Caleb Allen
CST 300 Writing Lab
21 February 2017
On Encryption and the Rule of Law
The advent of data encryption has created conflict between the needs of law enforcement
and the individual’s right to privacy. While data encryption is not new, its volume and
effectiveness in modern times has rendered law enforcement officers unable to examine the data
and communications of savvy criminals. Officials of law enforcement have called for companies
to grant them access to encrypted data. This proposal has met with resistance from privacy
advocates, who argue creating an access facility would destroy encryption. The fundamental
crime, anonymous child pornography, and data ransom. This mixed bag of developments has
created both problems and solutions for the civil society. In response to consumer pressure, many
companies have begun moving toward client side encryption. Consumers can now encrypt data
to an extraordinary level of cryptographic strength. This creates a problem for law enforcement,
People have long used some form of encryption or obfuscation to communicate secretly.
device, the Spartan scytale [sic], dating back to the fifth century B.C. The scytale is a
wooden staff around which a strip of leather or parchment is wound…The sender writes
the message along the length of the scytale, and then unwinds the strip, which now
appears to carry a list of meaningless letters (Singh, 2000, Chapter 1, para. 19).”
Allen 2
Julius Caesar used cryptography with letter transposition and even portions of the Bible were
enciphered by the Hebrews (Singh, 2000, Chapter 1, para. 21; Singh, 2000, Chapter 1, para. 50).
It is clear that, throughout history, methods of data encryption have been used by people to
Encryption, ciphers, and codes use a methodology to hide data. For example, one method
of data concealment is to replace each letter in a message with another. One might replace each
letter in the phrase “attack at dawn” to hide the underlying message. If that phrase is transposed,
where each letter is replaced with the letter that comes two places after it in the alphabet, “attack
at dawn” can be written as “cvvcem cv fcyp.” Knowing the method, transposing one letter to
another, is not enough to decipher an enciphered message. One must also know the key, e.g. a =
c, b = d, c = e, etc., to render the phrase back into English. In cryptography, the element most vital
to ensuring secret communication is the key. “It was definitively stated in 1883 by…Auguste
Kerckhoffs von Nieuwenhof in his book La Cryptographie militaire: ‘…The security depends only
With the advent of the internet, digital communications are accessible by, theoretically, the
whole world. Desire for services like e-commerce has put pressure on the computer industry to
find a way to make communication between two parties private. One solution came in the form
of public/private key encryption using high-entropy, random numbers. In this model, data are
encrypted with one of two distinct keys: the public key or the private key. Any data encrypted
with a particular public key can only be decrypted with the corresponding private key and vise
versa (Rouse, 2016). These private keys must be jealously guarded to keep communication
concealed, and they must be generated with high-entropy random numbers to keep them from
Allen 3
being guessed by hackers. A long, truly random key can take an attacker, or investigator, an
eternity to brute force. To guess, for example, a 2048-bit encryption key it would take “a little
over 6.4 quadrillion years… the Universe itself would grow dark before you even got close.
Stake Holders
Privacy Advocates. The advent of encryption technology has been hailed and applauded
by privacy advocates. As the name implies, these people see private expression, action, and
communication as a net positive for humanity. Advocates have organized into non-profit groups,
like the Electronic Frontiers Foundation, to better fight for the privacy rights of people around
the world. “EFF [Electronic Frontiers Foundation] fights…to extend your privacy rights into the
digital world (“Privacy,” n.d.).” Many of these privacy advocates believe that the United States
Constitution guarantees a right to privacy for US citizens. By extension, citizens are entitled to
privacy; encryption is a valuable vehicle for this process. Privacy has positive effects on free
people, and, in contrast, monitoring changes how people communicate and interact. “There are
dozens of psychological studies that prove that when somebody knows that they might be
watched, the behavior they engage in is vastly more conformist and compliant (Greenwald,
2014).” Private communication is the only method by which some people, outside of free
societies, can access information that oppressive regimes restrict. Privacy has real individual and
Law Enforcement. Law enforcement in the United States has a different perspective on
encryption technology. They wish to enforce the rule of law equally and protect law-abiding
citizens. In a civil society, the deterrent for crime is punishment. Digital encryption allows
crimes to be committed secretly and the criminals to avoid punishment under the law. Some law
Allen 4
enforcement officials seek ways to apply the law to digital criminals. Customarily, information
on suspects can be obtained with the warrant process. Complying with warrants is the duty of US
companies, and they must comply with court ordered requests for information. To accomplish
this, some have called for technology companies to build a method for warranted decryption. As
Jeff Sessions, Attorney General of the United States, has written: “Encryption serves many
valuable and important purposes. It is also critical, however, that national security and criminal
investigators be able to overcome encryption, under lawful authority, when necessary to the
means of accessing encrypted data, law enforcement will be unable to protect citizens and punish
criminals.
Ethics of Encryption
The case for access. Companies have employed strong encryption on their devices and
are unable to provide data when demanded by a judge’s warrant. United States citizens are not
entitled to absolute privacy. A judge determines when privacy must be suspended in the pursuit
of justice. Companies who do business in the United States must comply with warrants that
allow law enforcement officers to examine records and search private property. Law
By creating devices and services that store and communicate data in absolute secrecy,
technology companies have indemnified themselves from liability. They have, purposely, set
themselves up as neutral parties to their customers’ actions. This practice must end. When a
judge determines that a warrant is justified, technology companies throw up their hands and
claim they are helpless to assist. These companies are not helpless to assist law enforcement;
they are fully able to build warrant compliance into their software. Technology companies must
Allen 5
make their products accessible to law enforcement because only they can. If they want to give
their users privacy, they may do so. However, if a judge rules that encrypted data must be
accessed while pursuing an investigation, it is the software and hardware creator’s responsibility
contract. As Thomas Hobbes writes in Leviathan, humanity’s natural state is one of constant war.
It is only through the authority of the Sovereign, expressed in laws, that humans can escape this
natural condition: “Where there is no common Power, there is no Law: where no Law, no
Injustice. Force, and Fraud, are in warre [sic] the two Cardinall [sic] vertues [sic] (Hobbes, 2009,
Chapter 13, para. 12).” Individuals, pursuing their own interests, cannot act fairly in a lawless
society. Those who seek to escape the reach of sovereign law are reverting to the state of nature.
The state of nature destroys the individual’s chance to succeed and encryption advocates are
The right to privacy is not an entitlement of all people, nor is it an absolute good. “But
whatsoever is the object of any mans [sic] Appetite or Desire; that is it, which he for his part
calleth [sic] Good: And the object of his Hate, and Aversion, evill [sic]… (Hobbes, 2009,
Chapter 4, para. 6).” Individuals in our society have called absolute privacy good. They have
done so not because privacy is good but because they desire privacy. They ignore the social
damage that is caused by enclaves of the state of nature. The Sovereign must have sovereignty,
There is nothing new here. Law enforcement officers can search the mail, can tap phone
lines, can search private residences, and can search the body of citizens. There is also precedent
for changing new technology to accommodate the warrant process: “Congress in the 1990s
Allen 6
passed the Communications Assistance for Law Enforcement Act…This act required
telecommunications companies to configure their systems in a way that would enable them to
effectively respond to court orders (Cordero & Zwillinger, 2015).” Warrants are how law
enforcement officers do their job and encryption subverts the judicial process.
Companies can create a secure means of access for law enforcement. “Apple could [sic]
design a completely [sic] secure facility to manage unlocking individual devices (Gibson,
2016).” This could be accomplished with a master decryption key or through a decryption key
database. Some companies have achieved this by encrypting data twice, once with the user’s
private key, and second with a “recovery” key that can be used for decryption (“What is the
difference between”, n.d). Some specific implementations may be better than others but what law
enforcement needs is demonstrably possible. Some organizations have created systems that are
intentionally designed to circumvent warrant procedures. While the encrypted data can be
provided, the data is rendered useless by the encryption process. Most companies are not
encrypting specifically to defeat law enforcement but the result is the same. Technology
companies were fully aware of the needs of law enforcement when they chose to employ
encryption technology. Compliance with warrants was ignored. Technology companies can and
In sum, compliance with the law is the responsibility of all citizens and companies in the
civil society. Laws are an embodiment of the will of the people, the Sovereign, and the social
contract. Circumvention of the law compromises the ability of individuals to seek their own
accommodate lawful warrants. Technology companies can develop products that comply with
Allen 7
the warrant process. Because compliance is possible, and lawful, technology companies must
The case for the status quo. Law enforcement should respect the right to privacy of US
citizens and respect the right of companies to employ strong encryption technology. Privacy in
general, and encryption in particular, promote great happiness in the civil society. The proposal
implementations of this policy have key flaws. Encryption, as a result of this proposal, would be
recipients only, or they may not. The best encryption techniques are based on the concept of
“trust no one (Rapport, 2010).” Following this concept, engineers have created a technology that
can obfuscate information to all but the intended recipients. They have done this with open
source solutions. The most extraordinary feature of encryption technology is that it can secure
data even when the methodology is publicly and openly known. This feature is key to the
effectiveness and ubiquity of encryption. Law enforcement proposes to replace “trust no one”
security with “trust no one, except us” security. The proposed alterations break the effectiveness
of encryption technology.
Access protocols are problematic in many ways. Take, for instance, public and private
key encryption technology. There are two ways to give law enforcement officials access to data
encrypted in this manner: 1) engineers might create a “master key” that could decrypt all data, or
2) engineers could encrypt data twice and store this second key in a database for on-demand
access.
Allen 8
Option one would require a static key. If such a key were created intruders would need
only crack law enforcement’s key to access all data. Even if this process required great effort, the
reward would be total access. This option makes everyone vulnerable to attack by a single, lucky
hacker. There are other implementation problems as well. Law enforcement would need to
provide their key to developers in some manner, or create large teams to accommodate requests
by individual companies. The former would require this “master key” to be provided as needed,
and, thus, expose it to many people outside of law enforcement. The latter would slow down
development significantly and create an undue burden on small technology companies. Option
one would severely compromise general data security and hamper the ability of technology
Option two would require a central database and would require devices to send their
secondary keys back to the database itself. Even if such a database were compartmentalized into
many, smaller databases, individual threat surfaces would expand from a single key pair to that
key pair and a central database. Current public/private key implementations require an attacker to
derive a single key for a single target. Option two, in contrast, directs attackers to specific points
plain sight and inaccessible to hackers. A “back door” that allows access to law enforcement
would also act as an entry point for intruders. Companies and government agencies from Yahoo
to the Department of Homeland Security have lost entrusted data to data breaches (Goel &
Perlroth, 2016; Lichtblau, 2016). This shows that data, left with companies and public agencies,
are not necessarily safe. Even security companies like RSA have been hacked (Richmond, 2011).
If companies as security conscious as RSA can be compromised, how can anyone be trusted with
Allen 9
the keys to all encrypted data? Law enforcement agencies have shown they are unable to keep
such data confidential as well; this is demonstrated by the breach of the Department of
Homeland Security. Citizens cannot switch from “trust no one” security to “trust no one, except
us” security, because law enforcement agencies have shown they are not worthy of that trust.
Central to this debate is the question: what societal work does privacy accomplish?
Phrased another way: what good does privacy do? Julie E. Cohen of Georgetown University Law
Center writes “[p]rivacy is shorthand for breathing room to engage in the processes of boundary
management that enable and constitute self-development (Cohen, 2012).” People need a place
free of scrutiny, a safe place to be oneself and only oneself. Privacy promotes good in the
The morality of privacy can be seen in the works of John Stuart Mill. He argues in his
essay Utilitarianism, that society must judge actions based on their results, and not merely their
intent. Which results, then, should a society aspire for? “The creed which accepts as the
foundation of morals, Utility, or the Greatest Happiness Principle, holds that actions are right in
proportion as they tend to promote happiness, wrong as they tend to produce the reverse of
happiness (Mill, 2004, Chapter 2, para. 2).” Society must judge an action by what the results
would be. Would an act create more happiness then suffering? If so, it is moral. Law
enforcement has the best of intentions but their methodology is flawed. Furthermore, law
enforcement officials have proposed an expedient approach, but “…he [Mill] said ’Individual
liberty is the ultimate value, and expediency…cannot justify intervention against individual
liberty (Szelényi, 2009).’” Opponents to encryption would increase the suffering of the masses to
Encryption is a vehicle for privacy, which is an obscuring of thoughts and actions from
scrutiny. It allows people to speak, store, and act in safe obscurity. There are also more tangible
examples of the good encryption does. One example is in e-commerce, where encrypted
communications allow for safe financial transactions. If a master key could give access to these
transactions, economic harm could result. Encryption also protects people living in oppressive
regimes. Those who live in a society that seeks to control the information available its members
are able to, through encryption technology, access the free store of human information.
Missionaries operating in countries with oppressive regimes may also, through encrypted
channels, communicate safely with backers living in free societies. It is easy to speculate about
the negative things people do with anonymity, but encryption greatly promotes the general
happiness of humanity. Law enforcement’s proposal would compromise all the good that
Law breakers are operating in the shadows and doing terrible things. The “back door” proposal
would make it easier for law enforcement to stop terrorists, human traffickers, pedophiles, and a
whole host of other heinous criminals. It seems nearly certain that granting law enforcement
access to encrypted data would save lives. Balanced against their tangible goals lay the
intangible virtues of privacy. Without encryption, many good things in society would be
compromised; not least of these would be the welfare of people living under oppressive regimes,
Law enforcement’s request to legislate access to encrypted data should be rejected. This
debate hinges on the absolute nature of encryption. There is debate over whether law
Allen 11
enforcement could gain access safely, but there is no proposal that does not compromise the
strength of modern encryption. While saving lives and children is a tremendous good for society,
so, too, is citizen privacy and the internet economy. A “back door entrance” to encrypted data
has the real potential to break encryption for everybody, and it is unclear what benefit would be
Law enforcement officials point to specific crimes currently taking place behind the
curtain of encryption. However, is the use of encrypted data the cause of criminal activity, or the
effect? In other words, are criminals committing crimes over encrypted channels because they
have encryption, or because they are criminals? Terrorists use encrypted communications to
coordinate activity, but payphones and code words accomplish the same task. What drives this
activity is the desires of the criminals themselves. Compromising the integrity of encryption
systems would not deter the motivated bad actor from their activities.
The encryption genie is well and truly out of the bottle. Powerful encryption is open
source and available to everyone. Custom applications on phones, based on currently available
technology, would deter law enforcement as surely as the status quo does. It seems that even
were law enforcement’s proposal accepted, they could not use it to catch encryption savvy
criminals. The social contract demands that companies comply with the warrant process and they
most assuredly ought to do so. However, this proposal asks technology companies to
compromise a pillar of the secure internet. The risks of this proposal are much greater than the
potential rewards.
Law enforcement has the right to access private information pursuant to a judge’s
warrant. While they have the right to enter private property pursuant to an investigation, they do
not have the right to a copy of every door key in existence. Officers must find ways around
Allen 12
barriers. There is evidence that they have successfully circumvented certain encryption
restrictions in recent years (Wuerthele, 2016). Therefore, let companies comply with warrants by
providing the encrypted data itself and let law enforcement seek strategies for decrypting the
Concessions. These issues are of great societal importance. People will die if law
enforcement’s proposal is denied. Even though criminals would adapt, some would be careless
and subsequently stopped by law enforcement. It would be remarkably satisfying to punish those
who harm children. The “back door” proposal has the potential to stop many of these abusers.
However, there seems to be no middle ground on these proposals. In such an instance, one must
responsible for some degree of bad. Law enforcement must do its job and enforce the social
contract and the will of the Sovereign. It seems clear, however, that giving access to law
enforcement would compromise and thus destroy the utility of encryption. The good in the world
facilitated by encryption must take precedence unless and until a safe compromise can be
developed.
Allen 13
References
Check Our Numbers: The Math Behind Estimations to Break a 2048-bit Certificate. (n.d.).
Cohen, J. E. (2012, November 5). What Privacy Is For. Harvard Law Review, Vol. 126.
Cordero, C. & Zwillinger, M. (2015, April). Should Law Enforcement Have the Ability to
http://www.wsj.com/articles/should-law-enforcement-have-the-ability-to-access-
encrypted-communications-1429499474
Dunn, J. (2017, January 27). Trump’s attorney-general choice wants to ‘overcome encryption’.
attorney-general-choice-wants-to-overcome-encryption/
Gibson, S. (2016, March 12). The “Encryption” Debate. Gibson Research Corporation.
Goel, V. & Perlroth, N. (2016, December 14). Yahoo Says 1 Billion User Accounts Were
https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html
Greenwald, G. (2014, October). Glenn Greenwald: Why Privacy Matters [Video file]. Retrieved
from https://www.ted.com/talks/glenn_greenwald_why_privacy_matters
Hobbes, T. (2009). Leviathan. (E. White, & D. Widger, Ed.). Salt Lake City, Utah: Project
Lichtblau, E. (2016, February 8). Hackers Get Employee Records at Justice and Homeland
https://www.nytimes.com/2016/02/09/us/hackers-access-employee-records-at-justice-
and-homeland-security-depts.html
Mill, J. S. (2004). Utilitarianism. (J. Barkley & G. Alley, Ed.). Salt Lake City, Utah: Project
https://www.eff.org/issues/privacy
Rapport, M. (2010, October 20). Trust No One-A New Security Model for Today's New Threat
http://www.cutimes.com/2010/10/20/trust-no-onea-new-security-model-for-todays-new-
threat-landscape
Richmond, R. (2011, April 2). The RSA Hack: How They Did it. The New York Times. Retrieved
from https://bits.blogs.nytimes.com/2011/04/02/the-rsa-hack-how-they-did-it/?_r=0
Singh, S. (2000). The Code Book : the science of secrecy from ancient Egypt to quantum
https://sfpl.overdrive.com/media/520262
Szelényi, I. (2009). Mill: Utilitarianism and Liberty [Video File]. Retrieved from
http://oyc.yale.edu/sociology/socy-151/lecture-7
Allen 15
What is the difference between "Login OTPs" and "Recovery OTPs"? (n.d). Lastpass. Retrieved
from https://lastpass.com/support.php?cmd=showfaq&id=4616
Wuerthele, M. (2016, August 1). FBI director calls for restart of smartphone encryption debate.
for-restart-of-smartphone-encryption-debate