Sometimes an issue is so outrageous that I can’t decide where to start. Here’s an excellent case in point.
National Security Administration director and Sith Lord Michael S. Rogers recently said his spy agency wants mandatory “front doors” to be built into all cryptographic technology used in the U.S., so that you can’t have secrets it can’t spy on. His idea is for all encrypted software and hardware used in the U.S. to have one encryption key for the user (you) and another that a secret bureaucratic “due process” would make available to the NSA/FBI/White House whenever they want it.
I can’t decide whether it’s crazier that an IT professional like Admiral Rogers actually thinks this scheme for NSA surveillance would work, or that a senior public servant employed by the tax-paying citizens of this country would propose it publicly.
Now that I think about it, the idea that Rogers would propose it isn’t crazy in these post-Constitution days … it’s just sad.
Which leaves us with the issue of why it won’t work … and what you can do to ensure this new form of NSA surveillance never does.
Back in the mid-1990s, purveyors of digital content such as music, films and digital books realized they had a problem. Technology was rushing headlong into the future, and in that future, the things they would be selling would all be in digital, not physical, form. Their products could be copied and redistributed freely by the original purchaser, eating into their profits. And they were, on a massive scale, starting with Napster.
The response was to lobby successfully for the Digital Millennium Copyright Act, which removed the ancient right of a purchaser to use their goods as they see fit. The DMCA effectively held that digital products continued to be the property of the seller, not the buyer. It specifically made it illegal for buyers of digital goods to circumvent any features that prevented copying. It was analogous to a car dealer selling you a car on the condition that you never open the hood to see how it works, or perform your own modifications.
As perceptive commentators have noted, this attempt to solve the digital copyright problem by legislation instantly created a new problem. Henceforth the inner workings of all proprietary digital goods, including computer software, were officially off-limits to anyone other than the seller. That meant it would be possible for a company — or someone else — to implant malicious or invasive software code into a product it sold you, and you would be forbidden by law from finding out about it or fixing it.
Which is precisely what companies proceeded to do, starting with Sony in 2005.
Your Bytes, Please
This brings us back to Admiral Rogers’ proposal to require that all encrypted things used in the U.S. include a key that the government can use to open them. If that were law, by implication the government would have to pre-approve any software that can run on any general-purpose computer, smartphone, or other data storage or communications device in the U.S. That’s the only way they could ensure compliance.
Once again, a clumsy, self-interested attempt to solve one problem — encryption — would create another: bureaucratic governmental control of information technology. But it would also create a third problem: Everyone on the planet would try to evade the rules, and/or steal the government’s copy of the encryption keys.
In response, the government would have to intensify its digital control efforts even further. As privacy expert Cory Doctorow has pointed out, the logical path from digital copyright enforcement to government-controlled technology and pervasive surveillance is quite direct:
(T)he political currency of lobbies and interest groups … will arrive at the same place: ‘Can’t you just make us a general-purpose computer that runs all the programs, except the ones that scare and anger us? Can’t you just make us an Internet that transmits any message over any protocol between any two points, unless it upsets us?’
I’ve consistently recommended that any encryption software you use be “open-source” — i.e. that the encryption part be non-proprietary and therefore open to inspection by anyone. That’s the only way you can ensure that it’s truly secure.
Admiral Rogers’ brazen demand for governmental master keys to all encryption would make that impossible, and leads me to turn this recommendation into a prediction.
Within two to three years, those of us who care about our privacy will be using open-source software for everything, from operating systems, to word processing, to email and everything else. We will assume that any proprietary software is compromised. That in turn will shatter the business model that turned U.S. tech firms such as Microsoft and Apple into giants.
That way, the odd journey that started with corporate demands for digital copyright control and ended with proposals for government-approved software will have come full circle.
Offshore and Asset Protection Editor