Encryption should be seen not only as an essential consumer protection tool, but also as an essential national security tool.
As the U.S. Senate deliberates over several key national security appointments, an old saying comes to mind: “trust is a must.” Indeed, this is a mantra that applies to all of our relationships, from those with our closest family members, to those with our government. And it applies as much to our online as our offline relationships.
By way of illustration, American consumers trust Amazon to deliver their packages on time. Likewise, they trust Google to deliver accurate Internet search results in nanoseconds. The list goes on. Building this kind of trust between customers and online companies is a hard slog, and not everyone will succeed at it. And even those companies that are successful will stumble from time to time.
Innovative Internet companies do not build trust in a vacuum, however. They rely on sound and fair public policies that allow them to start up, scale up, and grow. Furthermore, they need to work with governments toward this shared economic goal. The U.S. government has shown global leadership in this regard. For the most part, over the past several decades, this leadership meant simply stepping aside and allowing the internet industry to innovate, free from unnecessary regulations. In fact, our government did such a good job stewarding the Internet through its infancy that today’s commercial Internet represents at least 6 percent of our gross domestic product.
But we cannot take this number for granted. To the contrary, now, more than ever, we need government and industry to work together to keep this number growing so that the Internet can continue to be the great American export of the 21st century.
A strong and trusting partnership between the Internet industry and government is particularly needed in the national security arena. As the Trump Administration appoints new national security leaders for Senate confirmation, this partnership is at an inflection point.
Internet companies greatly respect the role government plays in keeping us safe at home and abroad, and they work hard to cooperate with lawful requests for information from government. But there are limits. One such limit came into sharp relief last year when the Federal Bureau of Investigation sought a court order demanding that Apple unlock a cellphone belonging to one of the San Bernardino perpetrators. Apple opposed this process because the phone in question was encrypted, and handing over the keys to this technology, Apple argued, meant engineering into the technology a vulnerability that could be exploited by future bad actors.
The Internet ecosystem supported Apple on this issue because—in a world in which “trust is a must”—strong and reliable encryption is an essential building block in fostering trust online. As my employer, the Internet Association, explained at the time of San Bernardino, “encryption protects billions of global Internet users from countless daily threats to the financial system, sensitive infrastructure (like our electric grid), and from repressive governments looking to stifle speech and democracy. We concluded that ‘without encryption we are all less safe.”
The San Bernardino case resulted in an uneasy standoff between the tech community and law enforcement. However, the time since then has been used by lawmakers and by other stakeholders to ease tensions and to deliberate offline.
Last month, for instance, the U.S. House of Representatives’ Energy and Commerce and Judiciary Committees issued a joint report on encryption. Although the report flagged the complexities involved, it acknowledged that encryption “is inexorably tied to our national interests. It is a safeguard for our personal secrets and economic prosperity. It helps to prevent crime and protect national security.” For the Internet Association, this report marked an important milestone in the encryption debate by recognizing, as it did, the important role that encryption plays in fostering trust and in keeping us safe.
Recent events have taught us that the latest threat vector to our nation—in particular, one that risks upending trust in our political institutions and critical infrastructure—is cyberwarfare. Within government, encryption can and should play an important frontline role in combatting these cyberattacks. Differently stated, there is a good argument that encryption should be seen not only as an essential consumer protection tool that guards online transactions and free speech, but also (and increasingly) as an essential national security tool that can protect our critical infrastructure and political institutions from external attack.
Let us hope that our incoming national security leaders will share this view as they prepare for their important new roles.