Share this
by Reflare Research Team on Aug 9, 2022 6:58:00 PM
To this day, governments have many reasons to try limiting the use of strong cryptography. However, when did this trend move into the mainstream consciousness and become an issue directly engaging wider society? Prior to the 2016 U.S. election cycle, a controversial bill was tabled with the aim of reducing the use of smartphones with unbreakable cryptography... and the cybersecurity world collectively scratched its chin.
First Published 27th January 2016 | Latest Refresh 9th August 2022
Stop!... Hammer Time.
4 min read | Reflare Research Team
The Political Justification
Think back to a simpler time.
The 2016 US election cycle brought numerous new proposals to the table. What made this cycle different from previous elections was that security and technology were now being used as voter weapons. Security and cryptography were especially in the limelight, especially given the role cryptography played in the Paris terror attacks only a few months earlier.
One particular bill was (AB 1681), introduced into the Californian Legislature by Jim Cooper who wanted to limit the use of smartphones with unbreakable cryptography. Instead of using terrorism as a reason for the law, the bill pointed to human trafficking as the main concern.
Implications of the Logic
The bill proposes to abolish the use of cryptography that cannot be decrypted by the smartphone’s manufacturer or operating system provider. Currently, manufacturers such as Apple and Google do not have the ability to decrypt any encrypted messages stored on a device.
At the time, the tabling of this bill set a new trend in using technology for gain in the political arena. Today, with security concerns continuing to rise across most segments of society, technology being used as a tool to gain a political foothold on voter interests is now commonplace. Security has slowly become an ethical topic used to sway votes between political parties.
For instance, take the Hillary Clinton email incident of the same era. This became priority news at the time as each party used technology as a way to create doubt and suspicion in the minds of voters, and there have been many other domestic and international instances since.
So many emails, so few servers.
Remember - The Precedent Now Exists
Although security is a concept that most people do not understand to a level of sufficiency, the vast majority of people (including politicians) do have strong views on the subject. Although Bill AB 1681 was not expected to (and did not) pass, it did succeed in becoming a very convenient stepping-stone for future proposals. Politicians can now point to this bill’s very existence to sway voters that not the strengthening, but the weakening of cybersecurity is a valid approach for combating terrorism, human trafficking, organised crime, and other illegal activities that play to the fears of the electorate.
However, cryptography is now commonplace in most communications, whether it is used by fake LV handbag sellers, drug dealers, tax evaders, or various other immoral and illegal activities. Of course, encrypted communications are also used for all kinds of moral and legal purposes, but the trick here is how it is viewed; the application is independent of the technology. Cryptography isn’t the problem; it’s the use case.
What made this bill interesting in the context of a global market is that the US has been a trendsetter in law-making. If such a bill that outlawed unbreakable smartphone cryptography were to pass in the future, it is very likely that other countries will follow in their footsteps (particularly in the face of rising geopolitical tensions). This would propose a monumental set of challenges for cybersecurity professionals whose aim is to keep law-abiding systems, data and people as safe and secure as possible.
Cryptography can be a scary concept for voters who do not understand its benefits. Politicians often use topics such as technology to sway voters using scare tactics and promising to catch the bad guys. However, disallowing encrypted data on smartphone devices would put a huge dent in privacy protection.
As you have seen in this research brief, there is much to think through when it comes to protecting data. However, encryption is only one aspect of resilient cybersecurity. To stay up to date with the latest information on the latest data protection risks, subscribe to our periodic newsletters, and review our research briefs on the following related topic topic below.