Tech companies argue that if encryption is weakened for consumers only criminals will have encryption. The gun lobby argues that if guns are made illegal, then only criminals will have guns. I would never argue that everyone should own a gun. We\u2019d likely all shoot each other. But I do think everyone should have access to strong encryption.\nTackling the boiling encryption debate, my hacker friends have convinced me to see it their way. That is, strong encryption is more of a benefit than a liability. Apple and the rest of the tech industry should stand fast on not allowing the government to build a back door into their products.\nThe reasoning is relatively straightforward. Companies offering end-to-end encryption use a key-pair technique. The algorithm uses both keys to wrap and unwrap messages. \u00a0 A concrete metaphor for it is the schema used for safe deposit boxes in banks. The bank has one key, and you have the other.\nStretching the analogy further, the bank key is like the public key, and your key is like the private key. Potentially anyone has access to your public key. Only you have access to your private key. When you encrypt something with your private key, other people know that it\u2019s you because the message can be decoded only with your public key. This transaction is called authentication.\nWhen someone sends you a message encoded with your public key, only you can open it with your private key. This is the security piece of the transaction. The longer the keys (with lots of digits), the harder it is to crack them.\nRight now, companies like Apple and Facebook (via its WhatsApp messaging app) encrypt their users\u2019 data with keys long enough to stymie anyone who tries to intercept the message and break into it.\nSecurity services like the FBI want in on those messages, ostensibly to go after criminals like the San Bernardino shooter. (Well, in Syed Rizwan Farook\u2019s case, he\u2019s coughed up his last secret, but the FBI still wants to analyze the contents of his phone.)\nNow, keys are generated by something called a key server, and for companies engaged in producing products with end-to-end encryption, the main question is whether to keep the private keys centrally or not. There are reasons to do both. And a vendor can choose to do either.\nThe advantage of storing keys for customers is that when a user loses a key, the vendor can recover it, and old messages encrypted with that key become readable again. If the vendor doesn\u2019t keep keys, users who lose theirs are unable to read all their encrypted messages \u2014 forever and ever.\nBy design, vendors (like Apple) that choose not to keep keys on behalf of users are unable to decrypt their messages for them.\u00a0\u00a0\nBut where the keys are kept is a bit of a red herring. If a \u201cperson of interest\u201d has a private key, law enforcement can get it one way or the other. The real question is whether the Department of Justice (DOJ) or any random national entity elsewhere in the world can compel app makers to add some kind of backdoor to their products.\nEven with end-to-end encryption, the data has to be unencrypted on each end, at least briefly. \u00a0 When the recipient is reading a message it is by definition unencrypted in the memory of the device.\nFor example, in the case of WhatsApp, the DOJ could force Facebook to save off an unencrypted copy of each message sent to a person of interest whenever he or she reads it.\nAs a user, if you can\u2019t trust the code running on your endpoint, you\u2019re sunk. The crux of the legal point is whether or not the DOJ has the power to force app makers to make the endpoints untrustworthy.\nWho has the ultimate say about what a developer\u2019s code does? The developer, Apple, the FBI? If the developer doesn\u2019t have the final say, obviously it can\u2019t guarantee anything to the users.\nThe FBI\u2019s position that it needs to have the final say is fundamentally flawed, because once control is in a third party\u2019s hands, that control will be abused in ways that the original grantor of that power never envisioned. For example, to pick a particularly inflammatory scenario for law enforcement, a Chinese national could infiltrate the FBI and alter app code to save off copies of messages for the mother country.\nThe government narrative is always about how terrorists will use these capabilities, but obviously foreign nations are far more sophisticated and richer than terrorists \u2014 so who really is going to benefit in practice?\nCurrent encryption methods are absolutist, despite President Obama\u2019s wishes to the contrary. If you employ known methods properly, you ABSOLUTELY cannot decrypt the data without the key. Unbreakable encryption is a thing.\nIt is a simple matter for bad people to write encryption software and install it on programmable devices. They can find the code for the Advanced Encryption Standard (AES), written for any language, on the Internet in under a minute. An undergraduate-level programmer can easily create a functioning app that does basic AES encryption. So, ISIS needs just a single mediocre programmer \u2014 who is highly unlikely to give a copy of the master private key to law enforcement.\nTo the extent that governments prevent unfettered use of encryption in mainstream devices, bad people will just use Raspberry Pi\u2019s, or have custom devices made. Programmable devices capable of running strong ciphers and communicating over the Internet are now absurdly cheap.\nAbout the only thing government policy could do in a formal sense is to set a threshold of computing power required to decrypt. It could set a rule like \u201conly someone who can spend 10 million compute-hours can decrypt this" \u2014 thereby differentially allowing state actors \u2014 and no one else \u2014 access.\nOther than that, there is no way to weaken encryption in any way that allows either the app maker or the state to control who can break it and who can\u2019t. A cipher is either strong or it\u2019s not, and strength is measured in computing power required to crack it.\nThere is no way to weaken the guarantee of confidentiality without eliminating it completely.\nLimiting the use of cryptography would therefore only harm stupid and non-resourceful criminals, and regular people with something to hide \u2014 which is really everyone.\nTrying to legislate unbreakable encryption away is just spitting in the ocean. It\u2019s like trying to \u201cuninvent\u201d nuclear weapons. The only barrier to widespread adoption of nuclear weapons by maniacs is cost. With crypto, the cost is zero. It\u2019s built right into Intel chips these days.\nWhat we do know is that, because they\u2019re motivated, at least the maniacs will have strong crypto. \u00a0 Now, who else shall we allow to have it?