Skip to content, sitemap or skip to search.

Personal tools
Join now
You are here: Home Blogs Community Asking Obama to protect encryption, and why that's not enough

Asking Obama to protect encryption, and why that's not enough

by Zak Rogoff Contributions Published on May 22, 2015 05:49 PM
This week the FSF added our signature to a coalition letter addressed to Barack Obama, calling on him to reject any proposal to systematically undermine the encryption used to secure digital devices and software made in the US.

In addition to civil society organizations like the FSF, the letter* was signed by some of the most important cryptologists in the world, including the inventors of many of the key technologies behind modern encryption.

The letter is a response to recent requests from the US Federal Bureau of Investigation (FBI) and other agencies for laws requiring that backdoors and attack vectors be built into any encrypted system made by US companies. These backdoors would be specially created to allow law enforcement to snoop on the personal information of the company's customers. Even if you trust the government not to misuse your personal information, this is very risky; any backdoor created for the government will significantly weaken software against other attacks as well.

While free software advocates may not all agree on the details of how narrow government surveillance must be to keep civil liberties intact, we must draw a line at surveillance that prevents effective whistleblowing on corporate and government misbehavior. Mandatory backdoors would definitely do that. Whistleblowers exist outside the NSA—people must be able to expose (as hypothetical examples) inappropriate influence by Apple on US congresspeople, or secret patent intimidation by Microsoft against free software distributors. Without strong encryption, such sources will know that their identity can be easily discovered, providing a serious deterrent against doing the right thing.

Another unacceptable result of government-mandated backdoors is that they would effectively make it impossible for US companies to use free software encryption in systems that handle customers' information. The laws requiring specific unmodifiable anti-features would prevent both companies and users from exercising freedom 1 of the Free Software Definition, the freedom to study how a program works and change it so it does your computing as you wish.

We are strongly opposed to government-mandated backdoors and are supportive of this letter's intent, but we signed it with some trepidation. This is because the only real victory in control over our software lies not in petitioning the government, but in moving away from proprietary software. Free software can be much more difficult for centralized entities—either government or corporate—to control, because any backdoors or other vulnerabilities added to a given version can be reversed in another version and spread to everyone using the program (I wrote more about this resilience in a 2013 article, How can free software protect us from surveillance?). Conversely, proprietary software is never guaranteed to serve our interests—even if we are assured by the developers of the software that they have not built in a backdoor, we can't verify this because we can't see the source code.

Let's keep pressuring our government to resist any requirement to deliberately install backdoors in our software, but not put all our eggs in that basket: to really have freedom and security, we need to use our own solutions that we control, from the source code up. A variety of such free software, encrypted communication tools already exist. Systems like GnuPG (learn how to use it here), OpenSSL, and the rest in the Free Software Directory's encryption category are easily available and new ones are being created every day to meet changing needs. There are even new, free software-based, decentralized, surveillance-resistant systems that we hope will someday replace the massive restrictive corporate systems that government agencies so desperately want complete access to. If we're successful, we'll eventually reach a point where we won't need to petition leaders to protect our privacy in this area, because we'll be able to protect it ourselves.

*The letter uses the term "free and open source," but the term "open source" misses the point of free software. Read more about the two terms on gnu.org.

Document Actions

The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work.

fsf.org is powered by:

 

Send your feedback on our translations and new translations of pages to campaigns@fsf.org.