Software Is Speech
By Corey Henderson & Chris Garrou | Our Voice Contributors
Law enforcement has a problem with encryption, and it’s easy to see why. They arrest a suspect, confiscate their phone or computer, and are unable to unlock it. “The phone contains evidence we need,” they say. Trouble is, they can’t compel the suspect to disclose the password, and don’t have the technical means to break the device’s encryption. In time sensitive situations where there may be life or limb at risk, the desire to crack open the supposed secrets the device contains becomes all the more urgent. Yet, they find themselves wanting.
It begs the question, “Should We, The People let law enforcement have the capability to defeat encryption?”
On the surface the answer may seem like a simple “yes.” You may assume the officers have good intentions. With those assumed intentions, they would need the tools to catch the bad guys, right?
The trouble with this approach is that the situation is far more complex. Answering “yes” to that opens a giant can of worms. Perhaps the easiest way to describe it is this: if law enforcement can bypass it, so can anyone. Let’s be clear here, there is no secure way to give just law enforcement the ability to access a back door to encryption.
Encryption is everywhere, and is used mostly for productive purposes. It protects your money, your privacy, sometimes even your life. Bypassing encryption is breaking it. All these digital things the modern world relies on would come crashing down in the absence of unbreakable encryption, which is what it was all built on in the first place. To enable a convenient “back door” to law enforcement in this instance would be to the detriment of all other things digital.
But, consequences be damned, law enforcement still wants a way in. Instead of asking this as a technology question, approaching it from a How-To perspective, let’s frame this from a big picture societal-level question. Let us ask, “Why?” To do this, we should address the Constitution of the United States of America.
Within the Bill Of Rights, we see 3 articles that are related to that which constitutes Encryption.
I – FREE SPEECH & FREE PRESS
To technologists and the like, software is speech. They are called programming “languages” for a reason. You express your thoughts and ideas into a compiler, and voila, your application is born. It’s a form of art. It’s downright poetry. We can share that work with the world, much in the same way our freedom of the press allows for the sharing of abstract thoughts and ideas with the rest of the world.
Encryption is software. It is a collection of mathematical expressions. It’s a fundamental element to our existence. It derives from our intelligence. It is speech that should be freely expressed and protected.
We have freedom of speech, we have freedom of the press, we deserve freedom of software. If our government can’t dictate what we say, write, draw, or print; they then cannot tell us we can’t code something, share it, or use it.
II – BARE ARMS
To law enforcement, software is a weapon. It’s disruptive. It’s secretive. It’s a peril to society. Truthfully though, it’s nothing more than a tool, and tools can be used for both good and evil.
However, if you’re going to call it a weapon, I’m going to pull the second amendment out.
Guns are also tools, and you can’t regulate them out of existence. Law abiding citizens would surrender their guns. Outlaws won’t. You then have citizens who can’t protect themselves from outlaws, or their own government.
Likewise with software, you can’t will the laws of mathematics out of existence. Citizens need protection from outlaws, and their own government. Breaking encryption is tantamount to removing power from the people. Imagine the government making it illegal to run certain software on your computer. How crazy is that?
IV – SEARCH AND SEIZURE
With warrants, law enforcement can legally confiscate your guns, your safe, your computer. Your physical things. What they cannot take are the non physical things. Data isn’t a physical thing. The storage device it’s on is – but the data itself isn’t physical. It’s digital, much like how your brain is physical, but your thoughts aren’t. You therefore cannot “seize” encrypted data. It’s an abstraction from the thoughts you hold.
Good detective work may be able to find or guess the password or other secret to unlock the encryption, much in the same way it can be used to trick a suspect into revealing details they otherwise would not intend to. That, however, pretty much ends there – they either have the physical means to “unlock” your data, or they don’t. There is no seizure of digital assets. It’s just a copy of bits.
V – SELF INCRIMINATION
This covers disclosure of the encryption key, password, or other secret.
You can be convicted of a crime. You cannot, however, be compelled to confess to it. Many a criminal professes to their innocence. And you know what? Many of them are found to actually be innocent later on. Basically, your secrets are your own. What this means in practice is, while law enforcement can remove physical items in your possession, they can’t remove knowledge from your brain. “Where did you bury the body?” “Where did you hide the stolen jewels?” “When did you decide to break into that locked warehouse?” Whether you did it or not, you don’t have to tell them anything. Indeed, the answer to the question itself isn’t always what law enforcement is seeking. Often what they are attempting to do, in a way, is break YOUR encryption and get you to reveal crimes for which they may or may not have evidence.
Aside from that, asking for a password is rather pointless. Consider the following answers:
“That’s not my computer.”
“I don’t manage the encryption, ask someone else who has access.”
“I don’t manage the encryption. He’s lying.”
“I don’t remember the password.”
“If I give you the password, how are you not certain I didn’t give you a hypothetical decoy password?”
Certain encryption software enables a two-faced system, with “Chaff Layers” or a “Container Volume” or other technology that allow for what is known as “Deniable Encryption.” One password reveals one set of files, while another reveals a different set of files, and you can’t prove that this area on the computer is an encrypted set of files vs. being just random bits that are unused space. It is an expression of true plausible deniability.
Also, one can employ the use of steganography. From the Greek words meaning “covering” and “writing”, it currently refers to hiding a digital message within a digital image. Once deemed an archaic term in the 1800’s, it was resurrected in the 1980’s to describe this type of encryption.
While you want to be able to catch the bad guy, you can’t infringe on civil rights in the process. As technology becomes more advanced, it is natural for law enforcement to want to be able to circumvent these new ways for people to keep secrets. Ultimately, however, using historically tested methods to catch these suspected criminals is the best way to keep fighting crime AND protect all of our rights in the process. At the end of the day, nothing beats good old-fashioned detective work.