Tweet Cybersecurity, Privacy

It’s Common Sense: Any Encryption Solution Needs to Consider All Sides

Encryption is increasingly at the core of modern business operations and personal communications, underpinning financial transactions, critical infrastructure network security, personal text messages and emails, and sensitive military technologies. Yet, while hundreds of millions of global citizens depend on encryption for security and privacy, criminal actors take advantage of the technology to obscure their activity. This can create significant challenges for law enforcement investigators looking to protect their communities. How to uphold the security and privacy benefits of strong encryption while also empowering law enforcement agencies to keep us safe has become one of the more complex questions to arise in the digital age.

Today’s release of the National Academies of Science (NAS) report, Decrypting the Encryption Debate, represents one of the most important analytical examinations of this issue since the debate began, bringing together technical experts, law enforcement officials, academicians, and industry leaders to forge consensus around how to approach the encryption debate. BSA welcomes this report and the conscientious balance it brings to a complex and contentious issue. The report offers several important insights, including:

  • Security Trade-Offs. The report makes clear that there are far-reaching security implications on both sides of the issue. “One of the fundamental trade-offs,” it notes, “is that adding an exceptional access capability to encryption schemes necessarily weakens their security to some degree, while the absence of an exceptional access mechanism necessarily hampers government investigations.”
  • The Value of Encryption. The report illustrates the broad application and value of encryption across a wide range of tools, services, and industries that make encryption central to the modern digital economy. It also emphasizes that encryption is “intrinsically bound” with civil liberties and human rights. Any policy impacting the use of encryption must take care to recognize and protect these values.
  • An International Concern. “Decisions on encryption,” the report asserts, “will have critical consequences for international trade and the competitiveness of US companies whether or not the approaches and solutions are adopted worldwide.” The report notes that encryption is a global phenomenon; nearly two-thirds of all encryption products originate overseas. Any approach to encryption must take into account that global reality, coupled with the diffuse availability of applications, data, and devices that can move easily across borders. Moreover, as the report makes clear, US leadership is vital to ensure global responsibility in this important arena.
  • Toward Commonsense Solutions. While the report does not make specific recommendations for solutions, it undoubtedly points the way toward commonsense options for improving law enforcement access to digital evidence without undermining the security benefits of encryption. First, it makes clear that any mandatory access regime will weaken security, including that of sensitive data. The report demonstrates techniques that could defeat any conceivable technical approach to mandatory access. More importantly, it identifies several other fruitful options for consideration, including enhancing law enforcement capability with technical training and making better use of available unencrypted data. None of these options offers a silver bullet solution, but each is worthy of consideration as a way to improve law enforcement access without undermining the security and privacy benefits of encryption.

The report offers a valuable framework for examining policy alternatives in the encryption debate in a manner that ensures fulsome analysis and conscientious consideration of the trade-offs at work. As it notes, there are no easy answers. Yet, in light of the significance of these trade-offs, it is clear that the most constructive approach to this challenging debate will be the sustained collaboration of stakeholders across law enforcement, technical, academic, and business communities to find commonsense approaches that benefit all involved.

BSA released a primer on the importance of encryption and the need for a solution that takes all sides into account. Learn more at www.bsa.org/encryptionmatters.

Author:

Tommy Ross serves as Senior Director, Policy with BSA | The Software Alliance. In this role, he works with BSA members to develop and advance global policy positions on a range of key issues, with a focus on cybersecurity, privacy, and market access barriers.

Prior to joining BSA, Ross served as the Deputy Assistant Secretary of Defense for Security Cooperation. He was the Senior Advisor for Intelligence and Defense to Senate Majority Leader Harry Reid, the Legislative Director for U.S. Representative David Price, and a research assistant for Senate Majority Leader Tom Daschle.

Ross is a graduate of Davidson College in North Carolina and Union Theological Seminary in New York. He is based in BSA’s Washington, DC, office.

Leave a Reply

Your email address will not be published. Required fields are marked *

ten + ten =