James Comey stated the obvious today. He suggested, “There is no such thing as absolute privacy in America.”
Does this shock anyone? Does this even disappoint anyone?
It doesn’t shock or disappoint me. And I’m someone who, to his core, distrusts leadership of any kind and questions their motives at every turn. And still, I argue, absolute privacy is an impossible pipe dream. And it is one I don’t think we should desire.
Mathematically speaking, if someone encrypts a message using AES, today’s standard encryption algorithm, it is going to take 129 trillion years to discover the key that was used to encrypt that message. That’s older than the estimated age of earth by an embarrassing margin. Yes, people sometimes choose stupid encryption keys, or the government embeds vulnerabilities in the encryption process, which significantly cuts the time it takes to decipher a message you aren’t supposed to be able to read. But, assuming neither of those conditions are true, you aren’t going to decrypt that message in this life time or in the lifetime of your most distant mutant robohuman offspring.
And that’s the problem. If we’re going to remain safe from the bad guys who are using encryption to hide their dirty deeds, how are we going to thwart them before they perpetrate their acts, and how are we going to prepare for the consequences?
Never in the history of humanity have we faced a level of clandestinity like this. So, the arguments about the sanctity of privacy and the American imperative to protect it in this digital age at all costs should be filtered as potential data packets of naivete. We have never faced a level of secrecy so impenetrable. To claim then, that we have a right to strong encryption, when we know from history and from everyday experience that some will abuse that access to perpetrate the unspeakable in a virtually undiscoverable way, is patently irresponsible.
I’m not ashamed to say that don’t find anything shocking in the Wikileaks report about CIA hacking operations. If the government wasn’t spending time figuring out how to listen to everyday devices like TVs and smartphones to gather intelligence, I would say they weren’t doing a good enough job trying to uncover calamity before it happens. I do wonder why the CIA is doing this work instead of relying on the NSA, because it seems wasteful for a government agency not to rely on a unit whose job it is to create these kinds of technologies. But this is important work, not because I believe it is right to compromise the privacy of individuals, because I don’t. Rather, it is important work because the traditional view of privacy – that I have a reasonable expectation of being able to say something in secret to my friends and family – is not the same as claiming that I have a right to say things in a level of secrecy so iron-clad that it would take 129 trillion years to discover them.
I don’t think our traditional understanding of privacy has changed. By and large, our secrets are our secrets. But in an era of strong and virtually impenetrable encryption, all secrets, however mundane, are at risk, because the government faces a challenge that is completely unprecedented: how to discover the harmful secrets when, thanks to mathematics and computing, they have been hidden in an impenetrable fortress.
For the time being, we have to shove privacy to the back seat. Meanwhile, we have to continue working on ways to protect privacy while, at the same time, helping law enforcement achieve its aims, provided those goals are designed to keep us safe.