Senator John McCain Weighs In On 'Going Dark' Debate -- Insists That He Understands Cryptography Better Than Cryptographers

Who knew that Senator John McCain understood encryption better than actual cryptographers? Late last week, he wrote an op-ed for Bloomberg View, in which he trots out all the usual talking points on how Silicon Valley just needs to nerd harder to solve the "Going Dark" problem. There's lots of cluelessness in the piece, but let's focus on the big one:

Top cryptologists have reasonably cautioned that “new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws,” but this is not the end of the analysis. We recognize there may be risks to requiring such access, but we know there are risks to doing nothing.

Actually, it kind of is "the end of the analysis" because the core element of that analysis is the fact that any attempt to backdoor encryption doesn't just make security weaker, it puts basically everyone at much greater risk. It introduces cataclysmic problems for any system that stores information that needs to be kept secure and private. The following sentence is equally inane, in which he tries to place the "risks" of backdooring encryption on the same plane as the risk of ISIS using encryption. Let's be clear here: the risk of backdooring encryption isn't just significantly larger than the risk of ISIS using encryption, they're not even in the same universe. Even worse, by backdooring encryption, you are almost certainly increasing the risk of ISIS as well, by giving them a massive vulnerability to attack and exploit. Trying to suggest that this is an "on the one hand, on the other hand" situation is so ridiculously ignorant, one wonders who the hell is advising Senator McCain on this topic. The fact is that there are always some risks. Tens of thousand of people die in car accidents in the US every year, yet you don't hear Senator McCain weighing the risks of driving versus the risks of banning cars. And that's a much more reasonable position to stake out, because banning cars would actually reduce automobile deaths — but it would also cripple the economy. But here's the thing: backdooring encryption has the potential to do much more damage to the economy than banning automobiles, because it would create vulnerabilities that could really completely shut down our economy. So, for McCain to pretend that there are somewhat equal risks on either side isn't just ignorant and meaningless, it's dangerous.

Some technologists and Silicon Valley executives argue that any efforts by the government to ensure law-enforcement access to encrypted information will undermine users’ privacy and make them less secure. This position is ideologically motivated and profit-driven, though not without merit. But, by speaking in absolute terms about privacy rights, they bring the discussion to a halt, while the security threat evolves.

Honestly, this is not true. I know that Comey's favorite line these days is that using strong encryption is a "business model decision," but Silicon Valley's interest in strong encryption doesn't appear to be driven by their own bottom lines, frankly. If it was, they would have adopted it much earlier. Strong encryption actually undermines some companies' business models, in that it makes it more difficult for them to collect the data that many of them rely on. The move towards stronger encryption has mostly been the result of a few things: (1) the fact that the NSA broke into their data centers and put their legitimate users at risk, (2) a better understanding of the wider risks from malicious attackers of what happens when you have weak encryption and (3) user demands for privacy. The last one may have indirect business model benefits in that it keeps users happier, but to argue that keeping users happy is somehow a purely money-driven decision, and frame it as somehow a bad thing, is pretty damn ridiculous. And, honestly, while there are some activists who speak in absolute terms about "privacy rights," you rarely hear that from Silicon Valley companies. In fact, those who have absolute views on privacy tend to be the most critical of Silicon Valley companies for taking a much less principled view on "privacy rights." McCain pretending that this is driven by some sort of "privacy rights" advocacy suggests he's (again) woefully misinformed on this issue.

To be clear, encryption is often a very good thing. It increases the security of our online activities, provides the confidence necessary for economic growth through the Internet, and protects our privacy by securing some of our most important personal information, such as financial data and health records. Yet as with many technological tools, terrorist organizations are using encryption with alarming success.

Actually, they're not usi