The End Of Roe Will Bring About A Sea Change In The Encryption Debate
from the rights-matter dept
With the Supreme Court poised to rip away a constitutional right that’s been the law of the land for nearly half a century by overturning Roe v. Wade, it’s time for the gloves to come off in the encryption debate. For a quarter of a century, it has been an unspoken prerequisite for “serious” discussion that American laws and law enforcement must be given a default presumption of legitimacy, respect, and deference. That was always bullshit, the end of Roe confirms it, and I’m not playing that game anymore.
Weirdly, there are a lot of similarities between encryption and abortion. Encryption is a standard cybersecurity measure, just like abortion is a standard medical procedure. Encryption is just one component of a comprehensive data privacy and security program, just like abortion is just one component of reproductive health care. They both save lives. They both support human dignity. They’re both deeply bound up with the right to autonomy privacy, no matter what a hard-right Supreme Court says. (Ironically, the way things are going, the Supreme Court’s position will soon be that we have more privacy rights in our phones than in our own bodies.) And finally, both encryption and abortion keep being framed as something “controversial” rather than something that you and I have every damn right to – something that should be ubiquitously available without encumbrance.
It would be nice if both of these things were settled questions, but as we’ve seen in both cases, the opponents of each will never let them be. The opponents of bodily autonomy are about to score a victory they’ve been working towards for decades. The immediate result will be total bans and criminalization of abortion in large swaths of the United States. We absolutely cannot afford for the opponents of encryption to prevail as well, whether in the U.S., the EU, its member states, or anywhere else.
The only reason there’s still any “debate” over encryption is because law enforcement refuses to let it drop. For over a quarter of a century, they’ve constantly insisted on the primacy of their interests. They demand to be centered in every discussion about encryption. They frame encryption as a danger to public safety and position themselves as having a monopoly on protecting public safety. They’ve insisted that all other considerations – cybersecurity, privacy, free expression, personal safety – must be made subordinate to their priorities. They expect everyone else to make trade-offs in the name of their interests but refuse to make trade-offs themselves. Nothing trumps the investigation of crime.
Why should law enforcement’s interests outweigh everything else? Because they’re “the good guys.” In debates about whether law enforcement should get “exceptional access” (i.e., a backdoor) to our encrypted communications and files, we pretend that American (and other Western democracies’) law enforcement are “the good guys,” positioned in contrast to “the bad guys”: criminals, hackers, foreign adversaries. When encryption advocates talk about how encryption is vital for protecting people from the threat posed by abusive, oppressive governments, we engage in the polite fiction that we’re talking about “that other country, over there.” It’s China, or Russia, or Ethiopia, not the U.S. If we talk about the threats posed by U.S.-based law enforcement at all, it’s the “a few bad apples” framing: we hypothesize about the occasional rogue cop who’d abuse an encryption backdoor in order to steal money or stalk his ex-wife.
We don’t confront the truth: that law enforcement in the U.S. is rife with institutional rot. Law enforcement does not have a monopoly on protecting public safety. In fact, they’re often its biggest threat. When encryption advocates play along with framing law enforcement as “the good guys,” we’re agreeing to avert our eyes from the fact that one-third of all Americans killed by strangers are killed by police, the fact that police kill three Americans a day, and the staggering rates of domestic violence by cops. When actual horrific crimes get reported to them – the very crimes they say they need encryption backdoors to investigate – they turn a blind eye and slander the victims. Law enforcement is a scourge on Americans’ personal safety. The same is true of our privacy as well: as a brand-new report from Georgetown underscores, law enforcement agencies don’t hesitate to flout the law with impunity in the pursuit of their perfect surveillance state.
U.S. law enforcement officers and agencies have shown us with their own actions that they don’t deserve any deference whatsoever in discussions about encryption policy. They aren’t entitled to any presumption of legitimacy. They are just another one of the threats that encryption protects people from. With the demise of Roe, we can no longer ignore that the same is also true of American laws.
Of course, this has always been the case. “Crimes” are whatever a group of lawmakers at some point in time decide they are, and “criminals” are whoever law enforcement selectively decides to enforce those laws against: Black and brown people, undocumented immigrants, homeless people, sex workers, parents of trans kids, drug users. Now that we’re rolling back the clock on social progress by half a century, “criminals” once again will include people who have abortions (which, don’t you ever forget, does not just mean cisgender women) and those who provide them. Already, some deeply conservative states are plotting for using contraception to make you a criminal again too. People in consensual same-sex relationships or interracial marriages may be next. All of these “crimes” are what should come to your mind whenever you hear somebody tout “fighting crime” as a reason to outlaw strong encryption.
If you’re an encryption advocate in the United States, it’s time to stop pretending that encryption’s protection against oppressive governments is only about Uighurs in Xinjiang or gay people in Uganda. Americans also need strong encryption to protect ourselves from our own domestic governments and their abominable laws. The impending end of Roe has laid that bare. The threat is coming from inside the house. “China” was really a euphemism for “Alabama” this whole time. Encryption advocates in the U.S. just usually aren’t willing to say so.
Why not? Because we’ve internalized that unless we treat American laws (and the people who enforce them) as unimpeachably legitimate and supreme, we won’t be treated as “serious.” We’ll be derided as “zealots” and “absolutists” who aren’t willing to have a “mature conversation” about “finding a balance” and “working together” to find a “middle-ground solution” on encryption. Our views and demands will be dismissed out of hand. We won’t get invited anymore to events put on by universities and foundations. We won’t get to talk in endless circles while sitting in fancy conference rooms far away from the jailhouses where Purvi Patel and Lizelle Herrera were held.
The loss of Roe will unavoidably usher in a new phase of the encryption debate in the U.S., because Roe has been the law of the land throughout the entire time that strong encryption has been generally available. Roe was decided in 1973, and the landmark Diffie/Hellman paper “New Directions in Cryptography” didn’t come out until 1976. In the decades since, strong encryption went from a niche concern of the military and banks to being in widespread use by average consumers – while, simultaneously, the constitutional right to abortion was slowly and systematically chipped away. Nevertheless, Roe still stood. In all the years since 1976, encryption policy discussions about “balancing” privacy rights and criminal enforcement have never had to seriously grapple with what it means for abortion to be a crime rather than a right. That’s about to change.
Encryption advocates: It’s time to stop playing along with U.S. law enforcement’s poisonous expectation to exempt them from the threat model. The next time you’re at yet another fruitless roundtable event to “debate” encryption and some guy from the FBI complains that law enforcement must always be the star of the show, ask him to defend his position now that abortion will be against the law across much of the country. If he whines that that’s states’ laws, not federal, ask him what the FBI is going to do once a tide of investigators from those states start asking the FBI for help unlocking the phones of people being prosecuted for seeking, having, or performing an abortion.
Tech companies: Do you want to help put your users behind bars by handing over the data you hold about them in response to legal demands by law enforcement? Do you not really care if they go to prison, but do care about the bad PR you’ll get if the public finds out about it? Then start planning now for what you’re going to do when – not if – those demands start coming in. Data minimization and end-to-end-encryption are more important than ever. And start worrying about internal access controls and insider threats, too: don’t assume that none of your employees would ever dream of quietly digging through users’ data looking for people they could dox to the police in anti-abortion jurisdictions. Protecting your users is already so hard, and it’s going to get a lot harder. Update your threat models.
Lawmakers: You can no longer be both pro-choice and anti-encryption. The treasure troves of Americans’ digital data are about to be weaponized against us by law enforcement to imprison people for having abortions, stillbirths, and miscarriages. If you believe that Americans are entitled to bodily autonomy and decisional privacy, if you believe that abortion is a right and not a crime, then I don’t want to hear you advocate ever again for giving law enforcement the ability to read everyone’s communications and unlock anyone’s phone. Whether or not you manage to codify Roe or to crack down on data brokers that sell information about abortion clinic visitors, you need to stop talking out of both sides of your mouth by claiming you care about privacy and abortion rights while also voting for bills like the EARN IT Act that would weaken encryption. The midterms are coming, and we are watching.
As I wrote recently for Brookings, encryption protects our privacy where the law falls short. Once Roe is overturned, the law will fall short for tens of millions of people. We no longer have the luxury of indulging in American exceptionalism. The enforcement of American laws isn’t a justification for weakening encryption. It’s an urgent argument in favor of strengthening it.
Riana Pfefferkorn is a Research Scholar at the Stanford Internet Observatory.
This post originally published to Stanford’s Cyberlaw blog.