A Lesson from the College Admissions Scandal for the Encryption Debate

Last Tuesday, the U.S. attorney’s office in Massachusetts announced charges against dozens of parents, college sports coaches and test-prep teachers with in a scheme to win admission to big name universities including Georgetown, Yale and Stanford. Of particular interest for this blog posting is the following excerpt from one of the charging documents. (Bruce Isackson is one of the individuals named as defendants, Davina is his wife, also named as a defendant; CW-1 is a cooperating witness.)

BRUCE ISACKSON [said]: “You know, I am so paranoid about this f***ing thing you were talking about. I don’t like talking about it on the phone, you know.” Later in the meeting, BRUCE ISACKSON noted: “I’m so paranoid about Davina, I go, ‘I really don’t want you talking on the phone to [CW-1] about this.’ You know, I’m thinkin’, you know, are they—I mean, I can’t imagine they’d go to the trouble of tapping my phone—but would they tap someone like your phones?”

Prosecutors often report that it is very common to hear on a wiretapped phone conversation is “This call is probably being tapped, but….”

The Isackson excerpt has lessons for one aspect of the encryption debate. Opponents of exceptional access (or back-doors, as some prefer) to encrypted communications often argue that smart criminals and other ne’er-do-wells will merely turn to other channels that do not provide exceptional access mechanisms for law enforcement. Only the stupid criminals, they argue, will be caught by these mechanisms—hardly a worthwhile tradeoff for the enormous economic and societal costs they argue would be entailed by requiring those mechanisms.

As president of a successful commercial real estate company in Woodside, California, Bruce Isackson is hardly a poster child for someone stupid. But he himself acknowledged the risks of talking on the telephone and went on to make statements that prosecutors thought were incriminating anyway. Why? No doubt for the same reasons that many smart and tech-savvy people make dumb personal security decisions: convenience.

In part, the law enforcement argument for requiring exceptional access to encrypted devices is based on the idea that if it is more convenient for criminals, smart and stupid alike, to use devices that are accessible to law enforcement than to find other devices without exceptional access, then they will more often do the former than the latter. Whatever else one thinks of the overall law enforcement argument, it’s pretty clear to me, including for the reason the Isackson excerpt illustrates, that law enforcement is right on this particular point even if other aspects of their argument aren’t quite as firm.