From the encrypted email service Protonmail’s response to the Council of the EU calling for an update to laws governing encryption in internet applications:
While it’s not explicitly stated in the resolution, it’s widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors. However, the resolution makes a fundamental misunderstanding: encryption is an absolute. Data is either encrypted or it isn’t; users have privacy, or they don’t. The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizen’s home and might begin a slippery slope towards greater violations of personal privacy.
“Either data is encrypted or it isn’t” is right. As we have discussed before on the site, we’d need a fundamentally different type of algorithm in order to encrypt data such that it’d both be secure from decryption attacks but also be able to be unlocked by specific keys owned by a set of people. Today’s algorithms just don’t have this selective encryption. If the private key is with the user (or on their device, as in the case of the Secure Enclave on iOS devices), then it’s with no one else. You can’t have a bunch of private keys, one with the user and another with law enforcement. And even if you could, it raises the Q of keeping that key secure, and so on and on.
The debate between personal privacy and societal security is one we will be forced to have and settle at a public level quite soon. But lawmakers need to appreciate technology, even if they don’t understand it. As a memorable quote from a former Australian prime minister goes,
“The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”
The twenty first century cannot afford this.