Cyber Brief: The Encryption Debate
35+ YEARS OF FREEDOM OF INFORMATION ACTION
The encryption debate pitting concerns of privacy and civil rights against concerns of law enforcement and national security has grown in significance in recent years. Today’s posting provides a series of reports and articles on current encryption concerns, followed by Congressional testimony from the Clinton-Era to the present.
Reports and Articles
This document outlines challenges to law enforcement that arise from rapidly evolving encryption techniques and risk outpacing the law enforcement community's decryption capabilities.
This report examines challenges presented by smartphone encryption to the investigative capabilities of law enforcement agencies.
The catalyst of this study were the 2015 terrorist attacks in Paris and San Bernardino and the ensuing debate of the possible role of encryption in facilitating such attacks. The study contains five chapters, which address: encryption, security, and the modern economy; encryption, public safety, and law enforcement; encryption in assorted foreign nations and the United States; the absence of simple solutions; and the need for a national dialogue.
Congressional Research Service, Encryption: Selected Legal Issues, March 3, 2016. Unclassified.
This report explores the legal implications of encryption including compelled decryption as it relates to the right against self-incrimination and compelled assistance.
Source: The CTC Sentinel
In this article Robert Graham gives an overview of encryption technology before explaining the methods and tactics terror groups use to securely communicate and maintain information.
This report discusses the technology of encryption, the use of encryption, and concludes with a policy discussion. Among the issues discussed are gains and losses from encryption, Fourth and Fifth Amendment implications, and trade-offs with regard to information security and national security.
Source: Manhattan District Attorney
This report provides an update to previous work examining challenges presented by smartphone encryption to the investigative capabilities of law enforcement agencies.
Source: ENISA
This paper provides an overview of encryption related to privacy and personal security balanced against the requirements of Security Services and concludes that while Security Service concerns are legitimate, encryption technology will likely persist among criminals. The paper also concludes that “back doors” and weakened encryption are likely to be leveraged by criminals as well as Security Services.
This report from the committee's joint working group on encryption contains four observations (including that "any measure that reduces encryption works against the national interest") and a discussion of next steps (including with respect to law enforcement requests for information and metadata analysis).
This paper discusses the evolution of law enforcement exploiting vulnerabilities, the vulnerabilities equities process, data on retaining and disclosing vulnerabilities, the use of known vulnerabilities, data issues, and policy issues.
Source: Manhattan District Attorney
This report provides an update to previous work examining challenges presented by smartphone encryption to the investigative capabilities of law enforcement agencies.
Legislative Debate
Early Debate
This testimony represents an earlier round in the debate over encryption and law enforcement, in which the author challenges government and law enforcement arguments on the subject and asserts that "U.S. encryption policy fails to recognize the needs of users and the changes brought on by the Internet Age."
In his testimony, the FBI director asserts that there exists a "serious threat to public safety posed by the proliferation and use of robust encryption products that do not allow for timely law enforcement access and decryption."
This testimony provides a look into the mid-1990s encryption debate leading up to the Clinton Administration consideration of encryption policies balancing privacy, commerce, and security.
This testimony provides an update to Under Secretary Reinsch’s July 1996 testimony and reflects the Clinton Administration’s decisions on encryption.
In this statement, the NSA's deputy director comments on legislation that was pending with regard to the relaxation of export controls concerning encryption technology, and discusses NSA's role in developing the Clinton administration's encryption policy.
SAFE Act
This testimony provides a look into the mid-1990s encryption debate as Congress considered the Security and Freedom Through Encryption Act.
In this testimony Marc Rotenberg voices EPIC’s support for the SAFE Act while expressing concern over section 2805 which would criminalize the use of encryption in the commission of a criminal offense.
In this testimony Jerry Berman criticizes US encryption policy, characterizes law enforcement arguments as “eroding”, and argues the Congress has the best chance of enacting CDT’s recommendation of liberalizing the export controls in the SAFE Act.
In this testimony Philip R. Karn Jr. describes his experience in litigating the status of a book that included encryption coding. The government argued that the code was a “dangerous weapon” while the author, and Karn’s testimony, argue that it is speech protected under the First Amendment. Karn extends this argument and argues that regulating encryption software is then a First Amendment violation.
In this testimony Thomas R. Morehouse voices support for the SAFE Act and argues that criminalizing the use of encryption for criminal activities is preferable to implementing export controls which would do little to “put the Genie back into the bottle” with regards to the proliferation of encryption technology.
In this testimony Johnathan Seybold opposes the Clinton Administration’s policy of allowing the export of encryption only if the US Government is given the decryption key on grounds of economic competition, consumer security, and privacy rights. Seybold argues that the SAFE Act, with some modifications, would address concerns held by PGP.
In this testimony Roberta Katz voices criticism of the Clinton Administration’s policies and gives support to the SAFE Act.
In this testimony Ira Rubinstein criticizes export controls for regulating encryption technology and supports the SAFE Act as a preferable alternative.
In this testimony Phyllis Schlafly voices concerns that regulation of encryption erodes First Amendment rights and argues against the SAFE Act provision criminalizing use of encryption in furtherance of a crime.
Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives
Source: House Energy and Commerce Committee
In this testimony Captain Charles Cohen explains the impact of encryption technologies on investigations into internet crimes against children.
Source: House Energy and Commerce Committee
In this testimony Thomas P Galati explains cases of “going dark” in which law enforcement is unable to access evidence due to encryption despite having the legal ability to do so.
Source: House Energy and Commerce Committee
In this testimony Amy Hess explains the FBI’s perspective on the encryption debate and the need to balance privacy against maintaining investigative capabilities.
Source: House Energy and Commerce Committee
In this written testimony, Sheriff Ron Hickman explains the impact of encryption on a selection of Houston-area law enforcement investigations.
Source: House Energy and Commerce Committee
In this testimony Bruce Sewell argues against the introduction of “back doors” in encrypted communication applications and devices.
Source: House Energy and Commerce Committee
In this testimony Daniel J Weitzner examines points of nuance in the encryption debate and argues against any “one size fits all” solutions.