Congress, don’t give away the keys to our encrypted communications 

In an op-ed on Feb. 22, Steven Wasserman, the national president of the National Association of Assistant US Attorneys (NAAUSA), called on Congress to force tech companies to give foreign adversaries and criminals access to the encrypted data of American citizens. 

While of course Wasserman did not phrase it that way, the result would be exactly that. There is no way to “provide law enforcement access to encrypted data” without creating security vulnerabilities that will leave everyone less safe.  

For the last 30 years, law enforcement officials have called for the end of end-to-end encryption. They’ve proposed various ways of weakening encryption, like the Clipper Chip of the 1990s, “exceptional access” of the mid-2010s, or the “ghost proposal” of the late 2010s. But the consensus among technical experts has been unwavering: there is no way to provide law enforcement access to end-to-end encrypted communications without undermining the security and privacy of everyone who relies on those protections.  

The British government, which passed a law threatening to undermine encryption in 2023, seemed to “recognize this technical reality, stating that it does not intend to use its power under the clause until such technology is available.” With access to people’s unsecured messages, criminals will have a new tool for facilitating blackmail and other crimes.  

For parents, guardians and caregivers, strong encryption is one of the most important tools to keep children safe online. As Stephen Bonner, the UK Information Commissioner’s Office’s executive director for innovation and technology, notes, “it strengthens children’s online safety by not allowing criminals and abusers to send them harmful content or access their pictures or location.” A 2023 report from Child Rights International Network and Defend Digital Me goes further, arguing that “encryption engages not only children’s rights to privacy and protection from violence, but also non-discrimination, the right to life, freedom of thought, conscience and religion, the right to health, and even the protection of children affected by armed conflict.” 

For members of marginalized and at-risk communities, end-to-end encrypted communications provide a secure lifeline. Journalists rely on end-to-end encryption to protect sources, members of the LGBTQ community rely on it to enable free expression and prevent blackmail or even acts of violence, and our national security professionals rely on mass-market end-to-end encrypted tools to keep them safe in conflict zones. For marginalized communities abroad, access to secure end-to-end encrypted communications is often a matter of life or death.  

We’ve seen the devastating impacts of encryption backdoors being discovered and used by adversaries and criminals. In 2015, it was revealed that hackers allegedly linked to the Chinese government were able to use a backdoor created by the National Security Agency to decipher the encrypted communications provided by one of Juniper Networks’ subsidiaries, which counted the U.S. Department of Defense as a major customer. Mandating insecurity, as Wasserman effectively calls for, would create an open-season for criminals and foreign adversaries to try to find these encryption backdoors and facilitate even more crimes or attempts to manipulate the American public. 

Beyond the risks of weakening encryption for all users, Wasserman’s proposal will not succeed in catching criminals. Undermining end-to-end encryption in the United States will not make it suddenly go away. Criminals will simply move to options from jurisdictions outside the United States, or even develop their own end-to-end encrypted systems. Non-criminals are unlikely to do so, creating a situation where criminals continue to enjoy the benefits of end-to-end encryption while their victims cannot. 

In addition to being counter-productive in its goals of keeping people safe and catching criminals, demanding access to encrypted communications would also damage the U.S. economy. In 2023, IBM found the average cost of a single data breach was $4.45 million. In 2018, Australia passed a law that could be used to force companies to provide the government with access to end-to-end encrypted communications. Despite these powers never being implemented, the Australian tech sector saw over a billion dollars in lost revenue opportunities and investments. Foreign investors and customers were concerned that the new law would undermine the security of Australian tech products.  

Protecting children online is an important and laudable goal. Calling on Congress to force tech companies to undermine end-to-end encryption is not. Encryption is the lock that keeps out those who seek to do us harm. It protects our citizens, our national security, our economy and our children. 

Congress must not hand the keys to our enemies. 

Ryan Polk is a senior policy adviser at the Internet Society. With a focus on cybersecurity policy, Polk co-leads the Internet Society’s initiative on encryption.