I’m here on 14th Street in New
York City, where hundreds of people are messaging friends and family
with their phones. But while they’re texting the FBI,
advocacy groups and government agencies are all battling over who
can read those text messages. Most messages like those sent from
WhatsApp, which was the most popular messaging app in 2019 or
Apple’s imessage are encrypted. That means that they are kept
private from everyone except the intended recipient. And while these platforms aren’t
perfect, Jeff Bezos’ phone was recently accessed through a malicious
video message via WhatsApp. Many people rely on the
privacy that encryption provides daily. Encryption is basically how you
lock your door online. Some law enforcement agencies and
dignitaries like Attorney General William Barr would argue that the
protection provided by encryption also protects criminals and terrorists. There are situations where we would
want the government, for example, to be able to get
access to certain information. The president believes tech companies
like Apple should be building encryption with so-called backdoors. I don’t care, we have to get it. We have to find out what’s going on. The benefits of encryption as
a tool are practically countless. And few would argue that on either side,
the issue is who should be able to use that encryption and for what. On the one hand, you have law
enforcement and government agencies who are arguing that they need access to information
in order to be able to prosecute criminals versus those that are
arguing that we need encryption to protect the functioning
of our democracy. And many human rights activists, privacy
experts and members of the tech community believe it is essential
to online and physical safety. If we don’t have encryption. If we don’t have
that level of anonymity. Then we we simply can’t exist online. And sometimes that might
mean non existent life. Encryption saves lives. It saves lives. You might be surprised how many
services use encryption to keep data private. Banks use encryption for
mobile payments and deposits. imessage and signal use end to
end encryption to secure message data. And encryption is also used to
protect sensitive data like health data. Your web browser has
strong encryption in it. Like whenever you buy something
online, there’s really strong encryption happening in the background of it to
protect your credit card and your your your transaction. To put it very simply, when information is
sent from user A to user B. The information is converted into
a jumble of nonsense. That nonsense is encrypted and
decrypted according to a key. User B uses that key to decrypt
the information and this is all done digitally. Encryption is the science of
secret codes, but it is essentially just math. It’s applied math. It’s not fancy in
terms of technological things. It’s it’s fancy math. It’s important to stress that
encryption is a tool. It scrambles data to an unrecognizable
state even for the government. The argumentment for most is
what data should be scrambled? Bank data, government communications. These things are often regarded as
data that should be scrambled and therefore secured. Do we really need there to be
lawful access into the command and control channels that are used for operational technology,
say, to run a dam or an electric power plant? There’s no reason
you would ever need, quote unquote, lawful access
to that system. Personal communications like messages sent with
WhatsApp are some of that scramble data that’s facing scrutiny. On the other hand, there are other
channels that you can imagine where there might be a more valid
tradeoff between what the protection that encryption provides and the needs of
law enforcement to do investigations. But who is to say
who can scramble what data? I don’t think it’s appropriate for the
government to decide that they get security and we don’t. And curiously, you know, I mean,
if if law enforcement actually went around your neighborhood and said, look,
you know, there’s burglars on the loose so we want you to
leave your front door open. So in case you’re a burglar, we can
come find you without having to break down your door. Most people
would say, that’s crazy. Go back and learn your job. You’re supposed to be protecting me. And the line between digital and physical
safety can be a thin one. For example, the E F F has
worked with victims of domestic violence to help them stay safe and secure. Being able to have communications over
WhatsApp, whether you’re trying to find your way to a shelter, find
a shelter, arrange for whatever is going to happen when somebody’s gonna come get
you or you’re gonna get yourself out making sure that you can cover
your tracks about who helped you, where you went and where you got help
can be the difference between life or death for people who are
escaping domestic violence situations. Encryption is also protecting human rights
activists and folks who are living in countries with
dictators and persecutory policies. Esra built a social platform called
Ahwaa, where individuals who identify as LGBTQ plus can virtually meet and
talk with each other in Middle Eastern and North African countries such
as Egypt, where homosexuality is not expressly illegal, but where the
government has used laws against what they call debauchery, among others,
to criminalize LGBTQ plus individuals. Encryption is very important us. I mean, we are operating in such
a sensitive part of the world where censorship and surveillance are the
norm, where individuals are tracked not just because of what they believe,
but simply because of who they are. Their very identity, their very existence
is in fact a crime. Because Ahwaa is public,
yet anonymized and encrypted. People are able to share
experiences, share resources and share life-saving advice. If somebody, for example, says, I’m a
lesbian in Saudi Arabia, I have suicidal thoughts because I can’t reconcile
my identity with my faith. You know, and then people can come
who can relate to that topic without needing to sign in and see what
other people are writing in terms of support, in terms of resources. Where can I go to get any types
of counseling, mental health, i f you’re a trans individuals, where can I go
to get some hormonal therapy without risking my life? You know, this is
what Ahwaa really stands for is accessibility with the
responsibility for security. On the other side of the issue
s ome argue that encryption actually masks threats to national security and
the security of civilians. Not all access all of
the time is bad. And maybe we want to take some
of the risks that are associated with having lawful access. Understanding that they pose risks. And we still want to do that anyway. On December 2nd, 2015, Syeed Farook and
Tashfeen Malik opened fire in the city of San Bernardino, California, leaving
14 people and the two shooters dead. During the investigation, the
FBI obtained Farouk’s iPhone, but could not access it
through the passcode. They went to Apple to unlock
it and Apple couldn’t help. I think it’s frankly disgraceful. I think it’s a
disgrace what they’re doing. And I think that ultimately Apple will
have the blood of dead Americans on their hands for these
kinds of decisions. Apple’s encryption was so good, according
to Apple, that Apple itself couldn’t access the encrypted
data on the phone. Beyond that, the assistance ordered by
a federal judge would overhaul the system that disables the phone
after 10 unsuccessful password attempts. Tim Cook called the order chilling. We did not expect to be in this
position at odds with our own government, but we believe strongly that
we have a responsibility to help you protect your data
and protect your privacy. We have a tremendous problem with data
breaches and lack of security in the digital world, and encryption is one
of the very few tools we have that can help protect us. And so it’s tremendously important that
we stand up for it. Putting what was being called a backdoor
in the IOS framework would allow the FBI to access the contents of
iPhones everywhere, as is legally its right with a warrant, but would also
leave the operating system much more vulnerable to hackers
and other governments. It does come across often as the as
the government side sort of more or less demanding a unicorn, right? We just want the tech sector to
provide access to their products, but only for us and only under
the conditions that we say. And of course, the tech sector says,
well, that’s not possible cause math. The FBI took Apple to court about
the issue, but found another way into the iPhone without Apple’s help. Yet we’re being asked to create a
method to hack our own phones. The case was dropped, but
the debate still continues. Encryption is good. The right way
is to leave Apple alone. The government’s being lazy investigations to
hard, so we’re just going to sacrifice your civil liberties . The price we pay for this privacy
is that privacy covers criminals and the crimes they commit. Drugs and
gun sales, human trafficking. These are all done in the very
dark secret and private corners of the internet. Where are we willing to
risk not getting information for investigations? Where are we willing to
risk potentially having the bad guys gain access to a channel
because of you know weakened encryption? All of our rights have tradeoffs and we
as a society have to decide if we want to make that tradeoff. But I think we should recognize the downsides
to the rest of us of taking away our security and balance that
against making it maybe slightly harder and maybe a few cases for the
FBI to to catch somebody who’s done something wrong. Facebook is now
in the political spotlight, having declared its dedication to end to
end encryption for messaging apps, WhatsApp and Facebook Messenger. In an open letter to Facebook. U.S. Attorney General William Barr, along
with dignitaries from the UK and Australia, warned that, quote, “Security
enhancements to the virtual world should not make us more
vulnerable in the physical world.” And that, quote, “children’s safety and
law enforcement’s ability to bring criminals to justice must not be
the ultimate cost of Facebook taking forward these proposals.” He wants government bodies to have legal
access to data that could be involved in a crime. Important people get security, but
little ordinary people don’t get security. These are challenges that people
like him can’t even fathom, you know, because you’ve never been in
a situation where your very identities criminalized. Over 100 organizations signed
a letter urging Facebook to continue its pursuit of end to
end encryption against the wishes spelled out in the letter from the
US, UK and Australian governments. These organizations included the ACLU,
Human Rights Watch and the Electronic Frontier Foundation. We felt it was important for Facebook
to stand its ground and to understand that, you know, that people like
us who work on behalf of users, you know, if if Facebook stands
with their users on this, we’ll stand with them. The leaders of
WhatsApp and Facebook Messenger responded to the attorney general, William Barr,
in another open letter saying, quote, “The backdoor access you are
demanding for law enforcement would be a gift to criminals, hackers and
repressive regimes, creating a way for them to enter our systems and leaving
every person on our platform more vulnerable to real life harm.” I believe Facebook is absolutely
correct to resist this. I do not think we want
to be creating vulnerabilities because they’re going to get exploited. I’ve heard from people, friends and family,
who say, why should I be worried that the government
has my data? I’m not doing anything wrong or jokes
that the government would be bored with my data. But Esra says that she
might have to shut down Ahwaa if encryption were forcibly weakened. I think the risk would multiply so
much that we would just completely feel paralyzed. That we will no longer be
able to grow, maintain and sustain all of these initiatives. And the Internet
as a whole would lose so many voices, so many communities, so many
narratives, so many perspectives that we really need in order to
grow and expand and decentralize, generally decentralized the Internet so that
it’s more representative of marginalized voices that have been
silenced for too long. There’s also the concern that taking
encryption away from some people won’t stop the criminals who will
find other ways to communicate privately. If we set up lawful access
to certain channels, the media of the adversaries will simply move to
channels where that law enforcement access does not exist. When you think about the real bad
guys of the world that we’re talking about ISIS or or terrorist groups,
they’re gonna have access to strong encryption. And an American policy
calling for backdoors in encryption would create an
international precedence. If Apple creates this backdoor then
China’s gonna say, oh, well, that’s nice. Iran’s going to say that’s
a beautiful backdoor Turkey same thing right . From 2014 w hen
Apple started encrypting users iPhone content to 2016, Manhattan’s, then district attorney
said he was in possession of one hundred and seventy five iPhones
that could have provided evidence in legal cases. Encryption has the potential,
as we’ve seen, to thwart the efforts of law enforcement to
catch criminals and prevent crimes. The Fifth Amendment
right against self-incrimination. The Fourth Amendment right to be
free of search and seizures. These are all rights that give
us protection against law enforcement that has downsides. That means that sometimes
bad guys might go free. But we know that in order to keep the
rest of us free, we need to have this balance in the
role of law enforcement. Amnesty International says there
is no middle ground. If law enforcement is allowed to
circumvent encryption, then anybody can. They feel that either everyone is
protected from community activists to terrorists, from regular people to governments,
or no one is protected. This is an incredibly complex area that we
will have to grapple with as a society, and I would much rather us
grapple with it proactively and arrive at some policy decisions than make you know
bad decisions in the wake of a disaster. One way or the other. A lot of people sometimes think,
oh no, this issue is exaggerated. And the bigger concern is what
if militants are using encryption. That’s why we should ban it, because
in order to protect millions of people, we need to risk the
lives of a hundred thousand people. Well, that’s not true. I think
that argument is incredibly weak. I think there’s a lot that we
can do to balance the two. You may not know it, but you
rely on encryption every day already. And this isn’t the government trying
to prevent you from getting something. This is the government trying
to take away something you already have.