In 2002 the country looked on as the offices of Arthur Anderson LLP had box after box of records carted out of the Houston office. It is through both photographs and court documents that the accounting firm's practices were displayed and all very publicly. That was almost 20 years ago, and the majority of documents material to a criminal investigation are now created and stored in digital form. Unlike collecting reams of paperwork from an office building, warrants for this form of information lack the grandeur and spectacle of federal agents cataloging and transporting physical files.
As though by some predictable ebb and flow of attention to our privacy, we are yet again considering vast, sweeping legislation to kneecap the use of end-to-end encryption (a technology that allows only the participants to read the contents even if a third party is relaying the data). Reincarnated in the form of the EARN IT Act, yet it is a familiar argument we've had before. The pros profess that Government needs ever-increasing access to be able to perform crucial law enforcement and public safety functions. Those against asserting government overreach and the death of privacy as personal liberty. Consider instead, that the last vestige of our warrant system is that it should be costly to invade someone's privacy.
By cost, I don't mean just in dollars and cents. The company whose documents pillaged would have been aware of what had transpired, should the order have been unlawful. In this case, the warrants exposed the Government to public scrutiny. Had the target been wronged, it would have been possible to seek reparations. The prosecuting attorney would have been embarrassed, rebuked, and wasted precious manpower—an awkward annual performance review to be sure.
Luckily end-to-end encryption is not unbreakable encryption. A well funded and motivated attacker (Government, large corporation, or otherwise) can break keys with enough time and computational effort. An ability now within reach of both the good and the bad through the vastness of the cloud. Should that fail, accessing the data by compromising the devices at either end of the communication remains a viable alternative. Copying data in this century is inexpensive and straightforward, so it is the cost of decrypting communications that stands in the way of unlimited access. It is because of these conditions that I see that expansion of surveillance on the public at large is not only a possibility but instead an eventuality.
Only performing traffic analysis, oft referred to as "metadata" as is legal and commonplace today, provides substantial value. Knowing who an actor is talking to when the communications occur how often and the verbosity is precisely the kind of information frequently cited in obtaining a lawful warrant.
Permitting any government unmitigated access to encryption keys erodes both jurisprudence and the traditional warrant system. The cost of invading another person's privacy would be amortized over a mass collection, making it irresistible to review as much data as possible. All likely to be conducted under the FISA court system operating without transparency. The ever-expanding abilities of AI, big data, and machine prediction may prove too sweet a temptation for us to resist.
Understandably, the Government is rightfully interested in crime prevention and prosecution. Still, we must temper that interest with the constitutional rights to due process granted to the innocent as well as the guilty. Even darker yet, there is no evidence that the agents operating such collection systems are any more pious than their private sector counterparts. Regular reports of the invasion of privacy by employees at high-tech firms with access do occur. Do we honestly think that the Government would be substantially more effective at self-regulating and reporting such abuses?
Finally, and most importantly, cryptographically-strong end-to-end encryption is and would remain widely available in countries that maintain no restrictions on its use. It is highly unlikely that the criminals we are aiming to stop would even notice such a law.
We are, therefore, once again called to action, to voice opposition to the expansion of the surveillance state and re-assert our fundamental right to privacy. When the Government has real cause to obtain full access to our private information, it should come at a cost. An authentic and apparent price to pay for the liberty lost. Do you think we will grant the warrant a stay of execution again? If so, for how long?