In every country of
the world, the security of computers keeps the lights on, the shelves stocked,
the dams closed, and transportation running. For more than half a decade, the
vulnerability of our computers and computer networks has been ranked the number
one risk in the US Intelligence Community’s Worldwide Threat Assessment –
that’s higher than terrorism, higher than war. Your bank balance, the local
hospital’s equipment, and the 2020 US presidential election, among many, many
other things, all depend on computer safety.
yet, in the midst of the greatest computer security crisis in history, the US
government, along with the governments of the UK and Australia, is attempting
to undermine the only method that currently exists for reliably protecting the world’s
information: encryption. Should they succeed in their quest to undermine
encryption, our public infrastructure and private lives will be rendered
the simplest terms, encryption is a method of protecting information, the primary
way to keep digital communications safe. Every email you write, every keyword
you type into a search box – every embarrassing thing you do online – is
transmitted across an increasingly hostile internet. Earlier this month the US,
alongside the UK and Australia, called on Facebook to create a “backdoor”, or
fatal flaw, into its encrypted messaging apps, which would allow anyone with
the key to that backdoor unlimited access to private communications. So far,
Facebook has resisted this fact.
internet traffic is unencrypted, any government, company, or criminal that
happens to notice it can – and, in fact, does – steal a copy of it, secretly
recording your information for ever. If, however, you encrypt this traffic,
your information cannot be read: only those who have a special decryption key
can unlock it.
know a little about this, because for a time I operated part of the US National
Security Agency’s global system of mass surveillance. In June 2013 I worked with journalists to reveal that
system to a scandalised world. Without encryption I could not have written the
story of how it all happened – my book Permanent Record – and got the manuscript
safely across borders that I myself can’t cross. More importantly, encryption
helps everyone from reporters, dissidents, activists, NGO workers and
whistleblowers, to doctors, lawyers and politicians, to do their work – not
just in the world’s most dangerous and repressive countries, but in every
I came forward in 2013, the US government wasn’t just
passively surveilling internet traffic as it crossed the network, but had also
found ways to co-opt and, at times, infiltrate the internal networks of major
American tech companies. At the time, only a small fraction of web traffic was
encrypted: six years later, Facebook, Google and Apple have made
encryption-by-default a central part of their products, with the result that
today close to 80% of web traffic is encrypted. Even the former director of US
national intelligence, James Clapper, credits the revelation of
mass surveillance with significantly advancing the commercial adoption of
encryption. The internet is more secure as a result. Too secure, in the opinion
of some governments.
Trump’s attorney general, William Barr, who authorised one of the earliest mass surveillance programmes without
reviewing whether it was legal, is now signalling an intention to halt – or
even roll back – the progress of the last six years. WhatsApp, the messaging
service owned by Facebook, already uses end-to-end encryption (E2EE): in March the
company announced its intention to incorporate E2EE into its other messaging
apps – Facebook Messenger and Instagram – as well. Now Barr is launching a
public campaign to prevent Facebook from climbing this next rung on the ladder
of digital security. This began with an open
letter co-signed by Barr, UK home secretary Priti Patel,
Australia’s minister for home affairs and the US secretary of homeland
security, demanding Facebook abandon its encryption proposals.
Barr’s campaign is successful, the communications of billions will remain
frozen in a state of permanent insecurity: users will be vulnerable by design.
And those communications will be vulnerable not only to investigators in the
US, UK and Australia, but also to the intelligence agencies of China, Russia
and Saudi Arabia – not to mention hackers around the world.
encrypted communication systems are designed so that messages can be read only
by the sender and their intended recipients, even if the encrypted – meaning
locked – messages themselves are stored by an untrusted third party, for
example, a social media company such as Facebook.
central improvement E2EE provides over older security systems is in ensuring
the keys that unlock any given message are only ever stored on the specific
devices at the end-points of a communication – for example the phones of the
sender or receiver of the message – rather than the middlemen who own the
various internet platforms enabling it. Since E2EE keys aren’t held by these
intermediary service providers, they can no longer be stolen in the event of
the massive corporate data breaches that are so common today, providing an
essential security benefit. In short, E2EE enables companies such as Facebook,
Google or Apple to protect their users from their scrutiny: by ensuring they no
longer hold the keys to our most private conversations, these corporations
become less of an all-seeing eye than a blindfolded courier.
is striking that when a company as potentially dangerous as Facebook appears to
be at least publicly willing to implement technology that makes users safer by
limiting its own power, it is the US government that cries foul. This is because
the government would suddenly become less able to treat Facebook as a
convenient trove of private lives.
justify its opposition to encryption, the US government has, as is traditional,
invoked the spectre of the web’s darkest forces. Without total access to the
complete history of every person’s activity on Facebook, the government claims
it would be unable to investigate terrorists, drug dealers money launderers and
the perpetrators of child abuse – bad actors who, in reality, prefer not to
plan their crimes on public platforms, especially not on US-based ones that
employ some of the most sophisticated automatic filters and reporting methods
true explanation for why the US, UK and Australian governments want to do away
with end-to-end encryption is less about public safety than it is about power:
E2EE gives control to individuals and the devices they use to send, receive and
encrypt communications, not to the companies and carriers that route them.
This, then, would require government surveillance to become more targeted and
methodical, rather than indiscriminate and universal.
this shift jeopardises is strictly nations’ ability to spy on populations at
mass scale, at least in a manner that requires little more than paperwork. By
limiting the amount of personal records and intensely private communications
held by companies, governments are returning to classic methods of
investigation that are both effective and rights-respecting, in lieu of total
surveillance. In this outcome we remain not only safe, but free.
• Edward Snowden is former CIA
officer and whistleblower, and author of Permanent Record. He is president of
the board of directors of the Freedom of the Press Foundation
From : The Gaurdian News