Dear Mr. Senior Leader,
It is in our opinion that there should be no Intelligence requirement to have U.S. government “backdoor encryption” access to commercial encrypted material (programs/software). However, we do not base this on the opinion that such a backdoor would not prove beneficial for the Intelligence Community’s need—it may very well indeed–bur rather because there is limited, treacherous legal footing for such a rule. In other words, we question the need for a requirement, not necessarily the requirement of the need itself—allow us to explain:
Firstly, the 4th Amendment to the U.S. Constitution reads, “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated” (Congress). Also, “[i]n general, the Fourth Amendment protects a person and their property from searches by the government wherever there is a ‘reasonable expectation of privacy” (Public Broadcasting Service). Simply put, the end-users—presumably some of which might be American citizens–of a commercial or private enterprise product, are covered under the 4th Amendment. Therefore, a requirement of a software backdoor to access encrypted materials could violate this constitutional protection.
Secondly, besides possible constitutional protection violations, the U.S. would face other legal questions as, “does the Government have any right to pry into commercial enterprise to begin with?” So even if we temporarily throw aside any consideration for U.S. copyright laws or patent modification protections of commercial software, the U.S. would still have to consider which legal precedents or statues to write new requirements upon, and definitely how it would further redefine them.
As some might point out, yes it’s true that Former Attorney General William Barr in so many words supported a need (though perhaps not a requirement) for cryptographic back-doors. In a 2020 press conference he stated, “The [Justice] Department…believe[s] that when technology providers deploy encryption in their products, services, and platforms they need to maintain an appropriate mechanism for lawful access” (Kifleswing). And to a similar end, it’s also true that “as a member of the Wassenaar Arrangement, the United States has a responsibility to maintain control over the export and reexport of encryption items. As the President [Bill Clinton] indicated in Executive Order 13026 and in his Memorandum of November 15, 1996, exports and reexports of encryption software…are controlled because of this functional capacity to encrypt information, and not because of any informational or theoretical value that such software may reflect, contain, or represent….” (Govinfo).
However, even if the U.S. could somehow legally approve cryptographic backdoors into commercial software, under which precedent(s) would it justify such a new Intelligence requirement? And still furthermore, if the U.S. cannot respect it’s own copyright law limitations in the process of compromising encrypted material’s “informational or theoretical value,” including that of the software itself, how can it possibly expect anyone else–including foreign actors, trading partners, and even fellow U.S. citizens–to either? In short, if the U.S. could justify a backdoor into commercial software, it would have an extraordinarily tougher time condemning others from doing the exact same thing.
Lastly, if the U.S. could legally put backdoors into commercial encryption software, what would stop other actors from eventually seeking out these backdoors, or better yet, creating their own? Additionally, a requirement does not suddenly make possible backdoor encryption access. For instance, the FBI despite originally not being able to “extract data from two iPhones” overcame this limitation without a requirement in existence (Kifleswing). In other words, the addition of a requirement, “de-jure”, does not supplant the current reality, “de-facto.” Would then a requirement just be legally burdensome to write, duplicitous, and extraneous to the very simple need? We could digress for hours about the legal ramifications alone, without ever considering the moral or ethical grounds, but to us it is clear there should be no Intelligence requirement to have U.S. government “backdoor encryption” access to commercial encrypted material (programs/software).
In so many words, it would be illegal.
APA Sources:
(1) Congress.gov. (n.d.). U.S. Constitution – Fourth Amendment: Resources: Constitution Annotated: Congress.gov: Library of Congress. Constitution Annotated. https://constitution.congress.gov/constitution/amendment-4/.
(2) Govinfo.gov. (2021, March 29). Electronic Code of Federal Regulations. Electronic Code of Federal Regulations (eCFR). https://www.ecfr.gov/cgi-bin/text-idx?SID=2eaed81ac00fdd679e7c20e04882e2d6&mc=true&node=se15.2.742_115&rgn=div8.
(3) Kifleswing, K. (2020, January 16). Apple’s fight with Trump and the Justice Department is about more than two iPhones. CNBC. https://www.cnbc.com/2020/01/16/apple-fbi-backdoor-battle-is-about-more-than-two-iphones.html.
(4) Public Broadcasting Service. (n.d.). Privacy and Property Rights. PBS. https://www.pbs.org/tpt/constitution-usa-peter-sagal/rights/privacy-and-property-rights/.
Leave a Reply