Encryption laws should think global, not local

Internet standards aren't bound by geography, and they won’t bend to local absurdities like the Burr-Feinstein bill

Encryption laws should think global, not local
Reuters/Jonathan Ernst

Setting universal standards has never been easy. Over the centuries, the world hasn’t agreed on much of anything, from power outlets to politics. We must manufacture cars that have both left-hand and right-hand drive. Much of the world uses 220-volt power systems, but North America runs 110. Let’s not even get started on imperial versus metric measurements.

One common element to these disparities: They generally stem from a time when global communication was either nonexistent or was characterized by latency measured in years. Solutions were developed in one area and became standards well before the locals knew of similar efforts in distant lands.

They also generally come from a time when standards were set ad hoc, not by conscious thought. A good and omnipresent example of this would be the QWERTY keyboard.

But that’s no longer the norm. Not only has computing brought us substantially lower-latency communication, but we had to develop strong global standards in order for that to be possible. The communications system that allows you to read these words is based on international standards. The only reason you can be anywhere on or off the planet and access this column is due to the computing world working together for decades to develop, maintain, and adhere to strong standards.

We may drive on different sides of the road and use wildly different power outlets, but TCP/IP, Ethernet, and Wi-Fi are universal. The idea that different countries or regions would have their own network standards that were incompatible with those of other countries isn’t viable in the Internet era. Even if attempted, it would eventually be absorbed by the larger technology or simply die out. See: ARCnet, Token Ring, and IPX.

The fact is, while there may be competition in standards when a technology is in the very early stages, eventually a single standard is reached and must be accepted, or those who refuse will eventually be abandoned. Even North Korea’s isolated Kwangmyong is built on Internet standards.

In the physical world, standards are still more geographically bound. Building codes can vary from town to town and state to state, for instance. Laws of some territories don’t apply to others.

But the Internet is very different because it crosses geopolitical boundaries. This fundamental and vital fact is completely missed by legislative bodies that are currently trying to exert governmental control over encryption -- or any other area regarding the Internet. The rules imposed by one government or locality on technologies that underpin the Internet are unenforceable outside of that jurisdiction. Thus, if one government produces laws that alter or constrict global technology standards, those alterations will be abandoned by the larger standard, and that government will find connection, communication, and commerce increasingly difficult if not impossible outside of its silo. It would be a self-imposed embargo.

Imagine if the sky fell in and the comically absurd Burr-Feinstein bill were to pass in the United States. Beyond all of the massive problems the language of the bill would cause for … well, every digital device ever made and everything that relies on them, it would also wall off the United States. Easily crackable encryption is not encryption at all, and the rest of the world would route around this problem by refusing to communicate with systems running code harboring backdoors mandated by the U.S. government. This means that all international commerce and finance activities would cease. It would mean the end of the U.S. economy.

A more likely scenario would be that U.S.-based companies simply ignore the law to save themselves and begin the process of permanently relocating to other countries. Either way, it would be an enormous price to pay for a few legislators who want laws that let them peek into the personal lives of their constituents.

The nontechnical response to this might be, “We should develop an international encryption standard like the ones that currently run the Internet, but with backdoors.” Of course, while many countries might desire the ability to decrypt anything they like, they certainly wouldn’t want other countries to do the same. Besides, an international encryption standard with backdoors would bring about the same financial ruin the United States would face from Burr-Feinstein, but on a global scale.

We can say it until we’re blue in the face, but strong encryption keeps the world economy functioning and keeps us safe, not the opposite. Bills like Burr-Feinstein underscore the profound technical ignorance that afflicts several world governments. They truly know not what they do, which is perhaps scariest of all.

Copyright © 2016 IDG Communications, Inc.