ubiquitous, nigh uncontrollable flows of digital information--a global network that can neither be controlled nor confined to individual nation-states. Milton Mueller expressed this sentiment quite aptly in his book Networks and States:
The Internet made a major contribution to global society by disrupting the regulation of media content by nation-states. It took the libertarian principle of "absence of prior restraint" and globalized it: no one had to ask for permission, or be licensed, to make their ideas and publications globally accessible.
Mueller was specifically referencing the ability for states to regulate content (i.e. free speech) online, but the idea applies just as much to the proliferation of open source code, of which, Schneier estimates, approximately 34 percent of all foreign-based encryption platforms utilize. The U.S. government can pass all the anti-encryption laws it likes--as long as the Internet remains a free and open platform for public engagement and open communication (as it should remain), people will still be able to get access to encrypted communications tools. Of course, this unfortunately means that criminals and terrorists will have access to these tools as well. However, no domestic law will ever be able to forestall the proliferation of such tools amongst those who would wish to do us harm.
But it's important to remember that this debate isn't just about terrorists and criminals communicating in secret in online "dark spaces."
There are those innocents who rely on encryption to defend their lives (e.g. dissenting voices in authoritarian regimes, international journalists, and human rights advocates). This is incredibly important for those who struggle daily against the yoke of oppression in countries like Iran, North Korea, Russia, Venezuela, and elsewhere--indeed, the United Nations Human Rights Council, as well as a wide array of civil society organizations, pointed to the value of encrypted communications playing a pivotal role in protecting free speech online. Luckily for them, the existence of all those foreign-produced encryption platforms will allow lovers of freedom and liberty the world over to continue fighting against oppression.
The U.S. government will never be able to control the global dissemination of these products. But what about here at home? Surely there's good reason to be concerned about bad domestic policy making it through Congress. Possibly, but leaving aside foreign-based encryption products, there's a good reason to suspect anti-encryption legislation will never acquire the necessary support to become law: the modern digital economy relies on cryptographic security.
2. As the digital economy continues to boom, so will the continued need for stronger encryption.
As noted in a Niskanen Center paper from last November, the economic benefits of encryption are staggering. Over the past quarter century, annual online e-commerce retail revenues have jumped from $100 million in 1994 to over $250 billion in 2013. The reason? Trust in the online ecosystem. If consumers are unwilling to trust online retailers with their personal financial information, they are unlikely to engage in commercial transactions on sites such as Amazon or eBay. Encryption has been the silent and largely unrecognized impetus for the proliferation of that trust--any attempt to weaken those security mechanisms will have dire consequences for the online economy.
Additionally, as I discuss in the paper, the need for regulators and lawmakers to abstain from knee-jerk legislative reactions to regulating this online ecosystem is vital to ensure its continued growth, as well as to ensure the American economy continues to capture the many benefits of online commerce:
Innovation never occurs in a vacuum; it is in part the byproduct of the institutional environment produced by policymakers. It is imperative that regulators and legislators remain humble in the face technological change and progress. They must recognize that attempts to regulate vital elements of the Internet ecosystem are likely to lead to a series of unintended consequences. ...
Given the trillions of dollars of daily electronic financial transactions that rely on encryption, as well as the broader economic impact of its use by consumers and producers, any mandate that would reduce online security risks doing significant damage to the modern economy. The physical world is increasingly wired to the Internet. Water treatment plants and automobiles now constantly exchange information over the Internet, creating whole new concerns about the security of networks. Encryption will only become more important in the coming years as more and more "things" become interconnected.
As long as encryption continues to serve the role of securing our online transactions--and as long as those in Congress understand the role it plays in shaping these economically beneficial outcomes--the deck will likely be stacked against those who would advocate for weakening online security protocols. Companies like Amazon and other online retailers recognize the vital role encryption plays as the "white blood cells of the modern digital economy," keeping the Internet lifeblood free from "infection." That's why I'm optimistic that those industries whose growth and economic flourishing are inextricably tied to trust-enhancing tools like encryption, will continue to oppose legislative efforts to weaken the online bonds of trust between consumers and producers.
And as more people come to recognize the vital role this technology plays in shaping the online landscape--whether protecting the lives of foreign dissidents, the civil liberties of average Americans, or the economic backbone of the global economy--it is inevitable that more people will start advocating on behalf of encryption. Which leads to the third reason we should be optimistic about the future of encryption: people will invariably recognize the complexities of this issue as they continue to become socially acclimated to its benefits.
3. An increasing number of people are coming to the realization that encryption is a good thing.
At a Senate Judiciary hearing yesterday, Sen. Lindsey Graham offered a refreshing bit of intellectual humility when questioning Attorney General Loretta Lynch. In reference to the complexities of the encryption debate broadly, and the Apple vs FBI issue in particular, the Senator from South Carolina made an about-face on his previous hardline position on encryption:
[I]t's just not so simple...I thought it was that simple, I was all with you until I actually started getting briefed by people in the intel community. And I will say, I'm a person who has been moved by the arguments of the precedent we set and the damage we may be doing to our own national security. So I have definitely moved. To any member of the committee who feels very passionate about this. Introduce some legislation requiring the technology companies to do what you want the judges should do. I'd like to look at it. It's not enough to complain. If you think companies should be required to do this, let's sit down and see if you can introduce legislation. I doubt if many people will do that.
Admitting the complexity of this debate, and displaying a willingness to be "moved," is a hallmark characteristic we should praise lawmakers for embracing. Indeed, it's not only Sen. Graham who has changed his tune on this debate, but many former senior officials from the intelligence community have also come out unabashedly in favor of strong encryption. Similarly, the White House also backed away from supporting legislative efforts that would undermine strong cryptography last fall, much to the applause of organizations--including the Niskanen Center--that had been advocating on behalf of encryption.
Unfortunately, Congress has yet to reach a compromise on how best to address encryption or the broader issue of digital security and privacy. Currently, there are three competing perspectives meandering about the halls of the House and Senate office buildings.
One supports the recently announced Feinstein-Burr approach, which calls for legislative action to compel companies to unlock digital communications, championed by Sens. John McCain and Tom Cotton, among others. Another perspective champions the McCaul-Warner Commission, which would establish a Congressional commission to study the challenges faced by law enforcement in the digital age, supported by Sens. Ron Johnson and Cory Gardner, as well as many other members of both the House and Senate. And still other elected representatives are coalescing around a third perspective, uncertain of the appropriate action to take in the wake of the ongoing Apple vs FBI legal battle and the sheer legal, policy, and technical complexities of the debate.
As the clear benefits of encryption for free speech online, the digital economy, and the proliferation of freedom-enhancing values overseas becomes apparent, more and more lawmakers will likely come to the conclusion that there is immense value in this technology. And even if the luddites amongst our elected representatives continue holding fast to their intransigent anti-encryption position, we can take comfort in yet the final, perhaps most compelling, reason to be optimistic about an encrypted future.
4. There's no turning back time on technological progress.
Simply put, this technology is here to stay. We can no more discard encrypted communications tools than we can any other technological advancement. The future seems bright for encryption, and it will likely become stronger as the speed of computational processing power increases (especially with the impending advent of quantum computing). Yes, you can spin out apocalyptic scenarios of nuclear holocaust, mass economic collapse, or mass human extinction scenarios that would essentially destroy civilization as we know it, but barring such catastrophic and highly unlikely events, technology is poised to continue developing at breakneck, historically unprecedented speeds. And that's not only good for encryption, but humanity writ large.
In short, there is much to be hopeful for when gazing into encryption's future. Of course, the future is never set in stone. But I tend towards a positive outlook. As Marc Andreessen is fond of saying, and I of quoting, "optimism springs eternal."