Weakening encryption protocols would harm startups and consumers


Weakening encryption protocols would harm startups and consumers

TLDR: Encryption is back in the news this week with a major piece in the New York Times blaming the spread of child exploitation material in part on encryption and an upcoming Justice Department event on encryption’s “impact on child exploitation cases.” But proposals to undermine strong encryption could undermine the way startups and tech companies ensure their users’ privacy and security.

What’s happening this week:  Congress may be on recess, but government officials are continuing to explore ways of challenging tech companies’ encryption practices in order to better combat child exploitation. 

The Department of Justice is holding an event this Friday to discuss “the public safety impacts of ‘warrant-proof’ encryption in the context of child exploitation investigations and prosecutions.”  Attorney General William Barr, who is scheduled to give a keynote address at the event, previously said in July that tech companies should be required to give law enforcement agencies special access to warrant-proof encrypted data and communications.

The event will come on the heels of a major story in the New York Times earlier this week about the growing problem of child exploitation imagery online and the several failures of the current system to address the spread of that imagery. The article highlights several issues, including the lack and funding and resources for law enforcement investigations, failures of the Justice Department to comply with existing legal requirements under child protection law, and technological limitations and communications problems of the National Center for Missing and Exploited Children, which coordinates work between tech companies and law enforcement. But the piece also lays a lot of blame on U.S. tech companies including for providing tools to create, store, and spread content at a large scale, miscommunicating with law enforcement, and offering encrypted services that make it difficult for law enforcement to obtain evidence in some cases. 

To learn more about these developments and other recent encryption policy developments from around the world, join us this at noon on Friday at the second part of our three-panel series on the “Nuts and Bolts of Encryption,” hosted with the Charles Koch Institute.

Why it matters to startups: Despite consumers’ and policymakers’ growing concerns over the past several years about the security of personal data, encryption has emerged as a flash point between the tech industry and law enforcement. Startups in particular support strong encryption because it helps safeguard users’ data and can differentiate them from their larger competitors.

The technology community is largely supportive of—and wants to cooperate with—law enforcement agencies’ efforts to crack down on child exploitation and abuse, but weakening the built-in security of technology services and devices will open up a host of other security and safety of all users. 

Requiring companies to build in “backdoors,” or intentional vulnerabilities to facilitate law enforcement access to encrypted data, will specifically harm startups. If technology products become less secure, it’s the startups without long-standing reputations or relationships with users, who will be abandoned by consumers first. At the same time, the costs of engineering a backdoor, standing up a compliance department to determine who can use that backdoor, and defending against bad actors’ attempts to find and exploit that backdoor will overwhelm a startups’ resources.

It’s not unusual to see technologies that benefit everyone—in this case by securing communications, transactions, and other critical data every day—be used by bad actors. But creating vulnerabilities in today’s encryption will only serve to undermine everyone’s security while putting persecuted groups including whistleblowers, dissidents, and journalists across the globe in danger.  

There are also questions about whether today’s encryption debate will soon become moot. The rise in quantum computing may present an existential threat to the future of encryption. Google recently said that it achieved “quantum supremacy” after one of its quantum computers was able to far surpass the abilities of a supercomputer. Quantum computers have the ability to upend contemporary uses of encryption, which has prompted companies and governments to begin working on more advanced encryption and security protocols.  

On the Horizon.

  • Engine and the Charles Koch Institute will be holding the second panel in our three-part series on the nuts and bolts of encryption this Friday, Oct. 4, at noon. We’ll be looking at the evolving global policy landscape around encryption. Learn more and RSVP here.

  • The House Energy and Commerce Committee announced that its Communications and Technology and Consumer Protection and Commerce Subcommittees will hold a joint hearing on October 16th to examine “online content moderation practices and whether consumers are adequately protected under current law.”