By Paul Rosenzweig, The George Washington University
Should a government be able to require the manufacturers of encryption technology to limit their distribution, to prevent strong cryptography from falling into malevolent hands? Should the state, in effect, be able to require that code makers build in a back door, by which authorities can access, and decrypt, encrypted messages? Let us look at the US government’s attempts to access encrypted information.

Backdoor Keys
The US government’s preferred solution is that those who manufacture encryption software should build into the system a backdoor decryption key that will allow the government to read any encrypted messages.
According to the government, these decryption keys would then be stored or escrowed with a trusted third party say a judge at a federal court, who would release the key under only specified, limited circumstances. Needless to say, many privacy advocates oppose the effort, and their opposition has been successful so far.
Clipper Chip
In the 1990s, the FBI sought to require encryption-technology manufacturers to incorporate a back door that went by the name of Clipper Chip. Opposition to Clipper was based, in part, on civil liberties objections. Many people were concerned that the back door would be used for political purposes, rather than to combat crime.
The opposition was also based on a practical realization that the government itself was a beneficiary of strong encryption to protect its own secrets. A backdoor in encryption programs would not, necessarily, be available only to the U.S. government, after all. So, the state would primarily have a back door into its own secrets.
This is a transcript from the video series The Surveillance State: Big Data, Freedom, and You. Watch it now, on Wondrium.
Companies and Customer Data
Until recently, though, the balance still favored the government because companies would often hold master encryption keys to their customers’ data. You can see why they might want to do that. They might, for example, do so as a matter of convenience. If you, as a user, encrypts data, and then forgets it, or loses the uncrackable encryption key, then the data is lost forever.
Since strong encryption is, for most purposes, uncrackable, governments have turned to an alternate method of securing access to encrypted communications. That is, forcing those who do the encryption to provide it with the encryption keys to decrypt the messages directly. As a result, governments are bringing increasing pressure on service providers to turn over their master keys.
Intermediate and Local Encryption

There is a distinction between endpoint encryption and intermediate—or service provider—encryption. Google, Microsoft, Dropbox and all the other cloud-service providers use forms of intermediate encryption. When, for example, you store data in Dropbox—or you leave your e-mail in your Gmail folder on the Web—the service provider encrypts that information. The encryption techniques tend to be quite strong, making them relatively well-protected against outside attack.
But for long-term storage, the service provider itself retains that encryption key.
By contrast, if you use a strong encryption program locally on your own hard drive, and then upload the encrypted file to the cloud, the fact that your cloud service provider further encrypts the data is good. But, with respect to the government’s demands, it is irrelevant.
Even if Dropbox, let’s say, were compelled by a lawful order to give the government its decryption key, all that it would turn over would be your encrypted file, which you would still have encrypted locally.
Learn more about the unauthorized surveillance programs in the 1950s and 1960s.
Key with Provider
When the encryption key is held by your service provider, it is likely that the government can get access to the passwords. When you hold it, it is much harder for the government to get access. And that’s why the move toward automatic endpoint encryption is so significant for privacy and civil liberties.
Orin Kerr, a fellow professor of law at George Washington University, has summarized the general rule: Third-party data holders cannot assert a Fifth Amendment protection on behalf of their customers.
In other words, when your data is in Dropbox’s hands, your rights don’t apply, and you can’t use those rights to try and prevent Dropbox from giving the government your information.
Learn more about the problems with privacy.
Subpoena Disclosure
Many companies pride themselves on never allowing the government any kind of direct access to their servers. And, of course, by challenging the request and by being subject to an order to compel disclosure, the service providers will, at a minimum, demonstrate that they have made the effort. But in the long run, that just won’t work.
If the government inquiry is tied to some grand jury inquiry or it will be difficult to resist a valid subpoena. It is pretty close to black letter law—that is, a well-established rule not generally open to dispute—that the grand jury can investigate merely on suspicion that the law is being violated, or even just because it wants assurance that it is not.
No Avoiding a Grand Jury
So, this is pretty much an absolute. As a necessary consequence of its investigatory function, a grand jury investigation is not fully carried out until every available clue has been run down and—as the Supreme Court has said—all witnesses examined in every proper way to find if a crime has been committed. Investigative demands from a grand jury must be complied with unless there is no reasonable possibility that the data will be relevant to the investigation.
And so, the conclusion is that service providers like Google and Microsoft may resist the government’s pressure but, in the end, they will not succeed. By contrast, the end-point user—that is you—who holds his own encryption key, has a much stronger argument to withhold that key under the Fifth Amendment protection against self-incrimination.
Common Questions about Government Access to Decryption Keys
The US government’s preferred solution is that those who manufacture encryption software should build into the system a backdoor decryption key that will allow the government to read any encrypted messages.
The opposition to backdoor decryption was based not only in terms of civil rights but also on a practical realization that the government itself was a beneficiary of strong encryption to protect its own secrets and would primarily have a back door into its own secrets.
Since strong encryption is, for most purposes, uncrackable, governments are bringing increasing pressure on service providers to turn over their master keys. These providers do not have the same Fifth Amendment protection that individuals have.