An excellent essay by Penn law prof Jeffrey Vagle describes how the deployment of really easy-to-use, good crypto by Google and Apple is a game-changing shift in the ability of ordinary people to be secure from snooping by crooks, spies (and yes, cops), but how that isn't enough, by a long stretch.
States, including the USA, are determined to make it impossible for people to communicate in private, and they will take extensive measures to force companies like Apple and Google to give them back-door access to their crypto, and any weakness they introduce will be exploited by criminals and rival goverments' spies and police.
The only answer, Vagle argues, is widespread implmeentations of the kind of "effortless crypto" described in William Gibson's fantastic novel The Peripheral. I agree. That's why I joined the advisory board for Simply Secure, whose mission is to make free/open source crypto so easy that your boss can use it.
My concerns – and I expect Mr. Calo's, as well – with this scenario are twofold. First, imagine that some future Apple or Google is the implementer of the effortless encryption, and we further assume that they have implemented this technology in such a way as to require all communication to be transmitted via their networks. In this case, courts may well hold that we have no reasonable expectation of privacy – in a Fourth Amendment context – in the information we voluntarily share with these companies. This aging doctrine has continued to roil in our courts, and has a direct effect on our ability to trust corporations to keep our data safe from warrantless government searches.
Second is the concern that emerges from the very basis of these corporate incentives. Governments can be quite effective at shaping market forces, and many of these same companies that might build our effortless encryption solution also realize significant benefits from government contracts. The first company to build effortless encryption may find itself left out when it comes to future government business. And corporations, as private actors, are not subject to the constitutional restrictions placed on government. Corporations will follow where the market leads them.
Opinion: Why we all have a stake in encryption policy
[Jeffrey Vagle/Christian Science Monitor]