On Wednesday, December 4, 2019, LGBT Tech and a number of other organizations directed a joint letter at United States, United Kingdom, and Australian officials concerning the stated policy stances by those countries on encryption. Recently, law enforcement and government agencies have proposed including exceptional access mechanisms into encryption code, with the intention of giving authorities access to the data contained in encrypted networks. Our letter makes clear that doing so would compromise the security of existing networks, which in turn could increasing threats to personal security. As the letter states, "Strong encryption is essential for national security and public safety, and exceptional access mechanisms -- commonly referred to as 'backdoors' -- would create significant security risks."
It's important to understand how encryption works in order to know just how dangerous backdoors would be. The Internet Society and LGBT Tech recently put together an article describing encryption and its importance to the LGBTQ+ community. "Encryption is the process of scrambling information so it can only be read by someone with the keys to open and unscramble the information," the article states. Ideally, the only ones who hold those keys are the information's intended recipients. This is what's known as End-to-End (E2E) encryption. According to The Internet Society and LGBT Tech, E2E encryption "provides the strongest level of security and trust, because ideally only the intended recipient holds the key to decrypt the message. No third party should have a key."
Creating a backdoor in an encrypted network amounts to copying that network's key for third party access, regardless of who that third party may be. At the most basic level, it constitutes a breach in an otherwise safe and secure system. More backdoors in an encrypted network mean more points of access to the information that network contains -- hence the concern from groups like LGBT Tech and other signatories of the open letter.
Many proponents of backdoors often argue their utility to law enforcement and national security. These backdoors in theory would only be accessible to certain authorities, to be used exclusively for policing or surveillance. The open letter makes clear that backdoors, once created, cannot be so easily controlled:
"These exceptional access mechanisms for law enforcement agencies would be the same 'backdoors' that provide an opportunity for terrorists, criminals, and other parties to gain unauthorized access. This is because technologists cannot build systems that can inherently tell when 'bad' people use them, just as engineers cannot design sidewalks and highways to crumble underneath the feet of certain people. In both cases there is a chance that they would build something that is unsafe for all users."
For LGBTQ+ communities, especially those living in areas hostile to LGBTQ+ existence, placing backdoors in encrypted networks places LGBTQ+ individuals at serious risk. The joint letter quotes the Internet Society and LGBT Tech to say as much: “without encryption, LGBTQ+ individuals living in or traveling to [countries where being LGBTQ+ is considered a criminal offense] may not be able to safely and comfortably find communities and outlets for self-expression and would be left vulnerable to prosecution and persecution.” In these cases, strong encryption without backdoor access becomes necessary for safety and survival.
With this recent wave of government agencies calling for backdoors in encryption, it's important to see organizations voicing their concerns. Policy makers in the US, UK, and Australia should heed the caution expressed in this letter. Along with the other signatories, LGBT Tech supports strong encryption over any alternative that uses exceptional access mechanisms.
To learn more about strong encryption and how it affects LGBTQ+ individuals, download our Encryption One Sheet.
The full encryption coalition letter was published on the Open Technology Institute's website on December 10, 2019.