The crypto wars: How much privacy should we give up for security?

Sauvik Das
10 min readFeb 26, 2021

--

In 2015, there was a mass shooting in San Bernardino, California, claiming the lives of 16 (including the two perpetrators) and injuring 24 others. The incident was a terrorist attack, and a tragedy. It also surfaced a longstanding debate on the role of security and privacy-enhancing technologies in society: the “going dark problem” — also referred to as “the lawful access challenge” or the “crypto wars”.

The “going dark problem” is what the FBI calls the widespread — and apocalyptic — use of encryption technologies. If impregnable encryption becomes the norm, the argument goes, then the FBI and other intelligence agencies will be unable to do their jobs at uncovering and mitigating national security risks. Bad actors — terrorists, spies — will be able to plan and communicate in secret and the country will descend into chaos.

When the FBI seized the Sen Bernardino perpetrators’ phones, they wanted access — terrorists do not act in isolation, and information on the phone could have provided law enforcement with information on other potential security risks. But, the phones were encrypted and locked, with the only people knowing the PIN to unlock the phone dead. The FBI wanted Apple to circumvent their own security protections to unlock the phones; the FBI wanted privileged access to the encrypted phones and all others like it.

Setting aside the politicking of the debate in the San Bernardino case — i.e., the fact that the FBI did not actually need Apple’s help to get access to the San Bernardino shooters’ phones and only wanted Apple to comply to set legal precedent for encryption backdoors more generally — was what the FBI demanded reasonable?

Let’s cover this question from both a policy and a technical perspective.

Policy

From a policy perspective, the demand seems reasonable at first blush. Indeed, intelligence agencies do have and have always had privileged access to private information for the purposes of national security. An analogous situation in the physical world might be a search warrant — with a search warrant, law enforcement can access and search private property to, for example, uncover incriminating evidence or other information that can help prevent future threats. If…

--

--

Sauvik Das

Assistant Professor of Human-Computer Interaction at Carnegie Mellon University. Formerly at Georgia Tech. Ph.D. from CMU HCII. HCI, Security, Data Science.