THE SURVEILLANCE ISSUE
The week of March 20, 2016

What Obama doesn’t get about encryption

By J.M. Porup

President Barack Obama is a politician who built his career on compromise. That’s how politics works. You wheel and you deal and you wind up with something more or less palatable to both parties.

The problem here is that Obama does not, by his own admission, understand the technology. He doesn’t like the political consequences of creating secure(-ish) computing devices, and demands, petulantly, that engineers fix it, Mommy, fix it right now. Here’s what he said during his appearance at SXSW in Austin on Friday:

I’ve got a bunch of smart people sitting there, talking about it, thinking about it. We have engaged the tech community aggressively to help solve this problem. My conclusion so far is that you cannot take an absolutist view on this. So if your argument is strong encryption, no matter what, and we can and should, in fact, create black boxes, then that I think does not strike the kind of balance that we have lived with for 200, 300 years….and that can’t be the right answer.

But that’s about as useful as demanding a perpetual motion machine, or a flying carpet, or some other monstrously useful invention that the laws of science and mathematics tell us are not possible.

Never before have we faced such a stark choice between liberty and tyranny.

Insisting that geeks put their heads together and come up with some kind of “compromise solution” is like saying “I don’t like that 2+2=4, and I want you math people to go to your chalkboards and figure out how we can make 2+2=5, because by God if we don’t, them dirty darn terrorists gonna git us.”

As one prominent cryptographer put it: “Science harder, everyone!”

Except that won’t work. No compromise is possible on this issue. There is no grey area, as anyone who understands computer security will tell you. Never before have we faced such a stark choice between liberty and tyranny. Encryption is a binary issue that does not admit any middle ground, no matter how much well-meaning politicians like Obama want to find one.

Even if you do not agree, as I do, that “abuse is a by-product of power”—as Edward Snowden put it so eloquently at the Logan Symposium in Berlin on Saturday, even if you believe that the FBI are angelic creatures who would never misuse these powers to attack political opponents, or disrupt the lives of peaceful protestors, or spy on journalists, or frame a lawmaker they didn’t like with child porn (Where did that come from? It’s not mine! I swear it!) even if you somehow could overlook all of these things, then consider this:

National security is now a matter of collective individual security.

Did you catch that? The security of my iPhone does not exist in isolation. It exists as part of an ecosystem. An ecosystem that is vulnerable to plagues of malware. Because vulnerabilities, like everything on the Internet, scale.

Metaphors have limits but the disease metaphor has been a staple of cybersecurity thinking for two decades because it highlights a fundamental truth: Every insecure device on the Internet is a threat to every other device on the Internet.

The security of my iPhone does not exist in isolation. It exists as part of an ecosystem.

If you make one device vulnerable, you make every device vulnerable. iPhones are not lovingly handcrafted by bearded gnomes making every individual part with loving care from scratch on their tiny work benches in Apple CEO Tim Cook’s candy-cane striped workshop at the North Pole. Computers are mass produced, and unless the government interdicts yours in transit, every single iPhone is exactly the same.

And all equally secure or insecure. Do you realize how vulnerable the world is we’re building? I don’t mean iPhones, I mean everything. The power grid. Your car. The burgeoning market for ioT devices. The world we are creating—our civilization, as Obama put it—will rise or fall on our ability to secure those computers from glitches, of both the accidental and malicious variety. At a time when computer insecurity is reaching crisis proportions, suggesting ways to make computers security worse is not only criminally irresponsible, it is something only a “man of zeal, well-meaning but without understanding” would try to do.

I’ll sign off with this. Obama ended his discourse on iPhone security by defending the Transportation Security Administration. Yes, the TSA—the idiotic security theater that robs us of our dignity, compels our obedience, and which study after study after study have proven does not make us any safer.

“We make compromises all the time,” he told the audience at SXSW. “I haven’t flown commercial in a while, but my understanding is it’s not great fun going through security. But we make the concession because—it’s a big intrusion on our privacy, but we recognize it as important.”

If Obama is capable of defending such nonsense with a straight face, then only a fool would take him seriously on a subject that really does matter—encrypting and securing our future.

 

J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read “assume breach.” Follow him on Twitter at @toholdaquill

A version of this story originally appeared on the Daily Dot on March 17, 2016.

Illustration via Max Fleishman