Cybersecurity, Privacy

It’s Common Sense: Any Encryption Solution Needs to Consider All Sides

Encryption is increasingly at the core of modern business operations and personal communications, underpinning financial transactions, critical infrastructure network security, personal text messages and emails, and sensitive military technologies. Yet, while hundreds of millions of global citizens depend on encryption for security and privacy, criminal actors take advantage of the technology to obscure their activity. This can create significant challenges for law enforcement investigators looking to protect their communities. How to uphold the security and privacy benefits of strong encryption while also empowering law enforcement agencies to keep us safe has become one of the more complex questions to arise in the digital age.

Today’s release of the National Academies of Science (NAS) report, Decrypting the Encryption Debate, represents one of the most important analytical examinations of this issue since the debate began, bringing together technical experts, law enforcement officials, academicians, and industry leaders to forge consensus around how to approach the encryption debate. BSA welcomes this report and the conscientious balance it brings to a complex and contentious issue. The report offers several important insights, including:

  • Security Trade-Offs. The report makes clear that there are far-reaching security implications on both sides of the issue. “One of the fundamental trade-offs,” it notes, “is that adding an exceptional access capability to encryption schemes necessarily weakens their security to some degree, while the absence of an exceptional access mechanism necessarily hampers government investigations.”
  • The Value of Encryption. The report illustrates the broad application and value of encryption across a wide range of tools, services, and industries that make encryption central to the modern digital economy. It also emphasizes that encryption is “intrinsically bound” with civil liberties and human rights. Any policy impacting the use of encryption must take care to recognize and protect these values.
  • An International Concern. “Decisions on encryption,” the report asserts, “will have critical consequences for international trade and the competitiveness of US companies whether or not the approaches and solutions are adopted worldwide.” The report notes that encryption is a global phenomenon; nearly two-thirds of all encryption products originate overseas. Any approach to encryption must take into account that global reality, coupled with the diffuse availability of applications, data, and devices that can move easily across borders. Moreover, as the report makes clear, US leadership is vital to ensure global responsibility in this important arena.
  • Toward Commonsense Solutions. While the report does not make specific recommendations for solutions, it undoubtedly points the way toward commonsense options for improving law enforcement access to digital evidence without undermining the security benefits of encryption. First, it makes clear that any mandatory access regime will weaken security, including that of sensitive data. The report demonstrates techniques that could defeat any conceivable technical approach to mandatory access. More importantly, it identifies several other fruitful options for consideration, including enhancing law enforcement capability with technical training and making better use of available unencrypted data. None of these options offers a silver bullet solution, but each is worthy of consideration as a way to improve law enforcement access without undermining the security and privacy benefits of encryption.

The report offers a valuable framework for examining policy alternatives in the encryption debate in a manner that ensures fulsome analysis and conscientious consideration of the trade-offs at work. As it notes, there are no easy answers. Yet, in light of the significance of these trade-offs, it is clear that the most constructive approach to this challenging debate will be the sustained collaboration of stakeholders across law enforcement, technical, academic, and business communities to find commonsense approaches that benefit all involved.

BSA released a primer on the importance of encryption and the need for a solution that takes all sides into account. Learn more at


New Irish Warrant Case Decision – Again – Points to Need for Congressional Action to Update ECPA

The importance of this week’s decision by the Second Circuit to deny rehearing in Microsoft’s Irish warrant case has less to do with the action in court and more to do with what happens next. Specifically, with what happens in Congress. Last July, a panel of the Second Circuit held that a warrant issued by … Read More >>

Cybersecurity, Privacy

A Positive Step in the Encryption Debate

The members of the House Encryption Working Group took on a seemingly impossible task this year when they set out to bridge the gap between the two sides of this noisy and difficult debate. That makes the result of their work – a series of balanced findings that summarizes their careful consideration of these issues … Read More >>

Cybersecurity, Data, Privacy

It’s Time to Move the Encryption Discussion Forward

The encryption discussion in Washington has been locked in a polarized stalemate for months — with loud voices on distant ends deeply dug in. Encryption is a complex issue that affects a range of global stakeholders, from governments to businesses to individuals. The ideal solution needs to consider all legitimate sides of the argument and … Read More >>

Data, Privacy

Privacy Shield Attracts Strong Company Support

BSA President & CEO Victoria Espinel penned the op-ed below that ran earlier today in The Hill. As she notes, today is the first day that companies can certify with the Commerce Department for the Privacy Shield. Why are data transfers across the Atlantic so important? Cloud computing services and data analytics increasingly depend on … Read More >>