The US National Academies study
Decrypting the Encryption Debate: A Framework for Decision Makers states
Encryption protects information stored on smartphones, laptops, and other devices—in some cases by default. Encrypted communications are provided by widely used computing devices and services — such as smart-phones, laptops, and messaging applications — that are used by hundreds of millions of users. Individuals, organizations, and governments rely on encryption to counter threats from a wide range of actors, including unsophisticated and sophisticated criminals, foreign intelligence agencies, and repressive governments. Encryption on its own does not solve the challenge of providing effective security for data and systems, but it is an important tool.
At the same time, encryption is relied on by criminals to avoid investigation and prosecution, including criminals who may unknowingly benefit from default settings as well as those who deliberately use encryption. Thus, encryption complicates law enforcement and intelligence investigations. When communications are encrypted “end to end,” intercepted messages cannot be understood. When a smartphone is locked and encrypted, the contents cannot be read if the phone is seized by investigators.
Yet even while the use of encryption is increasing, so is the amount of unencrypted stored data and communications and metadata. This is a result of the growth in the use of smartphones, social networks, text messaging, and other computing and electronic communications over the past decade. The result of the rise in both the amount of data and the use of encryption is that as the amount of data increases rapidly, there is both more data than ever of relevance to investigations and more data than ever that is inaccessible to investigators.
With increasing use of encryption, often by default, law enforce- ment and some intelligence officials have increasingly called for a reliable and sufficiently rapid and scalable way to access plaintext—decrypted data and messages—so that they can protect the public and fulfill their public safety and national security missions. In particular, law enforce- ment officials point to
(1) the widespread and increasing use of encryp- tion by default in widely used products and services,
(2) the myriad national security threats posed by terrorist groups and foreign rivals, (3) the increasing importance of digital evidence as human activity and crime have become increasingly digital, and
(4) the limited effectiveness of alternative sources of digital evidence.
Critics have objected on a number of legal and practical grounds, arguing that regulations to ensure government access to plaintext likely would
(1) be ineffective,
(2) pose unacceptable risks to cybersecurity,
(3) pose unacceptable risks to privacy and civil liberties,
(4) disadvantage U.S. providers of products and services, and
(5) hamper innovation in encryption technologies.
In addition, critics argue that mandating means for ensuring government access to plaintext may be less necessary in light of the wider availability of data — and especially metadata —generally, and the alternative means currently available for government officials to obtain access to encrypted data.
There are a wide variety of legal and technical options available to governments that seek access to plaintext for law enforcement and intelligence investigations. These include the following:
• Take no legislative action to regulate the use of encryption,
• Provide law enforcement with additional resources to access plaintext,
• Enact legislation that requires that device vendors or service providers provide government access to plaintext without specifying the technical means of doing so, and
• Enact legislation requiring a particular technical approach.
These are discussed in detail in Chapter 5.
Some computer scientists have reacted with concern to renewed proposals to regulate the use of encryption, citing the security risks. Several attempts have also been made in recent years to develop technical mecha- nisms to provide the government with exceptional access to encrypted data on locked devices and to encrypted communications that would minimize these risks. Three were presented to the Committee on Law Enforcement and Intelligence Access to Plaintext Information during its
work (Box 5.1). The committee was not charged with reviewing specific proposals, but it did use these specific proposals to help develop and test its framework for evaluating suggested approaches.
The committee offers a framework (in the form of a set of questions) to ask about any path forward on encryption policy. The objective of this framework is not only to help policymakers determine whether a particular approach is optimal or desirable, but also to help ensure that any approach that policymakers might pursue is implemented in a way that maximizes its effectiveness while minimizing harmful side effects. The questions are as follows:
1. To what extent will the proposed approach be effective in permit- ting law enforcement and/or the intelligence community to access plain-text at or near the scale, timeliness, and reliability that proponents seek?
2. To what extent will the proposed approach affect the security of the type of data or device to which access would be required, as well as cybersecurity more broadly?
3. To what extent will the proposed approach affect the privacy, civil liberties, and human rights of targeted individuals and others?
4. To what extent will the proposed approach affect commerce, economic competitiveness, and innovation?
5. To what extent will financial costs be imposed by the proposed approach, and who will bear them?
6. To what extent is the proposed approach consistent with existing law and other government priorities?
7. To what extent will the international context affect the pro- posed approach, and what will be the impact of the proposed approach internationally?
8. To what extent will the proposed approach be subject to effective ongoing evaluation and oversight?
In addressing these questions, policymakers will have to contend with incomplete data about the impact of encryption on investigations as well as incomplete data about the deliberate use of encryption by criminals. It is also difficult to quantify key factors such as the additional security risks of adding exceptional access to encryption systems. There are also a number of cases where one can only speculate about future behaviors that have bearing on the implications of government regulation of encryption. These include the fraction of criminals that would use noncompliant, unbreakable encryption if the government were to require vendors to provide exceptional access and the fraction of foreign customers that would eschew U.S. products if exceptional access were required.
Policymakers will also have to contend with the trade-offs associated with encryption and government access that underlie these questions. One of the fundamental trade-offs is that adding an exceptional access capability to encryption schemes necessarily weakens their security to some degree, while the absence of an exceptional access mechanism necessarily hampers government investigations to some degree. How much security is reduced and whether the resulting level of security remains acceptable depend on the specific technical and operational details of the exceptional access mechanism and on the requirements and perspectives of users. The impact on society when an investigation is hindered or thwarted will depend on the scope and scale of the associated crime or national security threat.
There are no easy answers to and many uncertainties in responding to these questions. However, developing and debating answers to these questions will help illuminate the underlying issues and trade-offs and help inform the debate over government access to plaintext.