Cybersecurity, Privacy

It’s Common Sense: Any Encryption Solution Needs to Consider All Sides

Encryption is increasingly at the core of modern business operations and personal communications, underpinning financial transactions, critical infrastructure network security, personal text messages and emails, and sensitive military technologies. Yet, while hundreds of millions of global citizens depend on encryption for security and privacy, criminal actors take advantage of the technology to obscure their activity. This can create significant challenges for law enforcement investigators looking to protect their communities. How to uphold the security and privacy benefits of strong encryption while also empowering law enforcement agencies to keep us safe has become one of the more complex questions to arise in the digital age.

Today’s release of the National Academies of Science (NAS) report, Decrypting the Encryption Debate, represents one of the most important analytical examinations of this issue since the debate began, bringing together technical experts, law enforcement officials, academicians, and industry leaders to forge consensus around how to approach the encryption debate. BSA welcomes this report and the conscientious balance it brings to a complex and contentious issue. The report offers several important insights, including:

  • Security Trade-Offs. The report makes clear that there are far-reaching security implications on both sides of the issue. “One of the fundamental trade-offs,” it notes, “is that adding an exceptional access capability to encryption schemes necessarily weakens their security to some degree, while the absence of an exceptional access mechanism necessarily hampers government investigations.”
  • The Value of Encryption. The report illustrates the broad application and value of encryption across a wide range of tools, services, and industries that make encryption central to the modern digital economy. It also emphasizes that encryption is “intrinsically bound” with civil liberties and human rights. Any policy impacting the use of encryption must take care to recognize and protect these values.
  • An International Concern. “Decisions on encryption,” the report asserts, “will have critical consequences for international trade and the competitiveness of US companies whether or not the approaches and solutions are adopted worldwide.” The report notes that encryption is a global phenomenon; nearly two-thirds of all encryption products originate overseas. Any approach to encryption must take into account that global reality, coupled with the diffuse availability of applications, data, and devices that can move easily across borders. Moreover, as the report makes clear, US leadership is vital to ensure global responsibility in this important arena.
  • Toward Commonsense Solutions. While the report does not make specific recommendations for solutions, it undoubtedly points the way toward commonsense options for improving law enforcement access to digital evidence without undermining the security benefits of encryption. First, it makes clear that any mandatory access regime will weaken security, including that of sensitive data. The report demonstrates techniques that could defeat any conceivable technical approach to mandatory access. More importantly, it identifies several other fruitful options for consideration, including enhancing law enforcement capability with technical training and making better use of available unencrypted data. None of these options offers a silver bullet solution, but each is worthy of consideration as a way to improve law enforcement access without undermining the security and privacy benefits of encryption.

The report offers a valuable framework for examining policy alternatives in the encryption debate in a manner that ensures fulsome analysis and conscientious consideration of the trade-offs at work. As it notes, there are no easy answers. Yet, in light of the significance of these trade-offs, it is clear that the most constructive approach to this challenging debate will be the sustained collaboration of stakeholders across law enforcement, technical, academic, and business communities to find commonsense approaches that benefit all involved.

BSA released a primer on the importance of encryption and the need for a solution that takes all sides into account. Learn more at

Cybersecurity, Data, Industry

Promoting Good Data Security Practices to Reduce the Risk of Data Breaches

Today, I testified about data security breaches before the House Financial Services Subcommittee on Financial Institutions and Consumer Credit. Prompted by a rash of high-profile data breaches, the hearing examined ways to reform current federal and state data security regulations to help close gaps and reduce vulnerabilities. The hearing was also an opportunity to discuss … Read More >>

Data, Industry, Intellectual Property

Software Policy Priorities Look to the Future

The start of the new year gives us all a valuable opportunity to think ahead, and that includes Congress.  What can be accomplished?  What impact can be made now to have a lasting impact for years to come?  As every sector of the economy, and businesses of all sizes, increasingly use software in nearly everything … Read More >>


Artificial Intelligence: How Can We Better Prepare for the Future?

Yesterday, I testified about artificial intelligence (AI) before the Senate Commerce Subcommittee on Communications, Technology, Innovation, and the Internet. The hearing examined the benefits and challenges of AI in today’s digital economy, how to build trust in AI systems, and steps the US government can take to remain a leader in AI. I focused on … Read More >>

Cloud Computing, Cybersecurity, Data

How Today’s Cybersecurity Practices are Like the Railroads of the Civil War

** This op-ed first appeared in Morning Consult on October 3, 2017.** Imagine you live in the Civil War-era United States and the railroad is your primary means of long-distance transportation. In those days, the railway gauge (or, the distance between the rails on the track) varied widely. There wasn’t just one accepted standard – … Read More >>