There’s been a flurry of encryption news over the past few months. In February, the National Academies released a report that discussed early-stage research into the design of secure cryptographic systems that would nevertheless allow the government access under certain circumstances (what we’ll call third-party-access systems).
Steven Levy, who wrote the definitive history of the first crypto war, published a long Wired article providing more detail on one such third-party-access system currently being developed by Ray Ozzie, former chief technical officer at Microsoft. The security-research community has reacted negatively, pointing out flaws in Ozzie’s proposal and generally downplaying the significance of the research described in the National Academies report, emphasizing, as Susan Landau did in April on Lawfare, that the research is preliminary and “more akin to sketches than a system architecture.” Speaking through a trade group, the major technology companies also criticized “new proposals to engineer vulnerabilities into devices and services” as a way to provide law-enforcement access to encrypted data.
Meanwhile, there are signs that multiple branches of the government are re-seizing themselves of the encryption issue. The Justice Department and the FBI are reaching out to security researchers who are working on designing third-party access systems, several members of the Senate Judiciary Committee are reportedly working on legislation that would regulate encryption in light of law enforcement’s need for access to encrypted data, and, on the other side of the debate, a bipartisan group in the House of Representatives has proposed a sweeping bill that would ban the government from forcing any company to redesign its systems to facilitate surveillance (more on that below).
Against this backdrop, it’s useful to consider what useful, short-term steps the government, and in particular Congress, could take to advance the important and difficult debate around law-enforcement access to encrypted data. (Although our proposals could be at least partially carried out by the executive branch, we, like many other commentators on this issue, think Congress has a special role to play, since it has ultimate control over the government’s spending and regulatory authority.
Thus, for example, Landau has previously argued that Congress should increase funding to improve law enforcement’s technical capabilities.) Our proposals are organized around what we see as the two main impediments to a healthy policy debate on the issue: (1) a lack of precise specifications as to the problem to be solved and how to solve it, and (2) the toxic relationship between the technology community and the government’s law enforcement and foreign intelligence agencies. How Congress can help generate knowledge Congress could do much to help generate the answers we need. Read more from lawfareblog.com…
thumbnail courtesy of lawfareblog.com