President Obama made a statement on security and privacy today. Let’s take a look at it.

President Obama says “you cannot take an absolutist view on this”

This is a mature and realistic view point to have as a politician. The problem is this view point is not supported by technology. Our society is at a point where technology can lead to absolutes. Now these absolutes need to be governed.

He uses airport security and search warrants as necessary invasions of privacy but they have very little to do with the evolution of technology. A search warrant was designed to allow the use of any means necessary to obtain items of legal interest located on private property. Airport security defends the other travelers from a few people intent on doing damage.

Both of these exist on the premise that it is possible to physically obtain objects of interest. There is no barrier you can put on your home that can’t be broken. There is no safe that can’t be opened. And there is nothing you can carry that airport security can’t see (yet).

Wouldn’t it be nice if a search warrant could unlock encryption?

This is the core of the problem. On my computer (and on yours) there is technology that allows me to encrypt any data I want in such a way that no one but me can access it. A search warrant doesn’t change that. They can compel me to turn over my laptop but they cannot force me to decrypt it.

That is the truth. Want to know why? Because the password I use to decrypt any data I encrypted is only in my head. And guess what? I can plead the fifth amendment. I am not required to disclose any information that may incriminate me. Debate is over.

Encryption is an extension of my brain

If I choose to actively encrypt data, then it is data I have decided is important to my personal well being (or criminal enterprise). That is my choice. It is now covered by the same protections as I am.

What if we choose a different path?

Where does that lead? Do we take away security and put backdoors in all this encryption technology that already exists? If we allow iPhones to be unlocked, what’s next? SSL connections for e-commerce? SSH for secure server connections? Where would it stop? If we are forced to unlock iPhones why bother with encryption at all? Why do we need it?

Technology put us here, but it cannot fix it

Encryption technology is absolute. If we create a key to every encryption method to allow someone with that key to override the intent of the encryption, we are putting someone in a place of tremendous power. If that power were to be abused, shared, lost or otherwise manipulated, the world would be placed in a very bad situation. Even today, when SSL certificate companies are compromised, it is a big deal. Now we want to give this access to someone? What’s the point? Just turn off SSL entirely world wide.

Until encryption can be cracked using other methods, when it is not the impenetrable wall it is today, we have no choice but to consider encrypted data as an extension of one’s personal rights. And that includes my right not to incriminate myself.

What do you think?