Smartphone encryption ban? It's a boon for criminals and terrorists

Analysis: New York's plan to legislate against smartphone encryption is short-sighted and foolish. David Gewirtz provides three reasons why good crypto is good national security.
Written by David Gewirtz, Senior Contributing Editor

In one of the single most wrong-headed moves possible by legislators (and that's saying a lot), New York is attempting to ban encrypted smartphones.

In my role as Cyberwarfare Advisor for the International Association of Counterterrorism and Security Professionals, I recently authored a briefing paper entitled "Strong encryption for everyone is a national security advantage," intended to guide agencies, departments, legislators and organizations into making the right decision over encryption.

What follows are the three key reasons.

Back doors will be used against us

Built-in back doors forced into our encryption technologies will be used against us far more than those back doors will help law enforcement. It's very important to be aware that flaws built into smartphone encryption (and other forms of crypto) will be very quickly exploited by bad guys and terrorists, and used against our citizens for everything from basic crime to blackmail.

How to secure your computer and online accounts in 10 simple steps

Related to this, it's also important to note that privacy exists for a reason. Some people need security to protect themselves against discrimination, stalking, and hate-based attacks. Breaking crypto means leaving these people open to potentially dangerous attacks.

Bad guys will develop their own encryption technology

With similar logic to "if we make guns illegal, only criminals will have guns," if we eliminate or dumb down encryption technology, we (and our citizens) will not be protected, but terrorists will. As I discuss in my briefing paper, Iran (in particular) has a very large population with advanced education.

There is no doubt that they will continue to develop encryption technology and make it available to terrorist organizations; terrorist organizations will be able to purchase strong encryption from rogue researchers; and we'll be faced with an entirely new (and unknown) level of encryption we have to crack.

We have a built-in asymmetric advantage

If we allow all users to use powerful encryption, it will certainly be harder for our law enforcement and national security personnel to break it. That's a given. But it will also be impossible for terrorist organizations to exploit it.

In this context, we have one unique, huge advantage, which turns out to be the same advantage we used during previous wars: we have enormous technological resources. If you've been wondering why we have organizations like the NSA, it's for just this purpose. When it comes to unbreakable codes, using the full resources of our national security team, we're pretty good at breaking them.

So if we allow everyone to have good and strong encryption, the only people who stand a chance at breaking that encryption are the people on our side -- not criminals or terrorists.

The bottom line

The bottom line is simple. Legislating against encryption, forcing our tech companies to use weak crypto, or otherwise putting up a fight against citizens' rights to protect themselves is a mistake. It's enabling criminals and terrorists at the expense of our own people and our national security.

Don't do it.

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.

Editorial standards