"You have the right to remain silent." We've heard the Miranda warning countless times on TV, but what good is the right to remain silent if our own cellphones testify against us? Imagine every incriminating and embarrassing secret our devices hold in the hands of prosecutors, simply because you've been accused of a minor crime. This is the brave new world that Attorney General Bill Barr advocated when he recently addressed the International Conference on Cyber Security and called for an end to encryption as we know it.
Encryption is indispensable to modern privacy. Without it, every message might be read by a third party, and every phone and laptop easily copied by an intruder. Encryption is the digital lock which gives us the security to trust our financial data and inner-most thoughts to the cloud, and without which everything, and I mean everything, in our digital lives might be exposed. Without strong encryption, police officers can potentially transform our cellphones and computers into a de facto government tracking device.
It's odd hearing this call for surveillance coming from Barr of all people. As general counsel at Verizon, he preached about the "freedom to innovate", opposing net neutrality rules that would block internet service providers from shaking down websites and apps to get faster speeds and better access to potential users. What could more stifle the innovation of every single American than the knowledge that anything we say or do on our devices can be monitored at the request of the police?
Barr described basic cryptography as a law-free zone, "insulated from legitimate scrutiny." But just how legitimate has law enforcement's scrutiny been in the past? Here, in New York City, the answer is pretty damning. For years, the sprawling NYPD surveillance apparatus has operated with little oversight or transparency.
Officers have used emerging tools like "stingrays", fake cell towers that can track all the cellphone usage in a neighborhood. For years, the NYPD used these dystopian data-collection devices to track New Yorkers without ever establishing public privacy guidelines on how the tools can be used or when the data they collect can be retained. Even more alarming, this sort of surveillance had been riddled with bias.
An OIG-NYPD report found that over 95% of NYPD investigations targeted Muslim New Yorkers and their allies, despite the fact that the majority of terrorist plots in the US come from right wing extremists and white supremacists. Throughout the 2000s, the NYPD's "stop-and-frisk" program targeted hundreds of thousands of New Yorkers, almost all of whom were New Yorkers of color. And the NYPD's gang database is comprised of over 99% New Yorkers of color.
If Bill Bar gets his way and we equip local police with the ability to hack our phones on demand, we know that they won't target everyone. No, instead, they will go after the exact same communities that have been over-policed and under suspicion for decades.
It would be bad enough if Barr's plan empowered digitized stop-and-frisk, but it's far worse: it'll break the internet. We talk about encryption as if it's a lock, but it's not, it's math. Incredibly complicated and, at times, fragile math. When we talk about building-in "back doors" and "master keys" what we're really talking about is compromising the fundamental strength of the cryptography upon which we all depend.
Encryption back doors are simply another way of saying "bad encryption." By their very nature, these sorts of exploits introduced vulnerabilities that can be used by third parties to compromise our data. Barr has talked about "Exceptional Access Keys" and "Layered Cryptographic Envelopes', but the truth is that when you look past the jargon, there isn't a single solution that experts would universally agree is just as secure as un-diluted encryption.
Even if a "back door" were cryptographically sound, and it's not, we would still be creating a single point of failure. If you create a government repository of encryption keys, guess what the biggest target for global hackers and foreign governments will be? And its not like the US has a great record on keeping our own data safe. The DHS, NSA, DOD, all of the government agencies that we trust to safeguard our secrets have been hacked.
And to make matters worse (yes, it can actually get worse), the law wouldn't even reach the people Barr really wants to target. A federal law that breaks crypto for Americans will be a paper tiger for those operating outside the U.S. Imagine a someone is sitting on a beach in India, Namibia, or the French Southern Territories (countries picked at random to avoid picking on the usual suspects). How much will they care about what Bill Barr says about encryption? Not one bit. They'll just care about what the rest of us should focus on: does this product or service keep my data safe. If Barr blocks American firms from providing secure communications and data storage, competitors around the world will quickly fill the space.
The answer is clear. We don't need a new encryption standard. We don't need a new legal requirement for app developers. We need privacy. As things stand, the government already has an unprecedented ability to monitor what each and every American does in digital and physical space. This isn't the moment to break down one of the few privacy protections we have, this is the chance to build on existing encryption to make sure that when we invoke our right to remain silent, we don't have our own devices speaking against us.
Cahn is the executive director of The Surveillance Technology Oversight Project at the Urban Justice Center, a New York-based civil rights and police accountability organization. On Twitter @cahnlawny.
Zubair is a rising 2L at the University of California, Berkeley School of Law and a civil rights intern at The Surveillance Technology Oversight Project. On Twitter @AyyanicBond