Do Encrypted Phones Threaten National Security?

[Commentary] In Washington (DC), where a growing chorus is demonizing end-to-end encryption that permits people to have conversations that the government can never see, Sen Sheldon Whitehouse (D-RI) has aired a particularly extreme anti-privacy position: Sen Whitehouse suggested that selling well-encrypted smartphones to Americans should be treated like dumping toxic waste in streams. They began with a hypothetical kidnapping. “A girl goes missing,” Sen Whitehouse told Deputy Attorney General Sally Yates. “A neighbor reports that they saw her being taken into a van out in front of the house. The police are called. They come to the home. The parents are frantic. The girl's phone is still at home.” Naturally, everyone wants to search the phone for clues. But it is encrypted. Of course, the phone doesn’t necessarily hold any clues, and the victim is no worse off than every child kidnapped in the thousands of years before smartphones existed. Nevertheless, Sen Whitehouse feels that the phone maker bears some culpability for the girl’s fate, and should perhaps be made to pay up in a civil lawsuit.

Shaping encryption policy by way of dueling lawsuits and jury awards strikes me as one of the least efficient, least accurate methods imaginable to quantify the costs and benefits of different approaches to encryption and data security. And in a nation in which telecommunications companies were able to wrangle retroactive immunity for knowingly and illegally helping the government to spy on Americans, the notion that civil liability would be consistently applied to powerful corporations, even in the aftermath of black-swan events, is strikingly naive.