Alvarez 1

Grace Alvarez
CST300 Writing Lab
15 October 2017

Encryption and Decryption: Privacy vs. National Security

Countering and preventing terrorism is a primary concern for the federal government as

well as state and local law enforcement agencies. Terrorists are considered people who support

or commit ideologically motivated violence to further political, social or religious views. Today,

terrorists can use the advancements in technology to globally establish radical groups, appoint

leadership, and provide training. It is the goal of the federal government to intercept such

communication, by creating an open backdoor in current technology products, for law

enforcement and other special intelligence agencies. A backdoor is a method of bypassing

authentication or encryption in a computer, phone, or an embedded device such as a router.

Creating a backdoor in technological devices would allow government entities critical access to

private data, used to prevent terrorism and protect national security. However, it would also be

detrimental to the users of these devices, as backdoor access would leave them vulnerable to

malicious hacking and cybercrime.

Tech companies like Apple, Samsung, and Google, argue against decrypting customer

data. If Congress passed new legislation, forcing tech companies to create security vulnerabilities

in their systems, it would affect a tech firm’s ability to provide the best data security for its

consumers. The government would simply be asking U.S. companies to reverse years of

technological advancements in encryption and security. Securing information is an enormous

part of what has built the largest retail e-commerce market. Asking tech groups to lower their

security would open consumers to identity theft and do damage economically.

According to CompTIA, the top five most valuable companies in the world are tech

companies and the projected IT industry growth is headed towards 4.1 percent in 2017. If this
 Alvarez 2

occurs, it will put the global IT industry past the $3.5 trillion mark by the end of 2017 (IT

Industry, 2017). The United States makes up a third of this market value. Technology companies

have reputations for reliable and effective products that secure users’ information as well as

safeguard online marketplaces. Strong encryption sustains this industry and enables U.S.

companies to compete more effectively and create economic growth.

On December 2nd, 2015, two armed terrorists walked into the Inland Regional Center,

located in San Bernardino, California, and opened fire on dozens of employees. In this attack, 14

people were killed, and 22 more were critically injured. This terrorist attack led the FBI to

conduct a massive investigation that included searches of the perpetrator's homes, review of the

collected evidence, and many interviews. Among the collected evidence, the FBI found an Apple

iPhone 5C, that was still intact, and multiple hard drives. A four-digit numeric passcode locked

the iPhone 5C, which could equate to ten thousand possible combinations to unlock it. Apple

iPhones only allow ten passcode attempts before erasing all data on the device; this is the result

of their 2014 upgrade to encrypt all data by default (Breslow, 2016).

As part of the investigation into the 2015 San Bernardino shootings, the FBI formally

requested that Apple create a backdoor to the iPhone’s operating system. This request sparked a

nationwide debate over the right to privacy and the FBI’s duty to national security. The FBI

asked the U.S. District Court in California to invoke the All Writs Act of 1789, which gives

federal judges the power to issue orders to compel people to do things within the limits of the

law (Timeline, 2016). In this case, the FBI asked Apple to make a new version of the iPhone

operating system, that would bypass several security features, and install it on the iPhone

recovered during the investigation. Apple opposed this order, arguing that not only did the
 Alvarez 3

requested software not exist, but if it were to be created, it could leak, allowing anyone to unlock

any iPhone if it was in someone’s physical possession.

The FBI and the federal government have a duty to protect the American people and

uphold the Constitution of the United States. Their priorities include protecting the United States

from terrorist attacks, attacks from foreign intelligence operations and espionage, cyber-based

attacks, and high-technology crimes, as well as public corruption (Mission, 2016). The

government and FBI’s core values are to respect the dignity of everyone they protect with

compassion, fairness, uncompromising personal integrity and institutional integrity. The

government declares certain actions to be just or unjust. In the case of San Bernardino, the FBI

believed the information on the locked iPhone would help its investigation and potentially lead

the agency to a larger terrorist group.

Cases like the San Bernardino attack show that there is a need to gain access to certain

personal devices. The FBI states “We are not asking to expand the government’s surveillance

authority, but rather we are asking to ensure that we can continue to obtain electronic

information and evidence pursuant to the legal authority that Congress has provided to us to keep

America safe” (Comey, 2016). In FBI testimony to support this statement, examples included

malicious actors covertly plotting violent crimes, organized criminal networks and nation-states

exploiting weaknesses in our cyber-defenses to steal sensitive personal information (Comey,

2016).

When changes in technology interfere with law enforcement’s ability to use investigative

tools and follow critical leads, the government may not be able to identify and stop terrorists who

use encrypted social media and messaging applications. If the evidence from a device cannot be

retrieved, it inhibits the government's ability to stop and prosecute offenders. Cyber legislation is
 Alvarez 4

needed to protect the nation to allow information sharing between the government and the

private sector, while safeguarding civil liberties (Ferdinando, 2015). The U.S. legal system

establishes constraints on the government’s access to private information, which prevents abuse

of search and surveillance powers. At the same time, the law still allows authorities to gain

access to information that facilitates prevention and prosecution of criminal activities, from

terrorism to drug trafficking. The government would only be allowed to use backdoor decryption

only when proper judicial processes have been followed.

From their nascency, tech companies put a lot of time and effort into developing their

company values. Tech teams believe in innovating, communicating, honesty, collaborating with

other tech groups, earning consumer trust, building positive teams, and never settling for

anything less than excellence. Tech entities must secure their customers’ private data. To achieve

this, they must continuously improve their encryption. They are forced to find the security

vulnerabilities themselves, or via ethical hackers, to stop holes in their systems. When a

company fails to secure its vulnerabilities, it leaves itself, and its customers, open to cyber-

attacks.

According to the ACLU, the All Writs Act does not give law enforcement new

investigative tools that Congress has not authorized. In the San Bernardino case, the act cannot

be used to give authority to FBI to force an innocent third party into government service against

its will. Apple, in this case, is not obstructing justice as they do not possess the information on

the iPhone that the government seeks (Abdo, 2016). The model, the government, seeks to

establish here sets a dangerous precedent that undermines everyone's digital privacy and security.

Tech companies have proven top-level encryption is their greatest defense against

cybercriminals.
 Alvarez 5

It is the responsibility of tech companies to ensure a client’s data is secured. Allowing

access, or creating a backdoor, to user data threatens the privacy of all individuals. Encryption

security has continuously been elevated so as not to allow anyone, other than the end user, to

access the information contained on any one device. The government does not have the right to

gain access to all communication between devices. Access to all devices infringes on the right to

privacy and the First Amendment right to free speech. There is no guarantee that gaining access

to secure communications will solve the terrorist problem. Weakening security for the majority

to potentially gain access to a few illegal communications is not in the interest of the greater

good.

The primary reason for the FBI, or any other law enforcement agencies, to use brute force

decryption is to examine any information that could assist them in investigating acts of terrorism.

The FBI is the lead federal agency for investigating cyber-attacks and terrorists. Allowing the

federal government uninhibited access to communication devices would sharpen its focus on

intrusion into government and private computer networks to catch and prevent terrorist attacks. It

is in the interest of national security to allow a backdoor in user devices that will assist in

investigations of terrorism, and prosecution of terrorist attacks or other criminal activities. The

government should, under court order, have access to decrypted messages in the same way police

can gain access to phone and internet records. Access to encrypted messages is essential in

investigating terrorist attacks and prosecuting criminals.

When acts of terrorism are committed, the FBI and other federal agencies conduct remote

access searches into computers, and now mobile devices, to determine what information may be

valuable to their investigation. Doing so, through Congress approved hacking programs, only

adds additional security holes. Not only are consumers at risk, but American tech companies are
 Alvarez 6

also targeted for trade secrets and other sensitive corporate data. Adding backdoors to products

does not guarantee that the owner of that product did not use some third-party software or

application to encrypt their information thoroughly.

In this debate, there are two prominent calls to action for all stakeholders involved. The

first call to action is that the government could exploit existing security flaws to ethically hack

into a suspect’s smartphone or computer with a court order. Lawful hacking would allow

authorities to use existing vulnerabilities to get evidence without creating backdoor decryption.

This call to action would require the government to get the information they need without

requiring tech companies to reduce their security. The government is operating under

deontological ethics in this call to action. The government is assuming that by opening a

backdoor for their investigations, they can successfully protect the United States, essentially

completing their obligations to the American people. The second call to action is the government

should develop new investigative tools to extract the necessary data, only when approved by

Congress, and so long as it doesn’t put secure data at risk. Under this call to action, all parties

involved are satisfied.

Based on the government’s actions, by hacking into personal and professional devices,

they are acting within a deontological framework. Deontology ethics promotes doing your duty.

This ethical theory is associated with Immanuel Kant, a German philosopher from 1724-1804.

The main principles of this framework are: duties are obligations that must be fulfilled, goodwill

is the only absolute good, and acting on good intentions justifies a moral action, not the outcome

(Ethical, n.d.). It is the government's obligation, in this scenario, to protect the United States, if

they are doing so with good will and noble intentions. The government believes having access to

encrypted information will be an absolute good, and they should always act on their duties,
 Alvarez 7

rather than the outcome. They must prevent terrorism even when it means accessing encrypted

communication of all citizens, suspected or not.

Mega tech companies refusing to allow the government to force weaker systems is a

utilitarian act. The utilitarian principle, advocated by Jeremy Bentham from 1748-1832, states

that given a choice between alternative actions or social policies, one should do what results in

the best overall consequences for everyone concerned. This utilitarian theory means to take

action that results in the greatest amount of good, or the least amount of harm, for the greatest

number of people (Ethical, n.d.). American tech companies refuse to provide backdoors to their

products on the belief that this will cause more harm to the greatest number of people.

Companies like Apple that have sold over 1 billion iPhones understand the FBI’s backdoor

request could open vulnerabilities to all iPhones. In this case, the greatest moral action comes

from protecting user data.

In both calls to actions, the pros are the public’s private information stays secure,

companies can be assured their data is safeguarded, freedom of speech is still protected, and the

American people maintain their right to privacy. The cons of these actions are that terrorists can

continue to communicate and plot their next attacks freely. Even if phones and other locked

devices were recovered, the government would not be able to decrypt them and serve justice,

which would, therefore, be less likely to prevent terrorist attacks.

I believe building vulnerability in the design of tech products would expose all details of

our lives. The government is not aiming for surveillance with this backdoor encryption, but it

seems inevitable that it will lead there. As we have seen with Snowden’s release of information,

the government has been using investigative tools with a top-secret court order, the National

Security Agency (NSA) has collected telephone records from millions of Verizon customers.
 Alvarez 8

The NSA has also accessed and collected data through back doors into U.S. internet companies

such as Google and Facebook with a program called Prism (Szoldra, 2016). Prism collects stored

internet communications that match court-approved search terms. It is in the public’s best

interest to secure user data to the best of its ability. Allowing government agencies to decrypt our

data will diminish our civil liberties and privacy, as well as the economic competitiveness of the

largest tech companies. There is no guarantee that weakening secure communications will solve

the terrorist problem. Weakening security for most users not only undermines our rights, but it

opens us up to more harm than good.

The government has a responsibility to protect its citizens, as well as maintain their rights

to privacy. Tech groups have a responsibility to protect their clients’ data, as well as defend

themselves against potential cyber-attacks. Allowing decryption of digital devices and services in

the interest of national security is not the best way to catch terrorists and criminals who use

smartphones and messaging services to conceal their plans and identities. To mandate that tech

companies, weaken the security of their products to ensure government access to encrypted data

would be devastating to cybersecurity and international competitiveness of these companies. By

creating a backdoor, the U.S. government and international governments could request this

backdoor as a term of tech companies doing business internationally. Law enforcement and

intelligence agencies face incredible challenges in protecting the public against crime and

terrorism. Tech companies will continue to give law enforcement access to data under a court

order so long as it does not compromise the security of personal information. While the FBI’s

intentions are good, it is wrong for the agency to force a backdoor on tech companies.

Ultimately, this demand undermines the freedoms and liberty our government is meant to protect

and places our safety at a greater risk.

 Alvarez 9

References

Abdo, A. (2016, August 11). Apple v. FBI: What just happened? ACLU. Retrieved from

https://www.aclu.org/blog/national-security/privacy-and-surveillance/apple-v-fbi-what-

just-happened

Breslow, J. (2016, February 19). Who’s right in Apple’s fight with the FBI? PBS. Retrieved from

http://www.pbs.org/wgbh/frontline/article/whos-right-in-apples-fight-with-the-fbi/

Comey, J. B. (2016, March 1). Encryption tightrope: Balancing Americans’ security and privacy.

Federal Bureau of Investigation. Retrieved from

https://www.fbi.gov/news/testimony/encryption-tightrope-balancing-americans-security-

and-privacy

Ethical Theory. (n.d.). University of Kentucky. Retrieved from

http://webteach.mccs.uky.edu/profdent/ethical_theory2.htm

Ferdinando, L. (2015, January 21). Dempsey: Cyber vulnerabilities threaten national security.

Department of Defense. Retrieved from

https://www.defense.gov/News/Article/Article/603952/

IT industry outlook 2017. (2017, January). CompTIA. Retrieved from

https://www.comptia.org/resources/it-industry-trends-analysis-2017

Mission & priorities. (2016, May 3). Federal Bureau of Investigation. Retrieved from

https://www.fbi.gov/about/mission

Szoldra, P. (2016, September 16). This is everything Edward Snowden revealed in one year.

Business Insider. Retrieved from http://www.businessinsider.com/snowden-leaks-

timeline-2016-9
 Alvarez 10

Timeline: A history of encryption and government backdoors. (2016, March 22). CNET.

Retrieved from https://www.cnet.com/pictures/timeline-a-history-of-encryption-and-

government-backdoors-pictures/