While encryption protects individuals against crimes, like identity theft or unlawful surveillance, law enforcement and intelligence agencies (LEIAs) argue that encryption makes it more challenging, or impossible, for them to investigate crimes and threats to public safety.
The Five Eyes intelligence alliance — composed of Australia, Canada, New Zealand, the United Kingdom, and the United States — has made a number of joint statements in recent years that have called for stricter regulation of encryption, including greater cooperation from technology companies that develop and use encryption in their widely used products and services.
Although different policy proposals over the years have changed the way that these debates are framed, the problem remains unchanged: there is no such thing as a backdoor that only lets the good guys in.
For too long, the encryption policy debate — both for and against — has centered around non-economic values, such as crime, privacy, and freedom of expression. While these issues certainly have economic consequences, that factor has been, at best, an afterthought in the debate on how this technology should or shouldn’t be regulated. This is partially because measuring the economic consequences of encryption regulation is an inherently difficult task. Such regulation is generally unprecedented, or has only come into place recently, meaning that there is no result to extrapolate from.
PPI believes that the economic question of encryption ought to be a more salient part of the debate. Regulation on a piece of unquestionably innovative technology needs to be thought through by more than just a values-based analysis. For the first time, this report examines the economic impact that mandating encryption backdoors would have on small- to medium-sized enterprises (SMEs) across the Five Eyes
Our headline findings suggest:
• 99% of SMEs utilize encryption services which are very or quite important for use internally and/or with customers.
• 62% of business leaders would reduce hiring if encryption backdoors were implemented.
• 58% of business leaders would reduce their investment if backdoors were implemented.
• 52% of business leaders believe that the global standing of their country’s technology sector would be adversely impacted if backdoors were implemented.
Our analysis leads us to conclude that any attempt to weaken encryption — whether it is through front doors, backdoors, or client-side scanning — would inflict economic self-harm in the multiple billions of dollars, and produce negative spillovers that would amplify this globally.
The economic cost of weakening encryption, therefore, provides the illusion of protection while actually crippling the economy. We believe this is an important contribution to the debate around encryption regulation that helps to move the discussion forward.
Governments and LEIAs must cooperate better with technologists and take a more practical, incremental approach to policies and legislation that affect national security and public safety, rather than mandating encryption backdoors or ubiquitous surveillance.