Undermining Encryption Protocols Threatens Startup Stability
TLDR: This morning, the Senate Judiciary Committee held a hearing on “encryption and lawful access.” While the hearing largely focused on the ways large tech companies use encryption—Apple and Facebook testified—companies of all sizes, especially startups, rely on increased privacy and security protections to gain and keep user trust as well as to differentiate themselves from larger competitors.
What’s Happening: This morning’s Senate Judiciary Committee hearing comes as the Department of Justice and other U.S. law enforcement agencies have criticized tech companies in recent months for providing encryption that officials say is making it more difficult to combat criminal activities such as child exploitation. Government officials, including Attorney General William Barr, have called for tech companies to build intentional vulnerabilities, or “backdoors,” into their products to facilitate law enforcement access to encrypted data.
Of particular note has been the DOJ’s attack on the expansion of secure encryption protocols, particularly Facebook’s push to incorporate end-to-end encryption across all of its messaging services. In October, Attorney General Barr joined with U.K. Home Secretary Priti Patel and Australian Minister for Home Affairs Peter Dutton in calling on Facebook CEO Mark Zuckerberg to halt plans to incorporate end-to-end encryption. This week, Engine joined a letter signed by more than 100 advocacy and civil society organizations across the world in voicing support for end-to-end encryption efforts.
Why it Matters to Startups: Despite the fact that tech giants like Apple and Facebook have been at the forefront of the encryption debate, companies of all sizes and their users stand to be impacted by a weakening of security protections. In a world where consumers’ data is under constant threat from data breaches, targeted hacks, and cyber criminals, encryption helps companies protect their users as they engage in everyday communications over the Internet.
Sen. Mike Lee (R-Utah) noted during the hearing the conflicting pressure from lawmakers to, on the one hand, weaken security protections to provide law enforcement access to data, while also simultaneously demanding rigorous privacy and security protections for users. “We frequently hold hearings where we rail against companies that fail [to] adequately correct weaknesses in their systems that could leave users of technology vulnerable to having their data disclosed,” he said.
That tension is even more dramatic for small and new startups, which don’t have the long-standing reputation or relationships with users to withstand the loss in consumer trust that would come from a company intentionally undermining the security of its products. Additionally, and as we previously highlighted in a 2016 letter signed by 40 companies, startups lack the resources to build and defend an intentional vulnerability created at the behest of law enforcement.
Engine supports companies' work to assist law enforcement in their efforts to combat crimes, but startups shouldn’t be forced to risk the security of all of their users’ privacy in order to do so. That’s especially true considering the fact that persecuted, marginalized, and at-risk communities—including dissidents, whistleblowers, domestic violence survivors, and LGBTQ+ individuals—currently benefit from the use of encryption. Introducing intentional vulnerabilities into secure encryption protocols will weaken their effectiveness for everyone.
For more background on what encryption is and how it is used, please see our booklet on the "Nuts and Bolts of Encryption" that we wrote with the Charles Koch Institute last year.
On the Horizon.
Join Engine, the Computer and Communications Industry Association, and Internet Association tomorrow at noon for a lunch panel about the complex copyright rules that govern (and permit) sharing online. We will discuss the ways those rules impact platforms and users, as well as the impact that proposed changes could have on the Internet ecosystem. Learn more and RSVP here.
The Senate Judicary’s Subcommittee on Intellectual Property is holding an oversight hearing of the U.S. Copyright Office at 2:30 p.m. this afternoon.
